One database included transcriptions of hundreds of thousands of voicemails, many involving sensitive information such as details about medical prescriptions and financial loans. Security researcher Bob Diachenko discovered an exposed cluster of databases belonging to the Voice over IP (VoIP) telecommunications vendor Broadvoice that contained the records of more than 350 million customers.ĭiachenko uncovered the database information on October 1 and found it included caller names, phone numbers, and locations, among other data. The incident exposed extensive personal information including names and usernames, email and IP addresses, genders, general geographic location, birth dates and passwords stored as bcrypt hashes.
The data was initially sold in private sales of over $100,000, and then published on a public hacking forum where it was broadly shared for free, according to BleepingComputer.
In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 268.745.495 million records. Bob Diachenko, security researcher, alerted Microsoft to the exposed database. Microsoft’s investigation found no “malicious use and most customers did not have personally identifiable information (PII) exposed. The misconfiguration was specific to an internal database used for support case analytics, Microsoft says, and did not represent an exposure to its commercial cloud services. When it comes to ransomware, being able to push "the big red button" quickly can make all the difference.”Īccording to ZDNet, the servers contained 250 million entries, with information such as email addresses, IP addresses, and support case details.Įngineers remediated the configuration on Decemto restrict the database and prevent unauthorized access. You need to have visibility and detection capabilities across all of your operations, and especially in the case of ransomware, a way to rapidly shut down or quarantine infected devices. “Longer term, the frequency and sophistication of these attacks is a good reminder that prevention is only half the battle. Zero Trust initiatives will play a much bigger role for protecting key systems and data,” Hallenbeck explains. “Crucial systems and the accounts that access them should be protected with multi-factor authentication. This alarming rise of social engineering and its increasing sophistication teaches us that employee education and creating a culture of cybersecurity is just as important as any other form of IT hygiene, Hallenbeck says.Ĭompanies need to encourage employees to embrace the idea that they are gatekeepers for corporate information and that they play a tremendous role in keeping it safe, he argues. While this sounds simple, social engineering is more common – and more successful – than most people realize.” Three teenagers managed to gain access to the accounts of public figures by simply convincing employees at the social media company that they were colleagues who needed access to the customer service portal. “While the victim’s and subject matter made it easy click-bait, it offers a valuable lesson for organizations of all sizes – employee education matters.
0 kommentar(er)
