Welcome to the start of our #SecureChristmas blog series, keeping you in the loop regarding security challenges for your business. Today we overview some recent security problems and talk about how they might have happened.
The Ashley Madison Hack
Ashley Madison is a site that offers members the idea that cheating on their spouses is possible through membership. The site was hacked earlier this year and hackers were able to gain access to profile information, email information, mailing lists and credit card information. The users were asked to pay a ransom to not expose their infidelity to their spouses.
A spokesperson from Ashley Madison has said of the hacker “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.” So third party contractors appear to be blamed and they likely had access to the systems without challenge. That being said – unless you have properly implemented access control for your computer system as well as the physical building, risks are present – if your cleaner put a USB key in the back of your computers one evening, would you know? At techrelate, we can advise the best end point security software to suit the risks appropriate to your business.
Talk Talk
A telecoms provider with 4 million customers in the UK, has too been a victim of cyber-attacks on their website. The hackers managed to obtain various personal details of their customers, such as addresses, telephone numbers, birth dates and bank details.
“Hackers attacked the TalkTalk website on October 21 and accessed the personal details of almost 160,000 customers. The bank details alone of 15,600 were stolen.”
Experts have criticized TalkTalk for poor security, their handling of the attack and their inadequate reaction to the threat. The failure to encrypt and secure data and web traffic was catastrophic.
The Vodafone hack
Hackers have stolen the personal details of up to 2000 mobile phone customers.
The mobile phone provider said 1,827 accounts were accessed, potentially providing criminals with customers’ names, mobile numbers, bank account sort codes and the last four digits of their bank account numbers. A Vodafone spokesperson stated: “This incident was driven by criminals using email addresses and passwords acquired from an ‘unknown’ source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.” It is theorised that these issues could have been exacerbated or even created – by anyone using the same password credentials for their Talk Talk and Vodafone accounts.
The most dangerous breach – The VTech hack
As has been reported in the last few weeks, children’s technology and toy firm VTech – selling devices for children and their parents which hold the name, gender, address and birth date – as well as some pictures – were hacked with a momentous data breach. A writer from Vice Motherboard exposed the breach which endangered 4.8 million customer email addresses including 227,000 children’s records and highlighted that passwords were not encrypted – despite VTechs claim to the contrary.
Countermeasures
If you fear you have been defrauded online or elsewhere, you can report it online at the Police Action Fraud site: http://www.actionfraud.police.uk/
Another site which has indexed all the database breaches can tell you if you’ve been ‘pwned’, We don’t recommend you enter email addresses into unknown sites so you can check this at your own risk: https://haveibeenpwned.com/
@techrelate we survey clients buildings and networks for security challenges and as we have done so here, always try to educate our clients on the potential challenges. Stay tuned for this week’s further 4 blog posts drilling into a bit more detail about potential security issues. Aside from that, we offer products and security systems that reduce the risks. So what are you waiting for – if you are worried, ask for a free site survey today.
Thanks for reading!
The techrelate team
Cited Links:
John Mcafee talking about the Ashley Madison hack: http://www.digitaltrends.com/opinion/john-mcafee-ashley-madison-hack-is-historic/
The Week article on the massive Talk Talk hack: http://www.theweek.co.uk/66178/talktalk-hack-to-cost-35m-but-wont-dent-profits
IBTimes Article on the Vodafone data breach: http://www.ibtimes.co.uk/vodpahone-hack-almost-2000-customer-accounts-have-been-accessed-by-hackers-1526638
Vice:Motherboard’s talk with the VTech hacker: http://motherboard.vice.com/read/vtech-hacker-explains-why-he-hacked-the-toy-company