The Week in Breach: 4/30/18 – 5/6/18
Breach Updates and News Small Business can use!
This past week proved to be the quietest week of the year when it comes to the volume of confirmed breaches. I certainly don’t expect this to be the case next week. Our team is seeing an uptick in chatter across dark web forums indicating confirmed exploits impacting several organizations in the financial, healthcare and legal sectors. I do have to give credit to Twitter’s CTO for going public with the fact that they accidentally stored passwords in clear text. See links to Twitter articles below.
Phishing is going mobile. I repeat, Phishing is going Mobile.
The statistics on the rise of Phishing via mobile devices is alarming. (the understatement of the day).
Why it’s getting so hard to tackle Phishing!
Hackers are getting really good at Phishing. Between Photoshop, CSS grabbing and URL forging, these guys are becoming more and more successful!
The Twitter Passwords Incident Summarized.
This a quick little synopsis of what happened inside the Twitterverse. It includes a great blurb on the difference between a clear text password and a hash!
The Strength of your password matters… sometimes!
The article was linked within the article above. It’s a bit dated but very relevant and informative. It demonstrates that you can have the longest, most complex password but, if it’s stored in plain text, it really doesn’t matter.
Warren Buffett has a Cyber prediction! And, this one is a lock!
When Warren talks, you should listen. Enough said!
Come on healthcare people, get it together!
These statistics on Q1 healthcare breaches make me sick to my stomach!
Online Scamming is a global epidemic, not just made in the USA.
The most staggering takeaway here is how long it took the average victim to recover… 47.2 hours!
Recent Breach Incidents impacting Small Business
Global University (Online University)
Education
Small Business Risk: High (Forensic, Breach Mitigation, Brand / Reputation Damage)
Exploit: Internet-facing student database misconfiguration
Risk to Individuals: Moderate (Forensics has yet to determine in data was actually downloaded. Has yet to be seen on Dark Web Markets
What You Need to Know: Not much is disclosed about how the data might have been accessed. In fact, it doesn’t even mention if the data was extracted. What this does highlight is just how costly a “perceived issue” can be to an organization.
BREACH
Date Occurred/Discovered | February 1, 2018 |
Date Disclosed | May 8, 2018 |
Data Compromised | Names, Social Security numbers and birth dates |
How Compromised | Database misconfiguration |
Customers Impacted | Undisclosed number of students |
Attribution/Vulnerability | N/A |
There’s more to come next week! MSP Partners, please feel free to share this information. Contact us and let us know how you’re getting breach news out to your customers!
Are you looking to see how Dark Web ID™ can help you protect your customers’ credentials. Learn about ID Agent’s Partner Program now!