Categories
Uncategorized

ParkMobile Breach

Tech News from Helpful Dave!

Hello, once again it’s time for Tech News from Helpful Dave!

Do you use an ParkMobile to pay your parking meter in Bloomfield? They were recently the victim of a breach and your data was possibly leaked. Are your passwords safe? We’ll talk about that in this update!

Our Tech Terms for this week are:

Hash and Salt: Sound delicious, but they are actually about passwords! Just like any good dish you cook up make sure companies are adding salt to your passwords!

RAINBOW Table: Not just for show, it’s used to steal your password!

—Now onto the news—

ParkMobile data was breached last month and they released a statement that reads:

“Our investigation concluded that encrypted passwords, but not the encryption keys needed to read them, were accessed. While we protect user passwords by encrypting them with advanced hashing and salting technologies, as an added precaution, users may consider changing their passwords in the “Settings” section of [your account].”

So why, if your password was protected against with hashing and salting, do they still recommend you change your password? That’s because these techniques, just like any sort of protection, are not completely foolproof.

Originally a lot of companies stored passwords in plain text format. This means that if your password was “ilovebloomfield” it was stored just like that in the database. So, if someone managed to hack into a company that you had a username and password with, and get that database, they’ve got your password.

So, companies started to modify your password by hashing it. To explain it easily, it’s like taking your password and applying some math to it to change it.

For example: if your password was ilovebloomfield, after we apply hashing your password becomes d53154d85e1907918d923642d039015a.

Companies store the hash instead of your password. That way if the company every gets hacked and the password database stolen, they don’t have your password.

However, as some of you may have figured out, if I know what ilovebloomfield looks like after its hashed, can’t I just figure out what everything else is as well? The answer is yes! Hackers eventually came up with that idea and its commonly referred to as a Rainbow Table (sounds fun but it’s not). The idea is to make a huge table consisting common hashing techniques and common passwords like password1234, letmein, and ilovebloomfield (of course). Then they could just compare the database they stole to their table and figure out everyone’s password.

Now to a lot of people’s favorite parts, favored by chefs, people who love pretzels, and sophisticated cybersecurity experts, SALT.

Adding a Salt to your password is just another extra flavor that helps keep your password safe. It adds a bit more randomness by adding some extra characters to your password. This thwarts many of the common and faster attack techniques. However just like any good cook you have to keep your salt somewhere close by.

The Salt here is created by the company so they need to keep the formula for it somewhere close by so when you try to login the company can look at the Salt as well to make sure your password matches.

Realistically, Hashing and Salting your passwords, just like any form of security, is only as good as the company doing it. These techniques are really to buy time for you to change your password while the hackers are decrypting that stolen database.

Our Recommendation:

We strongly recommend you use a different password for every website and app based two factor authentication.

Managing a lot of different passwords can be a hassle so we recommend our clients use LastPass to help them manage all of their passwords in one place.

Check out LastPass here:

https://lastpass.wo8g.net/mmnzX – This is an affiliate link, if you sign up using this link we receive a commission.

—Working from Home? Learning from Home? We can help remotely as well!—

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave