Nissan says hackers stole user IDs, hashed passwords
- 26 April, 2012 11:37
Nissan said it found malicious software on its network that stole employee user IDs and hashed passwords, but said no personal information or e-mails appeared to have been compromised.
The car company released a statement on April 20, one week after the intrusion was detected. Jeff Kuhlman, Nissan's head of global communications, said on Thursday that Nissan delayed disclosing the breach sooner in order to cleanse its network of the malicious software and prevent tipping off the hackers.
"We are working with security software specialists and making sure that all the doors are closed and that going forward we have the most secure system we can have," Kuhlman said.
Nissan said in a statement that the malware accessed a data store that held employee user account credentials. Kuhlman said the company is not sure what information the hackers were after.
"As a result of our swift and deliberate actions we believe that our systems are secure and that no customer, employee or program data has been compromised," according to the statement.
Nissan said it would "continue to vigilantly maintain our protection and detection systems and related countermeasures to keep ahead of emerging threats."
Storing hashed passwords rather than passwords in clear text is considered a good security practice. A hash is a cryptographic representation of a password, but the hash can be converted back to the original password using modest computing power and password cracking programs.
The shorter and less complicated the password, such as those without capital letters and numbers, the faster it can be decoded.
Send news tips and comments to firstname.lastname@example.org
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Software Defined Protection - The Enterprise Security Blueprint
- Phishing 2.0 - Why phishing is back as the No. 1 web threat, and how web security can protect your company
- Alcatel-Lucent Enterprise Optimizing Cloud Infrastructure with Citrix CloudBridge
- Maximise the Advantages of Desktop Virtualisation For Business Growth
- IDC Insight: Cluster Servers in VMware Environments
- Some Australian businesses 'unlikely' to be ready for Privacy Act changes: survey
- BYOA 'shadow IT' grows in the enterprise: Telsyte
- Cost of a Privacy Act breach could extend to ongoing audits: legal expert
- How Hunter Water is saving $50k a year in software licences
- Audit agency does BYOD with BlackBerry
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Keeping up with an Increasingly Sophisticated Threat Environment
Relying on traditional signature based Anti Virus alone is simply not sufficient to prevent today’s onslaught of new, sophisticated and advanced malware. This whitepaper describes in detail, some trends and statistics on the malware detection, it then introduces a multi-vector approach to accurately detect malware in the IT environment, and verify that existing anti malware already deployed are functioning optimally.
Pathways Advanced ICT Leadership Development Program Course Outline and Big 6 2013
Developed by the CIO executive Council in conjunction with Rob Livingstone Advisory, Pathways Advanced is a 12-month CIO delivered, small group, mentor based professional leadership development program. Pathways Advanced brings together best practice, thought leadership and business insights for today’s most promising ICT professionals
Case Study: The True Value of Conference Calling
In a study by the University of Bradford study, we look at the benefits of a strong telepresence and how organisations can become faster, more focused and environmentally responsible. Click to download!