Tag Archives: Data Breaches

The IT Checklist to Prevent Data Breach

Posted on June 21, 2016 | Leave a comment

A big part of data security is the proactive prevention of data loss, theft, and security breach, and it is always better to prevent these from happening instead of mitigating attacks.

Here is an IT checklist for organizations to go over to prevent breaches from happening. This checklist does not only cover the roles and responsibilities of IT personnel but more importantly, should be known by all employees or team members that have access to critical and confidential data of the company.

Examples of these data include intellectual property such as source codes, product design documents, internal price lists, corporate data such as financial and strategic planning documents, research for mergers and acquisitions, employee information, and customer data—social security numbers, credit card information or financial statements.

Best Practices to Prevent A Data Breach

1. Ensure strict documentation on changes.

Seventy percent of companies undermine the importance of documenting changes, putting most critical IT systems at risk of security violations and downtime according to the 2015 State of IT Changes survey.

This practice ensures that visibility across the entire IT infrastructure is kept and provides a complete audit trail of system activities and changes made.

The human factor is always the most vulnerable area in security and considering thorough documentation of user activity as a solution, reduces the risk of employees’ inadvertence or negligence.

2. Identify threats.

A part of your data security’s responsibility is to be updated with the latest threats to security. This can be done by correlating application security quality with global security intelligence.

Ensure that your users are alerted for potential breach methods along with updating your software and infrastructure accordingly.

The gateway to your data is through your applications. Attackers know these are a weak link, making them look for vulnerabilities in applications that provide access to sensitive data. Testing applications for security vulnerabilities reduces the risk of a data breach.

3. Be proactive when it comes to information protection.

The main point of data security is to protect company information while the main component of data security is knowing your data and who has access to it.

Privilege abuse is hard to detect, so restricting access to the company’s most confidential and sensitive data to those who need it and monitoring those with privileges will greatly help in ensuring that data stays protected.

Data minimization and access control is also a powerful element. Users shouldn’t collect or have information that they don’t need. IT security, as part of database management, should also reduce the number of places users can retain data in the network.

Access to sensitive data can also be on an “as needed” basis, with strict documentation of access control.

4. Implement security policies strictly and consistently.

Continuous auditing of data changes, user activities, system configurations, and security policies helps ensure critical mistakes don’t happen and areas don’t become vulnerable for breaches.

5. Audit and evaluate your environment and network security policies continuously.

Analytics that is generated from audits help detect security incidents and find the cause of each violation. It also provides proof when a company needs to pass compliance audits.

Look Beyond Your IT Security Department

To help ensure breaches are prevented, one must look beyond the IT security department by going beyond and evaluating other departments.

Evaluate employee exit strategies (HR department), remote project protocol (Operations), on and off-site data storage practices such as BYOB devices, among other things. Once you have evaluated policies, establish new or better policies and procedures and set up safeguards.

You should also hold vendors and partners to the same standards. Third-party service providers need to maintain the same level of security standards and deploy the same measures in compliance with your federal regulations.

As hackers get more and more sophisticated, the best thing that companies – no matter the size – can do is mitigate risks and set-up control measures. In a virtual world where it’s possible to be untraceable, the best protection is preparation.

 

Leave a comment

Posted in Big Data, Data Breach, Hacking, Security

Tagged , ,

Japanese travel agency suffers massive data breach

Posted on June 17, 2016 | Leave a comment

Japan

If you’ve taken a trip to Japan through a travel agency, you might be in a bit of trouble. JTB Corp., a major Japanese travel agency, has suffered a data breach in which the personal information on nearly 8 million people was compromised.

BatBlue reports that the leak began with an email phishing attack, where an employee of the subsidiary company i.JTB Corp. opened an email attachment that infected his or her computer. From there, the hacker could access the main server, and obtained access to the personal data of JTB Corp. customers. The data may also include information on customers who used the booking services by NTT Docomo Inc.

Among the stolen data, Nikkei reports, are the names, addresses, email addresses, and passport numbers of approximately 7.93 million people. JTB states that around 4,300 of those passport numbers are still valid, which means the hacker or anyone who purchases the stolen information can misuse them.

If your passport number was among those stolen, report it and get a replacement immediately. Identity Theft Awareness provides instructions on reporting stolen passports and requesting new ones, and advises acting as soon as possible.

JTB President Hiroyuki Takahashi has apologized for the breach, and has notified law enforcement. The investigation is ongoing, but there are currently no instances of the data being abused.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged ,

Hacker puts up 167 Million LinkedIn Passwords for Sale

Posted on June 10, 2016 | Leave a comment

LinkedIn

LinkedIn’s 2012 data breach was much worse than anybody first thought.

In 2012, LinkedIn suffered a massive data breach in which more than 6 Million users accounts login details, including encrypted passwords, were posted online by a Russian hacker.

Now, it turns out that it was not just 6 Million users who got their login details stolen.

Latest reports emerged that the 2012’s LinkedIn data breach may have resulted in the online sale of sensitive account information, including emails and passwords, of about 117 Million LinkedIn users.

Almost after 4 years, a hacker under the nickname “Peace” is offering for sale what he/she claims to be the database of 167 Million emails and hashed passwords, which included 117 Million already cracked passwords, belonging to LinkedIn users.

The hacker, who is selling the stolen data on the illegal Dark Web marketplace “The Real Deal” for 5 Bitcoins (roughly $2,200), has spoken to Motherboard, confirming these logins come from the 2012 data breach.

Since the passwords have been initially encrypted with the SHA1 algorithm, with “no salt,” it just took ‘LeakedSource‘, the paid search engine for hacked data, 72 hours to crack roughly 90% of the passwords.

Troy Hunt, an independent researcher who operates “Have I Been Pwned?” site, reached out to a number of the victims who confirmed to Hunt that the leaked credentials were legitimate.

The whole incident proved that LinkedIn stored your passwords in an insecure way and that the company did not make it known exactly how widespread the data breach was at the time.

In response to this incident, a LinkedIn spokesperson informs that the company is investigating the matter.

In 2015, Linkedin also agreed to settle a class-action lawsuit over 2012’s security breach by paying a total of $1.25 million to victims in the U.S, means $50 to each of them.

According to the lawsuit, the company violated its privacy policy and an agreement with premium subscribers that promised it would keep their personal information safe.

However, now new reports suggest that a total 167 Million LinkedIn accounts were breached, instead of just 6 million.

Assuming, if at least 30% of hacked LinkedIn Accounts belongs to Americans, then the company has to pay more than $15 Million.

Meanwhile, I recommend you to change your passwords (and keep a longer and stronger one this time) and enable two-factor authentication for your LinkedIn accounts as soon as possible. Also, do the same for other online accounts if you are using same passwords on multiple sites.

Do you see a pattern here?  Social media is getting hit hard so as I said above and many times before, change your passwords frequently and make then stronger !!!

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Public Cloud

Tagged ,

Hacker Selling 65 Million Passwords From Tumblr Data Breach

Posted on June 10, 2016 | Leave a comment

tumbler

Earlier this month Tumblr revealed that a third party had obtained access to a set of e-mail addresses and passwords dating back from early 2013, before being acquired by Yahoo.

At that time, Tumblr did not reveal the number of affected users, but in reality, around 65,469,298 accounts credentials were leaked in the 2013 Tumblr data breach, according to security expert Troy Hunt, who runs the site Have I Been Pwned.

“As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” read Tumblr’s blog.

A Hacker, who is going by “peace_of_mind,” is selling the Tumblr data for 0.4255 Bitcoin ($225) on the darknet marketplace The Real Deal.

The compromised data includes 65,469,298 unique e-mail addresses and “salted & hashed passwords.”

The Same hacker is also selling the compromised login account data from Fling, LinkedIn, and MySpace. I wonder if he has more data sets yet to sell…

Salt makes passwords hard to crack, but you should still probably change it.

 

 

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Public Cloud

Tagged ,

427 Million Myspace Passwords leaked in major Security Breach

Posted on June 10, 2016 | Leave a comment

My Space

MySpace has suffered a major data breach in which hundreds of Millions of users have had their account details compromised.

You may have forgotten Myspace and have not thought of it in years after Facebook acquired the market, but Myspace was once-popular social media website.

On Tuesday, Myspace confirmed that the company was hacked in 2013 and that the stolen Myspace username and password combinations have been made available for sale in an online hacker forum.

The hacker, nicknamed Peace, who is selling the database of about 360 Million Myspace accounts with 427 million passwords, is the same hacker who was recently in the news for leaking 164 Million LinkedIn and 65 Million Tumblr accounts.

“We believe the data breach is attributed to Russian Cyberhacker ‘Peace’,” Myspace wrote in a blog post. “Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk.”

Like LinkedIn, the stolen Myspace passwords were also stored in SHA1 with no “salting.” Salting is a process that makes passwords much harder to crack.

Myspace said it has taken “significant steps” to strengthen its users’ account security since the data breach in 2013 and now the company uses double-salted hashes to store passwords.

I strongly advise users who tend to reuse the same passwords between sites to set new passwords on those websites immediately.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Public Cloud

Tagged ,

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Posted on June 10, 2016 | Leave a comment

Twitter copy

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.

However, these are only data breaches that have been publicly disclosed by the hacker.

I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released.

The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.

The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts.

Twitter strongly denied the claims by saying that “these usernames and credentials were not obtained by a Twitter data breach” – their “systems have not been breached,” but LeakedSource believed that the data leak was the result of malware.

“Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” LeakedSource wrote in its blog post.

But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?

The hackers obtained Zuck’s account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfully hacked Zuckerberg’s Twitter and Pinterest account.

So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.

The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.

Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.

So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Public Cloud

Tagged ,

Over 400 Million Affected in Latest Hacks

Posted on June 8, 2016 | Leave a comment

Popular-social-media-iconsMyspace and Tumblr have become the latest victims of a data breach, with over 400 million email addresses, usernames, and passwords stolen in the last month.

Myspace Breach

Chances are, you have forgotten all about that Myspace account and your friend Tom that you had back in the early 2000s. However, that account may come back to haunt you as Myspace has fallen victim to possibly the largest data breach to date. According to the hack-tracking site LeakedSource, over 360 million user records were stolen by a hacker that goes by the name of “Peace.”

“Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013, on the old Myspace platform are at risk,” Myspace announced in a blog about the hack. For those of you who have created an account since June 2013, your account is currently unaffected. Myspace says it has increased its security significantly, specifically by using “double salted hashes,” which makes it much harder to crack passwords even if they have been breached.

Tumblr Breach

tumblr-social-media-icon.pngApparently, “Peace” was a very busy hacker in 2013. The anonymous cybercriminal is responsible for the data breaches of LinkedIn, Myspace and now Tumblr. LinkedIn and Myspace could go down as the largest data breaches in history with records surpassing 100 million and 360 million respectively.

What is Tumblr? Tumblr lets you effortlessly share anything. Post texts, photos, quotes, links, music and videos from your browser, phone, desktop, email or wherever you happen to be. It is a cross between a social networking site and a blog. Often described as a ‘microblog’, Tumblr currently hosts over 217 million separate blogs with 420 million users and was purchased in 2013 by Yahoo for $1.1 billion.

On May 12th, Tumblr revealed that it had just discovered a 2013 breach of user email addresses and passwords. Troy Hunt, a security researcher at Have I Been Pwned, recently obtained a copy of the stolen data set which includes over 65 million unique email addresses and passwords.

The breaches of LinkedIn, Myspace and Tumblr are being tabbed as ‘mega breaches’ and coincidently have been released in the last couple of weeks. Could this be a trend and how many more ‘mega breaches’ could we see in the near future?

“If this is indeed a trend, where does it end? What more is in store that we haven’t already seen?” Hunt wrote. “…how many more are there in the ‘mega breach’ category that are simply sitting there in the clutches of various unknown parties?”

How Serious Is This?

While it’s extremely unlikely that anyone is going to want to hack into your zombie Myspace page or Tumblr account, cybercriminals who get access to your email addresses, usernames or passwords are going to attempt to use them to gain access to other accounts; such as your bank accounts. It’s as important as ever to have different and very sophisticated passwords for each online account you use. While this may be a huge pain, it’s worth doing and might save you a lot of hassle in the long run.

Leave a comment

Posted in Cyber Security, Hacking, Public Cloud

Tagged

Who is responsible for your cloud application breach?

Posted on April 15, 2016 | Leave a comment

Cloud_Security

Cloud application security has been a big concern of lately due to several data breaches occurring in the cloud services such as the icloud hack, Target, Home Depot, United States internal Revenue system. Therefore the security of application poses a question as where does the responsibility of the application security lie?
Is it with the vendor or the company or person availing the services? The answer goes both sides, as the security aspect of the server side is only covered by the vendor of the cloud application services the client side still needs the security which is mostly overlooked by the people or the companies.
The client side application security is of utmost importance as only the server side security is not enough to protect the application from security breaches.
The different kind of security threats which pose a great danger to the cloud application security are as follows:

Data breaches

  • Account Hijacking
  • Compromised credentials
  • Permanent Data loss
  • Shared Technologies
  • Cloud service abuse
  • Hacked Interface and API

Data Breaches

This is one of the biggest threat to the cloud services because of the vast amount of data stored on the cloud servers. The sensitivity of the data can be imagined easily, as the cloud is storing the financial details as well as personal details of millions of people. And if this vast amount of data is breached in any case it will cause a downfall of the company and also a threat to the lives of people who have been exposed due to the breach.

 Account Hijacking

This attack has been there for a quite long time, it includes Fraud, Phishing, Software Exploits etc. Using these kind of attacks, the cloud services can be compromised and can lead to launching of other attacks, changing the settings of account, manipulate transactions, uploading malwares and illegal contents.

 Compromised Credentials

The credentials are compromised generally due to weak passwords, casual authentication, poor key or certificate management. Also the identity access management becomes a problem as the user access are sometimes not changed with the job role and responsibilities or when the user leaves the organization.
Embedding credentials and cryptographic keys in source code and leaving them in the online repositories such as GitHub also makes a big vulnerability which can be exploited easily. Aligning the identity with the cloud provider needs an understanding of the security measures taken in account.

 Permanent Data Loss

Malicious hackers have gained access to the cloud services and deleted data permanently in the past affecting the business. Also the cloud data centers are vulnerable to natural disasters which can swipe away the data which has been stored on the cloud.
If the user encrypts the data before uploading to the cloud and loses the key then data is lost. Thus the client side protection of data should be managed and well kept. Permanent data loss can lead to financial crisis and disruption of the working system.

 Shared Technologies

As the cloud service providers share infrastructure, platforms and applications from different sources therefore any reconfiguration or vulnerability in these layers affects the users and can also lead to compromise of the users system as well as the cloud depending upon the potential of the vulnerability.
Thus the security alone at the cloud server side is not only the real issue, Security has to be maintained at a vast level consisting of all the aspects of the cloud environment. The client side also needs to be secured as the attacks also possible from the client side due to low or no security measures.

 Cloud Service Abuse

Cloud applications are breached to gain access to the commanding position in the cloud where the resources can be used for different malicious purposes such as launching a DDOS attacks or sending bulk spams and phishing emails, breaking an encryption key or hosting Malicious content.
This abuse may lead to unavailability of the services or can also lead to loss of data of the users stored on the cloud, therefore it is very much necessary to secure the applications from abuse.

 Hacked Interface and API

To build an application now the developers are using ready to use interfaces and API to make their work simple, but these API’s and Interfaces tend to be the most exposed part of the system as they are available freely on the internet.
Almost every cloud service and application now offer API, IT reams are using these interfaces to interact with the cloud services such as management, provisioning, monitoring etc. Thus the level of threat to the cloud services increases manifold. This requires rigorous code reviews and penetrating testing to secure the application and services.

 Conclusion

As we see that there are a lot of possibilities of breaching your data stored in the cloud due to the importance of data. Therefore your data cannot be secured alone just by the cloud service provider, there is a shear work required from the client side to protect the application and data from the outer security threats. Therefore security audits should be done in order to secure your precious data from threats.

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Hacking, Public Cloud, Security

Tagged , ,

Data Breaches, Hacking and Cybercrime – Oh My!

Posted on April 11, 2016 | Leave a comment

Keyboard_Lock

Whenever I visit my relatives, I’m often not shocked to take a look at their smartphone or tablet or PC and find the little “update” notification number on their apps light up – and it isn’t just usually one update, it’s like 99! Because of my experience and career path, we spend part of our visit going through and updating phones, tablets and computers. Sound familiar to anyone else?

After working in this field for more than 20 years, people often will ask me – how do you sleep at night? I tell them I sleep just like a baby – meaning I sleep for 4 hours and I’m up every half hour screaming (not my quote, but I love that one….) Truthfully though, I love what I do and I’m excited to provide some thoughts and advice to consumers on how to protect themselves from a range of cyberthreats from common hacking attacks to sophisticated newer techniques like ransomware. One of the things consumers need to focus on is personal “computer hygiene.” If consumers and businesses kept up basic computer hygiene, it would stop approximately 80-90 percent of attacks.

Here are a few key and simple things you can do to protect yourself from hackers and fraudsters alike:

1) Yes, you need anti-malware software on your PC or Mac.  But equally if not more important is that you need to keep all device software updated. Many computers are hacked because they are running on an outdated operating system or outdated version of Adobe or Java or other office software. Old software is vulnerable software.  Keep it up to date.

2) Don’t use the same password on different sites. Use a different password for financial sites, vs. other consumer/retail sites. Once a hacker has access to one password, they will usually try the same password on other major websites.

3) Use the strongest authentication options available to you. For example, when a site allows you to enroll via a mobile device, which triggers a code sent to you for verification, enroll for that. You’ll thank me later.

4) Remove your own “administrative rights” on your home computer.  Many companies remove general user’s ability to add new users, install software, etc.  This greatly limits what malware can do if it is accidentally downloaded by a user.  At home, most people don’t think to do this.  So, consider creating a “normal user” account for yourself, removing that “admin” access from it, and only use the default “Administrator” account or right when you need to install software, add new users, apply updates, etc.

Sincerely hope this helps you.

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Hacking, Malware

Tagged ,