On April 13, 2019, Microsoft confirmed that a certain number of Outlook email accounts had been compromised. The attacker used the credentials of a customer support agent to view the email addresses, folder names, subject lines of emails, and email addresses of other recipients from the affected accounts.
Microsoft has since issued official communications to affected users and recommended all Outlook users to change their passwords.
With security breaches starting to become increasingly common, perhaps it is time to evaluate whether blockchain technology could have helped prevent this attack and others like it.
Preventing Security Attacks
In its letter, Microsoft stated that the breach occurred between January 1 and March 28, 2019.
While a few media outlets reported that the attackers were able to read user emails of affected accounts, the claim was strongly denied by Microsoft. There have been several security attacks in the past which have proved that security steps taken by companies are not enough to deter attackers.
For the uninitiated, companies use a cryptographic process to convert plaintext email address and passwords entered by the user into a hash. While this works an authentication mechanism and has been used for decades, it does not compete with modern protocols and technologies.
Safeguarding User Data
Making all user data accessible on a centralized server is a major security and privacy flaw, and is what often motivates hackers. If an attacker manages to gain backdoor access to the server, they gain complete access to user accounts.
To remedy this, companies could employ blockchain technology to encrypt and store user data on various nodes in a decentralized network. The hashed data would be split into several segments and every node would hold multiple copies of the segments, but no node would hold a majority of the segments for any hashed user data.
Furthermore, since blockchain technology is designed around public key infrastructure (PKI), controlling user access and authorization is vastly simplified. Users with a private key can decrypt and read their data, while the rest cannot.
If an attacker wished to gain access to one or multiple users’ data, they would have to hack a majority of all nodes as the data is stored in segments across multiple servers. For this reason, it is much more difficult to carry out an attack on a distributed ledger than it is on a centralized server.
In the Outlook attack, a single customer support agent’s credentials were compromised to conduct the attack. In a blockchain based cybersecurity system, customer support agents would not be issued these privileges in the first place. They could simply fetch the user data in a cryptographically secured format from the blockchain when needed rather than storing it in a vulnerable state.
Blockchain technology, originally popularised by digital currencies such as Bitcoin (BTC), has many use cases, and data security may be the most promising one yet.
Do you think a blockchain-based data storage system would be better at keeping out attackers compared to existing centralized servers? Let us know your thoughts in the comments below.
Images courtesy of Shutterstock.