4 Security Lessons from the Great Bitcoin Bug
No 21st century business ever asks to take a second thought before trusting them with your personal data. Be it the most common one – swiping of a card at a local convenience store or that social media app you always find yourself on, using software that could potentially compromise your information is the norm, not the exception.
In this century, it is most likely for us to go insane if we worried about every single transaction that could lead to identity theft or a depleted bank account. So instead, we put our trust in the technical leadership of brands to avoid these tragedies on our behalf. Most of the time, there’s nothing to worry about. But very likely it can be inevitable.
Mt.Gox, the world’s largest Bitcoin (digital currency) exchange, recently lost track of 740,000 Bitcoins, resulting in a projected $350 million dollar loss after hackers allegedly planted a bug into the system. Here’s the scoop:
“In its recent announcement, Mt. Gox said that a bug in the Bitcoin software made it possible for someone to use the Bitcoin network to alter transaction details to make it appear that a Bitcoin transfer had not taken place when, in fact, it had.”
Mt.Gox reportedly handled about 80% of the world digital currency! Trading and withdrawals were halted, and users returned to a blank page on their website, and the ‘cryptocurrency’ industry is now dealing with a major blow to its validity. There are lessons to be learned from this heist into the Bitcoin network, both for software developers and for consumers alike. Here are four, in no particular order:
If a system is liable to hacking, it will be hacked. Someone will always try to get their hands on secured information. Whether it’s simply stealing of credit card numbers directly or the selling of emails and passwords on the internet. Hacking is not just a theft but a criminal business. So stealing Bitcoins (a currency stored in virtual wallets and not backed by any country’s currency) and exchanging them for another currency? It’s an internet thief’s dream come true. The same holds true for any other companies; If there is sensitive data is stored, it’s only a matter of time before someone goes looking for it.
Security is a never-ending battle. In fact, it’s an arms race. Do you think your security software is impervious? Trust us, it won’t be for long. For any software to be secure, it has to be dynamic, ever-evolving and the process to be never ending. And this is not enough because as the software is improving, the hackers too are with their own techniques. But you still can be on the upper hand only if you know your game that well to keep changing the rules or altering the tactics now and then.
Response matters. Don’t leave your users in the dark. Users found out the hard way that their accounts were gone when Mt.Gox trading was suspended and a few hours later they went to the website to find it returning a blank page. Posts were removed from the Mt.Gox Twitter feed. Users were unsure if they would be reimbursed. No official statement had been released about the Bitcoin heist until several days after the fact. Some speculate that lost Bitcoins went undetected for years. Whether that’s true or not has yet to be determined, but we can lay down the fact that more the company delays to address the problem, the more rumours run amongst users and the quicker faith vanishes.
Don’t get fooled again. There’s no excuse for letting the same security breach happen twice by the hackers or any other outsider/stranger. Accepted, fixing this particular bug won’t help these users get their money back, but if a business experiences a breach – and it’s not enough to take down the entire operation – then their users can be confident knowing their data is secure going forward. A security breach isn’t the end of the world in most cases, but if the same bug happens twice, it might be the end of your business. Be cautious!
Keeping customer information private is a top priority for many companies. Unfortunately, there are multitudes of ways your app’s security can fail, and it’s almost impossible to keep up with them all. That’s why it’s critical to test your app’s security with seasoned security pros.
image credit: marketingprofs.com