Encrypted Data is Uncompromised when Operator’s Account is Compromised?
“Sumo Logic says customer data untouched during breach” https://www.theregister.com/2023/11/21/sumo_logic_security_breach/
The reports reads “Compromised AWS account led to fears that user info could have been exposed to cybercriminals” and the victims is said to have mentioned “It wasn’t able to confirm at the time whether customer data was compromised but did say that, like always, it remained encrypted.”
Should the decryption keys have been stolen/duplicated as well, the stolen/duplicated encrypted data can be brought back to plain text at any time the criminals like. It could be the time the exposure could give the maximum damage to the victims.
I wonder if those security people who designed, implemented and operate the identity security systems are ignorant of or indifferent to the fact that the credential theft inevitably leads to the data theft.
Encrypting the data is half of the story — The security that cryptography provides is not above the identity security of the people who handle the decryption key, as discussed in “Non-Existent Crypto Keys to be Regenerated from Image Memory when Needed” (8Sep2023) https://www.linkedin.com/posts/hitoshikokumai_microsoft-explains-how-china-stole-one-of-activity-7105818025685106688-bYVs
If they want to be rescued, we will certainly rescue them, joined by the most advanced quantum resistant cryptography from QRC, Switzerland
