LinkedIn Data Breach Impacts 700 Million Users
In June of 2021, a hacker posted data associated with 700 million LinkedIn users on the dark web. The hacker used data scraping techniques by exploiting the site’s API. The data taken included email addresses, phone numbers, geolocation records, and other details. Such information would make it easy for threat actors to attempt social engineering tactics to gain access to a user’s accounts.
The lesson here is all about APIs. APIs make integration and data sharing easy and streamlined between systems. Unfortunately, they can also be a vulnerability. If you’re regularly sharing sensitive information through APIs, you should be hyper-vigilant around these exchanges. When passing data to a vendor, one key thing is to ensure encryption of the data in transit or at rest.
Ubiquiti Inc. Suffers Unauthorized Access, Custom Accounts Exposed
Ubiquiti Inc. is one of the largest sellers of routers, webcams, and other technology. In January of 2021, they alerted users of a breach stemming from systems hosted by a third-party cloud provider. Gaining access to such accounts would be attractive to hackers, as they could manage a network’s routers and devices.
Again, the cause of the hack relates to a third party. While there are no further details on what the vulnerability was, it’s another reminder that those that host data need the most robust prevention and protection policies. Don’t assume that your cloud provider has the same security posture as you do.
Mimecast, Microsoft’s Email Security Feature, Sees Compromise
It’s rather startling to think that a security feature is the victim of a data hack. A hacker compromised Mimecast’s certification to authenticate in January of 2021. About 10% of customers used the compromised connection. Microsoft disabled the hijacked certificate, and new ones were issued.
Hackers were able to retrieve email addresses and contact information, but the credentials were encrypted.
The lesson here is around authentication certificates. This breach illustrates that the process that should ensure security can be vulnerable. Thus, this should be part of a company’s infrastructure testing when such procedures are in place. In other words, anything is hackable.
Bonobos Backup Database Takes Hit
Bonobos, a men’s clothing brand owned by Walmart, was the victim of a data breach, exposing addresses, phone numbers, and partial credit cards. The company’s internal systems were not part of the security incident. Rather, the threat actor gained entrée via a backup file hosted in an external cloud.
The resolution, per the company, was to turn off access points and report the breach to the cloud provider.
A third party’s involvement in this breach aligns with the overall trends in cybersecurity. Hackers are continuing to find new ways to infiltrate databases, but not through direct means. In looking at data storage, of course, every organization needs redundancy. The question is, how secure is that redundant framework? Does it have the same level of protection as the primary databases?
CVS Health Vendor Exposes Billions of Records
All parties in the healthcare ecosystem struggle with data security. They are a valuable target because of the information they hold. During the pandemic, healthcare attacks have skyrocketed. In June of 2021, CVS Health experienced a breach when a third-party vendor posted an unsecured database with more than a billion search records.
This security incident wasn’t a hack, but the story is important to understand. It goes back to all the parties in your security bubble. When any of them don’t follow protocols or make human errors, everyone is at risk.
Preventing a Data Hack Involves Everyone with Access
Keeping your data secure is a priority, and you need to make sure your partners do as well. As a transactional print and mail company, data security is of the utmost importance to us. Healthcare, financial institutions, and other organizations trust us with sensitive data every day.
There is no room for error, which is why we have rigid protocols that surpass industry standards.
Our customers depend on us to get their customers’ data safe, and that’s something we take seriously, proven through our multi-layered security measures. Learn more about how we keep data safe every day.