How the largest data breach in history can be avoided by blockchain
We recently learned about a serious security issue, which went largely unnoticed in the media. It appears that over a lengthy timespan someone (or a group) managed to gain access to about 770 Million E-Mail addresses and passwords, which were used for login onto various sites and services.
Passwords are normally stored in an encrypted form on a server, but if you have enough time and computing power to crack them, there is nothing more simple than that. Most users are too lazy to change their passwords, and so the villains have plenty of time to do their dirty job and exploit the information. Not only the fact that 770 Million stolen records was published, no, the entire database was made public. There are even sites, that allow you to enter your E-Mail address and check if your emails are among them.
After having read the article, I entered one E-Mail address of the many I’m using, then another one. Then when I wanted to try a third one, I stopped. Wait a moment! Have you heard of a honeypot? That’s when someone puts desirable information or a juicy piece of data somewhere and allows you to use it for free. In fact it’s not free. It’s a trap. You use it and open your gates to the attacker!
There is nothing more “honey-potty” than a site that makes you panic first, because they tell you you might have been compromised. Then you can check yourself if that’s the case. What I almost did was entering ALL my E-Mail addresses, giving someone a much more precious information:
a) The addresses, which are still alive
b) The connection between various addresses
c) The IP
d) And — based on some real-name addresses — my real name
Awkward. And I was willing to do it until the rational part of my brain kicked in.
Such a case is brilliant for blockchain. Centralization allows people to gain power over others by offering data or data search facilities, that are otherwise not accessible to the regular Joe average. Blockchain changes that. A blockchain is nothing else than a database, distributed across the globe and fitted with tools to read and write from it, and make sure that it’s in a state, we call “consensus”. The data is the same all across the globe.
What if that data (okay, 770 Mil records are a lot, but not unmanageable for today’s technology) was written to a public blockchain instead of kept in a local data store? Then people could read from it without the help of a third party. Furthermore, all E-Mail addresses in that database are now with some certainty tainted anyway, because they are public now. That does not have to be. What you can do instead is to “hash” the data. Example: “email@example.com” is turned into “4da468ead707d86f5766094871c27e718469f0ff2054d61bf738599d5a0a8e80affcb7b90caeb2a69faf4197d497ea1ef5580c5dabd1e7e965b94603491aef1d” with the SHA3 hashing algorithm. Not the plaintext data is stored, but the hash of it. That blockchain application would never expose the plaintext data.
One party telling the word about the breach would hash the record and put the hash into the blockchain. I would hash my E-Mail address and check if that hash already exists. If yes, I’ve been compromised. But nobody in the world, except the one who originally put the data in would know.
Apart from the obvious fact that no third party would be able to abuse the information item a) to item d) above for its own purposes, this solution has even another advantage. Storing it decentrally can not be easily attacked by any other party. And there is no advantage gained from an attack to the original publisher. A centralized solution in contrast, even if it employed the hashing method instead of revealing plaintext data would still be an interesting hacking target. Because it certainly stores the plaintext data somewhere, right. In a blockchain this can be ruled out, and there is no link (other than the blockchain address, which is per se anonymous) to the original publisher.
That’s the power of decentralized technology!
This article is brought to you by @Johannes Schweifer, CEO of CoreLedger.
As a prominent blockchain infrastructure provider, CoreLedger is making blockchain technology simple for businesses to use. With CoreLedger’s offerings, clients can readily tokenize their offerings with fast-to-implement resources that will allow them to modernize their services. Thanks to our in-house developed software solutions and experienced blockchain specialists, CoreLedger is ready to help you make your next move with blockchain technology.