Impactful data breaches in 2020 so far
31.07.2020
Back to blog listIt is high we had a look at the biggest data leakages which happened through 2020.
This digest is intended to give you a sense of the most common mistakes that result in breaches. The purpose of this article is that you could comprehend peculiarities of these leakages and to know what to look at, how to investigate and – most importantly – prevent it, so you can feel secure not repeating your colleagues’ mistakes.
The first case we have to look at is Marriott’s credential-based breach.
This story took place on March 31, 2020 started with Marriott’s acknowledgement that "an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property."
It turns out that "unexpected amount" equals the data of 5.2 million guests.
This impacts the Marriott’s reputation taking into consideration the fact that it has only been two years since another massive breach was revealed.
How did the breach happen?
It is a most important aspect to look deep into.
Facts that we know: a hacker obtained the credentials of two Marriott employees and then used them to copy data for roughly a month before it was revealed.
How do we handle it?
In order to ensure your customer data is in safe place you have to control employees’ access to sensitive data thoroughly and on a regular basis.
How could Marriott possibly avoid this breach?
The answer to this question is in implementing multi-factor authentication for employees who are capable to access sensitive data. By implementing M-FA a company could play it safe since it would require more than a password for the attacker to penetrate into the system.
We would kindly like to draw your attention to the fact that if Marriott had learned its lesson from the previous attack it would be quite clever for them to install the Risk Monitor system which allows monitoring suspicious behavior. If they had done it this way, it would have certainly changed the scenario of a subsequent attack. The system flags suspicious and atypical behaviors which requires risk manager investigation. So, maybe an installation of such a system should be added to the To Do List.
The second case concerns Antheus Tecnologia biometric data breach
This story took place in March 2020, when security researchers from Safety Detectives shed light on the fact that Antheus Tecnologia had left sensitive information, including data on 76,000 fingerprints, exposed on an unsecured server.
For the record: Antheus Tecnologia is a Brazilian biometric solutions company.
"The vulnerable server contained roughly 16 gigabytes of data, with 81.5 million records also including administrator login information, employee telephone numbers, email addresses, and company emails."
The question is always the same: How did the breach happen?
It will sound surprising, but Antheus Tecnologia was not preoccupied much to make a decent password protection on the cloud or properly encrypt it. In retrospection we can say with confidence that it is the result of pure IT staff error.
How do we handle it?
A simple solution to the issue is to buttress password protection when migrating to the cloud. Remember: being in the cloud should be as much protected as your endpoint devices.
The third case is about CAM4 Exposing 10.88 Billion Records
In this story we need one more time to say thank you to Safety Detectives who have found the vulnerability in adult webcam platform CAM4 which inadvertently left a database full of extremely sensitive information available on the web without password protection. Luckily, Safety Detectives detected this breach as malicious actors could seize the data. It was reported that 11 million records were exposed, including full names, email addresses, sexual orientation, and chats.
CAM4 responded promptly and transparently to the breach claiming that only a tiny fraction of the exposed records could have been traced to specific individuals.
Read more about incidents caused by unprotected storages: Vedantu compromised details of 687,000 users; State Bank of India fixes an unprotected server; an unprotected Elasticsearch instance storing millions of unprotected records was discovered on January 11th.
How do we handle it?
The solution to this case lies in conducting a database audit.
Kevin Krieg, technical director of the company which manages CAM4's database: "It's a server that should not have an outward facing IP in the first place."
You as a company’s risk manager should ask yourself the following questions: what does your company publicly expose? What will attackers find if they start researching you?
For sure each case has something to teach businesses and consumers about how sensitive data is most likely to be exposed in 2020, but there is no doubt that the biggest data breaches of 2020 may be yet to come.
