Security Breach Update
13 September 2018

TorThis week the average person gets their own back, with news of a Tor (Dark Web) site being breached based on poor configurations. Tor sites are just like any other website, and being misconfigured can expose the hosted public IP address. Because a Tor browser is used for accessing the Dark Web, a part of the web that thrives on anonymity, the exposure of one’s IP address greatly reduces this coveted privacy.

Recent Breaches

United States – United States Government (Freedom of Information Act Web Portal).
Exploit: Exposed database.
Risk to Small Business: High: An exposure such as this can taint an organization’s reputation for an extended period.
Risk to Exploited Individuals: Extreme: The nature of the data exposed leaves those affected vulnerable to identity theft.
Customers Impacted:  Unclear, dozens to hundreds.

United States – Family Orbit – A spyware application for parents to monitor their children
Exploit: Weak password on database.
Risk to Small Business: High: A company that sells spyware to parents, exposed pictures of their kids on the internet, which will likely have catastrophic effects on their business.
Risk to Exploited Individuals: Moderate: The data by itself is not harmful but is pretty creepy. However, in use with other data accessible through the Dark Web, advanced spear phishing campaigns could be launched using the exposed data.
Customers Impacted:  Hundreds, 281 gigabytes of pictures and videos were exposed.

United Kingdom – mSpy – A company that sells a software as a service product which spies on mobile devices of the customer’s kids or partner.
Exploit: Exposed database.
Risk to Small Business: High: While a breach of this size with such sensitive information would normally cripple a company, this is actually mSpy’s sophomore breach, with the first happening in 2015 when similar information was leaked onto the Dark Web.
Risk to Exploited Individuals: High: The data that was exposed was both financial and very personal, and could be used for highly-targeted phishing attacks.
Customers Impacted:  Millions.

The threat landscape is always changing, which is why it is important for every organisation of every shape and size to have robust cyber security.

Do you know if your business has had a data leakage?  Check with TCT who has a security monitoring service specifically for this purpose.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
13/09/2018

Follow us on LinkedIn:

Related Articles:
The Cost of a Breach – are you Protected?
How are you Securing your Mobile Devices

Written by