Nissan says hackers stole user IDs, hashed passwords

The company said that personal information and e-mail was not compromised
  • Jeremy Kirk (IDG News Service)
  • — 26 April, 2012 11:37

Nissan said it found malicious software on its network that stole employee user IDs and hashed passwords, but said no personal information or e-mails appeared to have been compromised.

The car company released a statement on April 20, one week after the intrusion was detected. Jeff Kuhlman, Nissan's head of global communications, said on Thursday that Nissan delayed disclosing the breach sooner in order to cleanse its network of the malicious software and prevent tipping off the hackers.

"We are working with security software specialists and making sure that all the doors are closed and that going forward we have the most secure system we can have," Kuhlman said.

Nissan said in a statement that the malware accessed a data store that held employee user account credentials. Kuhlman said the company is not sure what information the hackers were after.

"As a result of our swift and deliberate actions we believe that our systems are secure and that no customer, employee or program data has been compromised," according to the statement.

Nissan said it would "continue to vigilantly maintain our protection and detection systems and related countermeasures to keep ahead of emerging threats."

Storing hashed passwords rather than passwords in clear text is considered a good security practice. A hash is a cryptographic representation of a password, but the hash can be converted back to the original password using modest computing power and password cracking programs.

The shorter and less complicated the password, such as those without capital letters and numbers, the faster it can be decoded.

Send news tips and comments to jeremy_kirk@idg.com

Fake-police ransomware reaches Australia

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Aplication Security

Safeguard your websites against cyber attacks and data loss.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.