Not exactly a startup news per se, but a healthy reminder to all those working with user credentials in their online services. One of the largest, if not the largest, online identity thefts has just occured in Finland. The service to be breached was Älypää, a Sanoma bought gaming site. The sad part is that while an identity breach of this magnitude is always bad – this has been made worse by Sanoma actually storing the passwords in plain text, making them usable anywhere.

MuroBBS, a Finnish forum for tech enthusiasts, has posted a thread on the breach. They are suspecting that the breach might have something to do with the break ins of the two SDP politician websites over the weekend here in Finland.

While Helsingin Sanomat, Sanoma’s largest newspaper in Finland, was quick to note that Helsingin Sanomat user credentials are not at risk it does not take a lot of understanding to know that this is very severe. Many people still unfortunately use the same login name/e-mail and password combination in many online services and thus it can be said that not only are Helsingin Sanomat user credentials also at risk as are users’ e-mail accounts. It does not, in my personal opinion, matter at all that there were no personal information or credit card information stolen in the breach – these credentials can easily be used to hack into e-mail accounts and a lot of other credentials can be stolen through them (as people save login information).

Sanoma is now working with the Finnish Computer Emergency Response Team (Cert.fi) to try to minimize the effects of the breach. Users can also check if the beginning of their e-mail is found on this list. If it is, it is strongly suggested they change the password combination they use in other possible services else where.




A screenshot of the Sanoma website presenting an official statement on the breach. The slogan above ironically says, “Electronic and enjoyable experiences”.