22 May Security Breach – 22 May 2020
2/3 of Consumers Reuse Their Passwords on Multiple Platforms
Despite years of advocacy for strong, unique passwords for each digital service, most people continue to reuse their credentials across various online platforms, a risk that is warned against many, many times over.
It looks to be more attributable to a desire for convenience than ignorance – a recent consumer survey found that 91% of consumers recognise the risk of reusing their passwords across multiple platforms, but 66% continue to use the same passwords anyway.
People are still making weak and easily guessed passwords in popular categories too. At the same time, 53% have not changed their passwords in the past year, leaving multiple platforms vulnerable to the treasure trove of login credentials available on the Dark Web.
Users who reuse passwords are primarily concerned with the hassle of a reset – 60% are worried about forgetting their login credentials, and 52% want more control over their passwords.
Businesses need to understand that this trend impacts their employees and their customers, putting their critical IT at risk along the way.
Using tools and services that support good password hygiene, offering things like single sign-on, two-factor authentication, and other password-oriented enhancements, and enforcing stricter password reuse and sharing policies can help mitigate the risk of password compromise through password reuse and weakness.
Australia – Localsearch – Internet marketing service
Exploit: Accidental data exposure
Risk to Small Business: Extreme: Localsearch published a directory of unlisted numbers, running afoul of the country’s data privacy laws. The move resulted in a formal warning from the Australian Communications and Media Authority (ACMA) after it conducted an investigation into the mishap, which occurred when the company failed to remove unlisted numbers when culling information from the Integrated Public Number Databases.
It was the first warning issued by the ACMA, and it serves as a reminder that businesses that don’t comply with data privacy standards can expect that there will be repercussions for their actions.
Risk to Exploited Individuals: Severe: An unspecified amount of unlisted phone numbers were published in the company’s directory. Although Localsearch has taken steps to remove this information, it’s possible that private information is already in the hands of bad actors. Those impacted should carefully scrutinize unexpected or unusual communications, as this information could be used in phishing scams or other fraud attempts.
Customers Impacted: Unknown
Australia – The West Australian – News organization
Exploit: Phishing scam
Risk to Small Business: Severe: Several employees fell for a phishing scam that compromised subscribers’ personal information. The attack, which occurred on March 23rd, wasn’t identified until April 21st. Unfortunately, it took the company months to complete its investigation, costing victims critical time to secure their information. The news organization has apologized for the breach, but many consumers have little patience for these overtures, preferring instead that companies take steps to protect their information before a breach occurs.
Risk to Exploited Individuals: Moderate: Hackers accessed customer’s names, phone numbers, and email and home addresses for anyone who contacted the newspaper through its email@example.com email address. Those impacted by the breach should carefully scrutinize incoming messages, as this information is often used in spear phishing attacks that compromise even more sensitive information.
Customers Impacted: Unknown.
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: