In mid-April and again in early May, breaches of Sony gaming networks exposed well over 77 million customer records. While Sony claims credit card information was probably not affected, at a minimum the attacks still leave customers at higher risk of phishing and other social engineering attacks. Adding insult to injury, a subsequent password reset flaw was introduced when the Sony gaming networks were brought back online, increasing the risk. At a minimum, the Sony passowrd reset flaw could have led to the compromise of the online gaming account. And if the password had been used elsewhere, those accounts would also be at risk.
On June 2, 2011, sonypictures.com was compromised. Personal details of around 37,500 Sony customers were stolen and posted online. These customers are also now at increased risk of phishing and other social engineering attacks. Usernames and passwords were also stolen - victim customer that re-use their password in multiple places may now face compromise of other accounts.
The Sony attacks fell on the heals of a late-March customer breach at email marketing firm Epsilon. And while you may think that couldn't possibly impact you - after all, you've probably never heard of Epsilon - you'd better think again. Epsilon handled the email marketing for many Fortune 1000 companies with which you probably did do business. Epsilon customers included big names like JPMorgan Chase, Kroger, Capital One, Walgreens, Tivo, Marriott, Barclays, Best Buy and dozens of other big name companies.
In short, that means your name and email address were probably exposed by the Epsilon breach, which now puts you at even greater risk of phishing. And since the email addresses can be associated with specific companies, attackers can target their intended victims and make the scam appear all the more believable.
Also reported in the first half of 2011, a malware infection at EMC-subsidiary RSA led to the theft of intellectual property related to RSA SecureID. The exposure of this two-factor authentication subsequently led to a second breach - this time at defense contractor Lockheed Martin.
While the RSA/Lockheed breaches may have serious implications for national security, there's little the average consumer can do to protect themselves. However, for those breaches that do involve average consumers (such as the multiple Sony breaches and the Epsilon breach), there are things you can do to proactively protect yourself. Here's how.