The Week in Breach: 05/20/20 – 05/26/20
This week, accidental data exposure erodes brand reputation, ransomware disrupts operations, and insurers increase their scrutiny of cybersecurity policies.
Dark Web ID Trends:
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: High-Tech & IT
- Top Employee Count: 11 – 50
United States – Edison Mail
https://threatpost.com/edison-mail-ios-bug-exposes-emails-to-strangers/155814/
Exploit: Coding error
Edison Mail: Email application
Risk to Small Business: 2.171 = Severe
A coding error in Edison Mail’s popular iOS app allowed messages to be viewed by other users. The update was released on Friday, May 15th, and the company claims that it was repaired by the end of the weekend. However, for an app that touts its advanced security features, this oversight undermines one of its primary selling points. What’s more, three days is an eternity in the cybersecurity space, giving bad actors ample time to take advantage of this vulnerability. Users, incensed by the oversight, aggressively criticized the platform on social media, adding a PR component to an already-arduous recovery process.
Individual Risk: 2.602 = Moderate
The app’s flaw only applies to iOS users who downloaded the update on May 15th. Many victims noted that they could read up to 100 emails from accounts that didn’t belong to them, potentially compromising anything in those messages. Those impacted by the breach should carefully monitor their accounts for misuse, and they should consider enrolling in credit and identity monitoring programs to help secure their information if it falls into the wrong hands.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: After years of seemingly endless cybersecurity incidents, many consumers are finally fed up with companies that can’t protect their privacy. As many users commented on social media, this event undermined their trust in the application, which could prompt them to turn to a competitor for a more compelling platform. In this way, cybersecurity can be considered a bottom-line differentiator that can make or break companies in the digital economy.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.
United States – Home Chef
Exploit: Unauthorized database access
Home Chef: Meal kit & food delivery company
Risk to Small Business: 1.790 = Severe
Hackers obtained a database containing customer data, and sold the information on the Dark Web. The database, which was lifted in a data breach in early May, was available for just $2,500, and it contains the personal data for more than 8 million customers. This incident will further stigmatize Home Chef, which is still grappling with the cybersecurity implications of the previous breach.
Individual Risk: 1.980 = Severe
The database stored customer details, including email addresses, encrypted passwords, partial credit card information, genders, ages, and subscription information. Victims should immediately update their Home Chef account passwords and any other platform credentials using the compromised data. In addition, they should carefully monitor their online accounts for instances of fraud or misuse.
Customers Impacted: 8,000,000
How it Could Affect Your Customers’ Business: Customers’ personal data is a valuable commodity, and there is an army of ready buyers on the Dark Web. In response, every company needs to know when their company or client data is being circulated in this nefarious environment, potentially giving them an opportunity to respond before bad actors can capitalize on its availability.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
United States – Wishbone
Exploit: Unauthorized database access
Wishbone: Poll & Comparison App
Risk to Small Business: 1.562 = Severe
A company database was stolen by hackers, who then released the data in full on the Dark Web. The information was captured as part of a cybersecurity incident that occurred in January 2020, and it’s unclear why it took Wishbone more than five months to identify the incident. This is the second cybersecurity incident for the perennially popular company. Now, consumers are much less forgiving. In addition, today’s regulatory environment is significantly more critical of companies’ cybersecurity stance, which could contribute to a multifaceted problem for the platform moving forward.
Individual Risk: 1.670 = Severe
Users’ personal data was exposed in the breach. This includes usernames, email addresses, phone numbers, hashed passwords, and profile pictures. This information is easily obtained on the Dark Web, and everyone impacted should immediately update their account passwords and take steps to secure their personal details. Since this information can quickly be redeployed in a spear phishing campaign, victims need to be especially vigilant about monitoring the veracity of incoming messages.
Customers Impacted: 40,000,000
How it Could Affect Your Customers’ Business: Consumers and data privacy regulators are increasingly critical of companies that fail to protect customer data. Moving forward, it’s evident that data security will be a bottom-line issue for many companies, as they will rely on their defensive capabilities to bolster consumer sentiment and to ward off regulators, both of whom are ready to hold businesses accountable for privacy violations.
ID Agent to the Rescue: Dark Web ID is the leading Dark Web monitoring platform in the channel for a reason. Our award-winning platform combines human and sophisticated Dark Web intelligence to identify, analyze, and proactively monitor the Dark Web for your organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
United States – Mathway
Exploit: Unauthorized database access
Mathway: Online tutoring and mathematics education platform
Risk to Small Business: 1.807 = Severe
Hackers accessed a company database and made it available for sale on the Dark Web. The breach was first detected by cybersecurity researchers when the platform’s data was available for private purchase. Now, it’s widely available to bad actors for $4,000. The incident is especially untimely, as students and teachers turn to online platforms to supplement learning opportunities while schools operate remotely. It could impact the platform’s ability to capitalize on this prominent moment for ed-tech services.
Individual Risk: 1.780 = Severe
While Mathway is unable to detail specific data sets compromised in the breach, they acknowledged that users’ account credentials were exposed. Consequently, all users should reset their account passwords and continue to monitor their accounts for instances of fraud. As the company provides more specific details, users should continue to adjust their response accordingly.
Customers Impacted: 25,000,000
How it Could Affect Your Customers’ Business: There are millions of account credentials available on the Dark Web, and businesses that are serious about securing their data will put an additional layer of protection between login credentials and IT infrastructure. Taking simple steps, like adding Dark Web monitoring to a company’s cybersecurity plan, can help companies keep their data secure even when passwords are compromised.
ID Agent to the Rescue: Let us search the Dark Web so you don’t have to. Dark Web ID is the top solution in the channel because it works, using human and machine intelligence to monitor the Dark Web for your business information and passwords 24/7/365, giving you peace of mind that fits your business and your bottom line. https://www.idagent.com/dark-web-id-enterprise
Cyprus – Covve
https://portswigger.net/daily-swig/covve-revealed-as-source-of-data-breach-impacting-23m-individuals
Exploit: Unauthorized database access
Covve: Address book app
Risk to Small Business: 2.208 = Severe
A cybersecurity researcher identified an unsecured database containing millions of customers’ personal data. The database was first discovered in February, but the breach wasn’t linked to Covve until May 15th. It took the company several days to identify the scope of the incident before notifying customers. Although the company notes that the breach contains “mostly scrapable data from public sources,” it will undoubtedly have meaningful customer satisfaction and public relations blowback for the company.
Individual Risk: 2.702 = Moderate
The exposed database includes some users’ names, job titles, email addresses, phone numbers, and physical addresses. Covve notes that account details, including login credentials, remain secure, but this information can be repurposed for numerous identity and financial crimes. Those impacted by the breach should enroll in an identity monitoring service to ensure the long-term integrity of their information, and they need to carefully vet their incoming messages to identify potential spear phishing messages.
Customers Impacted: 23,000,000
How it Could Affect Your Customers’ Business: Today’s companies are constantly under siege from bad actors, making an accidental, avoidable data breach especially problematic. Given the numerous ways that company or customer data can make its way into the wrong hands, every company needs advanced notification when their information could be compromised.
ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/.
United Kingdom – EasyJet
https://www.dailystar.co.uk/news/latest-news/breaking-easyjet-hacked-9m-customers-22050964
Exploit: Unauthorized database access
EasyJet: Airline
Risk to Small Business: 1.809 = Severe
Hackers accessed EasyJet’s network, compromising customer details and exposing them to potential cybersecurity risks. The company took quick action to secure compromised IT, but the breach will still have costly implications for the company, which now has a triumvirate of responsibilities, including repairing IT vulnerabilities, restoring customer trust, and addressing regulatory scrutiny. The timing couldn’t be worse, as the airline industry, like many sectors, has been severely degraded by the COVID-19 pandemic, making this breach especially problematic for the company.
Individual Risk: 2.191 = Severe
Customers’ personally identifiable information was exposed in the breach. This includes usernames, passwords, credit card numbers, and passport credentials. The company encourages customers to carefully monitor incoming communications, as this information is often used to craft convincing-looking spear phishing campaigns. In addition, customers should consider enrolling in a credit or identity monitoring service to help ensure their information’s security even after the immediate crisis subsides.
Customers Impacted: 9,000,000
How it Could Affect Your Customers’ Business: As many companies begin turning their attention to post-COVID-19 recovery strategies, the growing number of cybersecurity risks threaten to undermine these efforts. Companies looking to thrive after the crisis need to address these risks that stand in opposition to data security and many organizations’ viability.
ID Agent to the Rescue: Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more here: https://www.idagent.com/bullphish-id.
Australia – BlueScope Steel
https://www.cisomag.com/bluescope-cyber-incident/
Exploit: Ransomware
BlueScope Steel: Steel manufacturer
Risk to Small Business: 1.702 = Severe
A cybersecurity incident at the steel producer has disrupted operations at the company’s Australia-based facilities. In response, the company shuttered parts of its digital operations, reverting to manual operations whenever possible. BlueScope Steel expects its capabilities to be diminished as it works to recover from this disruptive cyberattack.
Individual Risk: At this time, no personal data was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are a uniquely expensive cyber threat. Not only do they force companies to pay high recovery costs, but the productivity loss and opportunity costs compound the problem. These attacks are not inevitable. Companies can defend against these attacks by ensuring that their digital environment doesn’t offer a foothold to bad actors.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.
Australia – The Toll Group
https://www.zdnet.com/article/tolls-stolen-data-finds-itself-on-the-dark-web/
Exploit: Ransomware
The Toll Group: Transportation and logistics company
Risk to Small Business: 1.205 = Extreme
The cascading consequences of a January cybersecurity incident are becoming increasingly apparent for The Toll Group. Earlier this month, the logistics company suffered a ransomware attack predicated on this earlier network compromise. The incident included data exfiltration. That information has now been shared and sold on the Dark Web, complicating an already arduous recovery process for the company and its customers. This incident is a reminder that cybercriminals are no longer content to encrypt networks in hopes of a financial windfall. They are willing to steal and sell company data to ensure that they earn a return on their efforts.
Individual Risk: 1.407 = Severe
The compromised server contains personal information for many past and present employees. While the company didn’t identify the specific data points, employees should assume the worst and take precautionary measures to secure their personal and financial information. This includes monitoring accounts for suspicious activity and enrolling in credit and identity monitoring services to oversee their personal information
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident highlights a troubling trend in ransomware. Criminals are exfiltrating data before encrypting company networks, creating multifaceted income streams that make their work more lucrative, and, consequently, more advantageous. However, ransomware attacks are not inevitable, and companies can defend their networks and data by ensuring that their accounts are secure and their network is protected against bad actors.
ID Agent to the Rescue: BullPhish ID simulates phishing attacks, including new COVID-19 phishing kits, and conducts security awareness training campaigns including video to educate your employees, making them the best defense against cybercrime – and training is available in 8 languages. Click the link to get started: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News
Go Inside the Cybersecurity Landscape When You Read Inside the Ink
Get expert news and analysis of the current breach landscape as you learn how to mitigate the risks you face today and prepare for the threats of tomorrow in our blog Inside the Ink.
Catch up on what you need to know now:
- Cybersecurity News and Analysis: The Ink This Week
- Phishing is the Same in Any Language, so BullPhish ID is Available in 8
- 3 Webinars to Grow Your MSP Business
- Are Your Staff’s Passwords for Sale on the Dark Web? Fix That Now.
- Smart Cybercriminals Sell Research Data on the Dark Web
Sales & Marketing Tools You Can Use
NEW EBOOK! Learn to spot and stop insider threats.
Is the biggest threat to your security already inside your organization? Insider threats are a pernicious and expensive problem for every company, and no one is immune. Get up to date with our Stop Insider Threats resource package featuring our new eBook to show you how to identify and neutralize two common types of insider threat and a whitepaper that gets you up to speed fast on insider threats by explaining the 6 things that you need to know to protect your company. DOWNLOAD IT>>
Are you ready to grow post-pandemic? Hear from experts about how you can maximize your opportunities and see how the post-pandemic shift in IT priorities affects MSPs in “Digital Risk: Threats, Opportunities, and Strategies to Position Yourself for Success” DOWNLOAD IT>>
Know your enemy. Dark Web threats are even more of a threat to companies that are going (or staying) fully remote. Take a tour of the real Dark Web in “Unveiling Cybercrime Markets on the Dark Web” and get a free slide deck with Dark Web screenshots! DOWNLOAD IT>>
DID YOU KNOW? BullPhish ID has been updated to include COVID-19 threats and offers training materials (including video training) available in 8 languages.
Verizon’s 2020 Data Breach Investigations Report Narrows Down the Threat Landscape
Cybersecurity is a known threat that can be hard for non-tech folks to understand and can be seen as too broad to truly prioritize. Giving solid, actionable information about the nature and frequency of today’s threats is helpful when illustrating why cybersecurity matters. Verizon’s 2020 Data Breach Investigations Report shows that threats continue to grow and lays out a few facts that make it easier to quantify the importance of strong security, especially when supporting a remote workforce.
More than two-thirds of all data breaches are attributable to just three factors: credential theft, social engineering attacks like phishing scams, and human error.
Insider threats are a constant problem in the breach landscape, and that hasn’t changed. While we usually think of threats as coming from outside an organization, malicious insider threats are incredibly devastating and need to be a major concern.
The listed attack methodologies comprise the most likely vulnerabilities, allowing businesses to respond with more pinpoint precision. Cybersecurity tools are becoming more effective at blocking common malware strains, with human error overtaking malware this time. Some of it still gets through, though especially as part of a phishing attack.
Watch 10-minute demo videos of how ID Agent’s solutions like BullPhish ID and Dark Web ID can help you secure your data and your remote workforce quickly without breaking the bank!
The threat of phishing attacks has never been higher, making updated training and testing essential. Although technology has become more successful at filtering phishing scams, many continue to make their way to employees’ inboxes, which is why the report called for businesses to implement security awareness training programs to combat these attacks. BullPhish ID contains phishing training materials in 8 languages including COVID-19 phishing kits.
While today’s threat landscape is ominous and expansive, Verizon’s latest report makes it clear that businesses can make significant improvements to their defensive posture by prioritizing the most prescient risks in a comprehensive digital risk protection strategy.
Catch Up With Us at These Virtual Events
MAY 27: Grow Walletshare and Improve Client Stickiness in Uncertain Times Webcast REGISTER>>
JUNE 1-5: PIVOT2GROW 2020 REGISTER >>
AUG 24-27: Connect IT Global in Las Vegas REGISTER >>
AUG 30-SEPT 1: ITBYDesign BuildIT REGISTER>>
A Note for Your Customers
Cyber Insurers Increase Scrutiny of COVID-19 Claims As the Pandemic Increases Their Submission
Businesses hoping to rely on cybersecurity insurance coverage to offset the cost of a data breach may have a more difficult time recouping their losses. According to reporting by The Wall Street Journal, insurers are becoming increasingly critical of cybersecurity-related claims. Specifically, companies are adding questions to surveys used to calculate premiums and assess damages.
Download your FREE Remote Work Cybersecurity Toolkit now to get our “6 Risks to Mitigate to Quickly Secure a Remote Workforce” eBook and checklist.
In some ways, this change is the result of a rapid shift to remote work. As we’ve covered extensively, remote work comes with many cybersecurity risks, and insurers are hedging their bets, assuming that they could incur an influx of claims as companies fail to grapple with the ramifications of remote work. For businesses, this is a reminder that they shouldn’t rely on cyber insurance to bail them out if they have a cybersecurity incident. Instead, they should invest in the tools that can prevent a cybersecurity incident in the first place.
https://www.infosecurity-magazine.com/news/cyber-insurers-increase-scrutiny/
Looking for high-quality, brandable digital marketing tools to help you connect with decision-makers? Get free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!
Follow us on social media to find out about upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Not a Partner Yet? Let’s talk about how your business can benefit from our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID. Contact us today!