Every week we hear about the latest website to get hacked, and hackers getting access to another database with consumers’ personal data inside.
Just in the last weeks there have been numerous reports of hacking, including stealing the medical records of 290,000 patients of the “Mor Medical Institute,” and releasing data of 1 million subscribers of a popular dating app.
All of this information was taken from databases containing private and sensitive information, which were stored in the website in an insecure manner.
The hackers allegedly gained access to the IIS server (Microsoft’s Internet Information Services) by hacking the hosting company, so they got access to all hosted websites. Then they reached out to the code as well as the databases, got all the passwords – which were exposed without hashing (e.g. as a clear text), so they could gain access to all information in the databases.
There is a simple solution that could have prevented this
One way to solve this, a solution that has already become very strong and solid, is to use the Akeyless Vault for Secrets Management.
This is a popular product, and there is even a free edition that is often sufficient to start with, while building the solution does not take too long.
Using Akeyless Vault for Secrets Management allows you to:
- Prevent entering the database’s username and password to your code – which prevents access to the database even if someone gets access to the code.
- Encryption mechanism without knowing the key – i.e . When you want to encrypt information before it goes into the database, you can use Vault in a manner so that the application isn’t familiar with the encryption key – then the information inside the database is useless for hackers, and even if they get access to the code – they do not know the encryption key!
This would prevent access to the data itself even if hackers could reach the database, which in fact prevents the hackers from accessing the important and sensitive information they were trying to obtain.
We (ALM-Toolbox) are the official representative of Akeyless worldwide, and we offer end-to-end solutions for Vault.
We can inspect your current system, plan a solution that fits your needs and quickly implement it.
We also provide subscription licenses, Vault training and secure development training.
For more details contact us: firstname.lastname@example.org or +972-722-405-222 / 866-503-1471 (USA & Canada)