Please fill in the form below to subscribe to our blog

The Week in Breach: 4/30/18 – 5/6/18

May 09, 2018

Breach Updates and News Small Business can use! 

This past week proved to be the quietest week of the year when it comes to the volume of confirmed breaches.  I certainly don’t expect this to be the case next week. Our team is seeing an uptick in chatter across dark web forums indicating confirmed exploits impacting several organizations in the financial, healthcare and legal sectors.  I do have to give credit to Twitter’s CTO for going public with the fact that they accidentally stored passwords in clear text. See links to Twitter articles below.

Phishing is going mobile. I repeat, Phishing is going Mobile. 
The statistics on the rise of Phishing via mobile devices is alarming. (the understatement of the day).

Why it’s getting so hard to tackle Phishing!
Hackers are getting really good at Phishing.  Between Photoshop, CSS grabbing and URL forging, these guys are becoming more and more successful!  

The Twitter Passwords Incident Summarized. 
This a quick little synopsis of what happened inside the Twitterverse. It includes a great blurb on the difference between a clear text password and a hash!

The Strength of your password matters… sometimes! 
The article was linked within the article above.  It’s a bit dated but very relevant and informative.  It demonstrates that you can have the longest, most complex password but, if it’s stored in plain text, it really doesn’t matter.

Warren Buffett has a Cyber prediction! And, this one is a lock!  
When Warren talks, you should listen. Enough said!

Come on healthcare people, get it together!  
These statistics on Q1 healthcare breaches make me sick to my stomach!

Online Scamming is a global epidemic, not just made in the USA.
The most staggering takeaway here is how long it took the average victim to recover… 47.2 hours!


Recent Breach Incidents impacting Small Business

Global University (Online University)
Education

Small Business Risk: High (Forensic, Breach Mitigation, Brand / Reputation Damage)

Exploit: Internet-facing student database misconfiguration

Risk to Individuals: Moderate (Forensics has yet to determine in data was actually downloaded. Has yet to be seen on Dark Web Markets

What You Need to Know: Not much is disclosed about how the data might have been accessed. In fact, it doesn’t even mention if the data was extracted.  What this does highlight is just how costly a “perceived issue” can be to an organization.   

BREACH

Date Occurred/Discovered February 1, 2018
Date Disclosed May 8, 2018
Data Compromised Names, Social Security numbers and birth dates
How Compromised Database misconfiguration
Customers Impacted Undisclosed number of students
Attribution/Vulnerability N/A
 

 


There’s more to come next week! MSP Partners, please feel free to share this information. Contact us and let us know how you’re getting breach news out to your customers! 

Are you looking to see how Dark Web ID™ can help you protect your customers’ credentials. Learn about ID Agent’s Partner Program now!