Slacking on encryption will always come back to bite you. That’s the lesson we’ve seen over and over the past few years. This week’s hack was brought to you by Hipchat (4/24/2017), Atlassian’s popular messaging app. The compromised likely contained user account information, “private” messages, content and metadata.
Are you surprised? Whatever security best practices companies, governments, and institutions around the world are using they plainly aren’t working. Take a look at Vigilante.pw if you need proof: hacks and data breaches are increasing.*
While high-tech security companies may tell you that detection is the best method, we say that encryption is the answer. The one bright spot in some of these hacks is that user passwords were protected with bcrypt, so the accounts weren’t completely compromised. But is that good enough? Is it enough to say “at least they didn’t get everything!”, change your password, and hope it won’t happen again?
TRUST NO ONE
For over 10 years, SpiderOak has advocated for end-to-end encryption. All user data in all of our products is encrypted before it leaves the devices, so it’s secure in-transit and at-rest. This means there’s nothing but encrypted data blocks (long strings of nonsense numbers and letters to you and me) on our servers. Even more importantly, only our users have the keys that can decrypt their data. You don’t need to trust us and you don’t need to worry that your information will be compromised. We call this No Knowledge.
YOUR BUSINESS IS YOUR BUSINESS
Semaphor is a messaging platform for teams and businesses, built with this kind of design. Slack (who has also been hacked!) and Hipchat let you message your team and share files, but Semaphor gives the same features within a No Knowledge framework. With Semaphor, there are no chat transcripts to be had if we get hacked.
Get smart about encryption and don’t slack on privacy. It’s the lesson we’re going to keep seeing more and more in the years to come. Luckily there are alternatives like Semaphor that can protect you and your company so you never have to worry about a hack like both Hipchat and Slack have experienced.