16 Jul Security Breach – 16 July 2020
Third Party Data Breaches Endanger Every Company
Just because your company hasn’t had a data breach, that doesn’t mean that your staffers’ credentials are safe.
Third-party data breaches are an increasing problem for every company. These days everyone uses internet-enabled services for everything from shopping to airline tickets. But that convenience comes at a price for workers: the risk of a personally identifiable data breach – and those breaches endanger their employers as well.
Recently, 45 million records of travellers to Thailand and Malaysia appeared on the Dark Web.
The stolen information included extensive personal data on travellers from many countries including their Passenger ID number, full name, mobile numbers, passport details, home address, gender, and flight details.
These breaches provide the fuel that powers spear phishing attempts, blackmail, password compromise, and other cyberattacks.
While companies can’t stop third-party breaches from accidental exposure of their workers’ personal information, they can mitigate the potential damage and add protections that can stop bad actors from using their credential against them.
United States – DataViper – Information Security
Exploit: Unauthorized Database Access (Malicious Insider)
Risk to Small Business: Extreme: A malicious insider is the culprit in a data breach at information security firm DataViper. 8,200 databases containing the personal information of millions of users were snatched from the company’s data leak monitoring service. The hacker, purportedly a former employee of Night Lion who is using that name for Dark Web activity, claims to have spent three months inside DataViper servers while exfiltrating databases indexed for the DataViper data leak monitoring service. The hacker also posted ads on the Empire Dark Web marketplace where they put up for sale 50 of the biggest databases that they found inside DataViper’s backend.
Risk to Exploited Individuals: Severe: While these databases contained the information of billions of people worldwide, much of the information was from old breaches. Some new information was included, but researchers have not ascertained how much and what kind. This kind of information is often used in phishing and credential stuffing attacks.
Customers Impacted: Unknown.
India – T7 Games/Ouroboros Games – Gambling Games Application Developer
Exploit: Unsecured Database
Risk to Small Business: Extreme: The world’s most popular social gambling app Clubillion suffered a major data breach that affects customers around the world. A research team initially discovered the problem on March 19, finding the database hosted on Amazon Web Services during the course of working on a web mapping project. The developers of Clubillion were notified by the researchers quickly, but continued inaction exposed approximately 200 million user records per day – 50GB worth of data. The active database included constantly updated gameplay information for affected users as well as IP addresses, e-mail addresses, winnings, and private messages. The database was recorded as open for 16 days before action was taken to contain the leak.
Risk to Exploited Individuals: Severe: While researchers did not see any personally identifying or financial information in the affected database, the complexity of the breach prevents certainty about exactly what was leaked. Users of the app should be aware of potential phishing attacks fueled by this data.
Customers Impacted: 160,000+
Ensure you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan.
Talk to a TCT sales team member today and we can show you how.
Follow us on LinkedIn: