Dual Standards for Account Encryption

I think everyone who was at least a little interested in information security, and just periodically reads about events in the IT sphere, met the news that another company or Internet service was hacked, and they had stolen user accounts, which usually include email addresses, passwords , credit card numbers, what is your pet's name and much more (you don’t need to go far for an example; in October of this year, Adobe " shared " the base with 130-150 million accounts). And it’s also good if the service took care of hashing the passwords even without using salt, in that case you can hope that if the attackers choose to use the stolen ones, they will have to make some efforts to do this.

But for quite a long time I was surprised by something else - why in most cases only passwords are hashed, why is such disregard for other important user data, such as email addresses or credit card numbers?

This article does not claim to be a discovery in the field of security and is likely to contain inaccuracies and conjectures. It’s more like thinking out loud about the problem of data protection and the cases of their leakage.

For simplicity, we will assume that the site owner shares the user's opinion that his personal data are personal information and should not be used or transmitted to anyone without his consent and knowledge (in other words, cases when intentional data transfer occurs on the side "at the request of some organizations, not considered). As a rule, the account database is either completely stored in clear form (which, fortunately, is gradually becoming a thing of the past, albeit extremely slowly), or encrypts only a small part of it (most often, only by hashing passwords). In case of loss of the database, if the hackers have a problem with using the data, then these are passwords, but everything else will most likely be served on a platter, take it and use it.
')
What does it threaten with? First of all, the most banal thing that can be done is to use the base of electronic addresses, the spammers will be satisfied. The second, although much less common, credit card numbers can flow into the hands of skimmers. It is possible that the card numbers themselves are not very useful, but if you have not forgotten, the accounts are often encrypted only in fragments, often leaving some important data, like names and dates of birth, open, and in some cases it will be enough for them cards were very relevant. And finally, the third - just personal data can be used against you in social engineering (although it is somewhat strange to worry about this kind of loss in the light of the existence of social networks), and how else can you use our data against us?

As you can see, there are problems, and they are relevant. The indifference of the owner of the service can cause serious damage to both its users, if he has not bothered about the reliability of the service from hacking and data loss, as well as to himself, having lost the confidence of the current and future audience. What, then, can we try to offer on cases where the data will one day be stolen?

1) The most simple and logical, hash passwords. Password protection can reduce the risk to the user if he uses the same passwords for different services. Sadly, even now this banal precautionary measure is not used in many places. Also, do not hesitate to use salt.

2) We also encrypt data that is not used by the service for its intended purpose or can be encrypted without reducing the efficiency of the service. What can be offered at once is the hashing of email addresses and responses to secret passwords, or other data that is used only during authorization and similar operations. Usually there is no need to store this data in the clear, if they are used only once when entering the system. Although this approach has a reverse side, the service will not be able to send you letters if it wants to, but in some cases there is no such need, and e-mail is used only for account validation.

3) Finally, the most paranoid approach, with the exception of the option of simply not using this service. Everything (or almost everything, depends on the specific situation and service) user data is encrypted, and the user's password is used to decrypt them, that is, the standard practice of public and private keys. This, of course, creates an additional load on the service, and is also not always an option (the same social networks, data encryption simply will not allow other users to see them), but in cases where the data is important, it is a small security charge.

As time goes by, the problems of data security and surveillance are becoming more acute with each passing day, and it’s hard to imagine what the loss of your personal data could be like tomorrow, if you don’t worry about it today. Already, we can already observe how a person’s carelessness with regard to his data can be costly for him if he does not attach importance to seemingly trivial things. What do you think about this?