The Week in Breach
Breach news to share with your customers!
This week, databases are leakier than an old car on a bumpy road. Plus, Nest security may not be so secure.
Dark Web ID Trends:
Top Source Hits: Social Media (57%)
Top Compromise Type: Email
Top Industry: Medical / Healthcare
Top Employee Count: 11-50 employees (47%)
China – Boomoji
https://techcrunch.com/2018/12/13/popular-boomoji-app-exposed-millions-contact-lists-location-data/
Exploit: Exposed database.
Boomoji: A Chinese company that makes personalized animated avatar to be sent over text and other various apps.
Risk to Small Business: 2.111 = Severe: Exposed databases can be very embarrassing for a company because there is no excuse for leaving the database where customer information is stored unsecured. Customers are unlikely to return to the service, and if they do could be hesitant to enter in credit card information or reveal more of their data because they figure it could be at risk as well. | |
Individual Risk: 2.111 = Severe: Those affected by this breach are at an increased risk of phishing attacks. This is made a severe risk in this case because the exposed information included the contact books of the users who gave the app permission to access it. |
Customers Impacted: Over 5 million users.
How it Could Affect Your Customers’ Business: Not only is the exposed database embarrassing for the organization, but the company lied about the extent of the breach by stating the databases were for testing purposes only. Not being upfront about the breach can result in a further loss of trust in the company by the customer.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
Brazil – Cadastro de Pessoas Físicas Database
https://cyware.com/news/misconfigured-cloud-server-exposed-taxpayer-id-numbers-of-120-million-brazilians-91298892
Exploit: Exposed database.
Cadastro de Pessoas Físicas (CFP) Database: CFP is a Brazilian national identifying number attributed by the Brazilian Federal Revenue, that must be issued before opening a bank account, creating a business, paying taxes, or getting a loan.
Risk to Small Business: 1.777= Severe: The breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking. |
|
Individual Risk: 1.857= Severe: There is a significant amount of personal information that was exposed during this breach that would be highly useful to a bad actor wishing to engage in a spear phishing campaign. |
Customers Impacted: 120 million Brazilians.
How it Could Affect Your Customers’ Business: The personal data of customers was exposed which would be highly damaging for any organization. In many countries, the organization would also face consequences from the government such as fines.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/.
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
In Other News:
Alarming News
A hacker warned an unsuspecting homeowner of his ability to hack the man’s home security system by speaking to him through it. In a circumstance that could only be described as ‘alarming’, a hacker who claimed to be with anonymous told the Arizona man, through the Nest security system he had installed, that he had been hacked. The hacker then listed passwords the man had on other sites. If you have a Nest security system, you may want to consider contacting the manufacturer about this incident.
What We’re Listening To
Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e