Modernizing Authentication — What It Takes to Transform Secure Access
Paris Hilton's phone numbers continued to be the hot search item on the Web Tuesday, as surfers hoped to get the phone numbers of dozens of Hollywood celebrities whose contact information was leaked courtesy of the socialite's hacked T-Mobile Sidekick II device.
The nature of the hack of Hilton's Sidekick II is currently under investigation, though T-Mobile said in a widely published statement that one of the possibilities was someone may have known Hilton's password.
"T-Mobile's computer forensics and security team is actively investigating to determine how Ms. Hilton's information was obtained," the T-Mobile statement said. "This includes the possibility that someone had access to one of Ms. Hilton's devices and/or knew her account password."
T-Mobile also told its Sidekick users to regularly change their passwords and use complex passwords to improve their own level of security. Just yesterday, CompTIA (Computing Technology Industry Association) issued a press release underscoring the importance of secure passwords for end users.
According to CompTIA research in 2004, 84 percent of the almost 900 organizations it surveyed blamed human error as being partially responsible for recent security breaches. Many of those "human errors" were rooted in poor password security.
CompTIA said it recommends users maintaining four passwords for IT usage and that the password should include a combination of numbers, letters and punctuation marks. They also recommend that passwords be changed at least every 90 days.
Contact information from Hilton's address book was widely available early Tuesday, though by mid-afternoon most of the sites that had posted the information decided to pull it down for fear of legal repercussions.
"Sorry you couldn't enjoy the fun sooner. [I] hope this makes you realize [that] in the electronic age you are not safe from prying eyes. Oh also Hi Paris!," one post said. Other sites also denied they were the original source for the hacked information.
A weak password may not have necessarily been the lynchpin that leaked the amateur film starlet's Sidekick info. T-Mobile has been the victim of hacking infiltration before. This past January, the wireless provider took action against an alleged hacker that had stolen Social Security numbers, account names and passwords, and even digital photos taken by customers from its network.
Calls to Hilton were not returned by press time.