Government employee helped violators to access data
24.11.2021Back to news
CP24 posts about people who received vaccine certificates or were to become vaccinated via the COVID-19 immunisation system in Ontario started to report lots of spam.
Some of these spam messages contained information addressing the children of the recipients using their full names and informing them that a son/daughter should reply to receive a reimbursement.
Two individuals have already been arrested during the investigation process having been accused of unauthorised use of a computer which violates the Criminal Code. One of them was an employee of the Ontario Ministry of Government and Consumer Services. He had access to the vaccine contact centre.
The employee is said to have been working “through a third party vendor in the vaccine booking call centre” and has been dismissed.
According to Silicon Angle, GoDaddy hosting service got the data of 1.2 million users breached in a data theft incident. The company has found out about the issue on November 17, whereas the incident had happened on September 6.
There were active and inactive Managed WordPress GoDaddy users affected, the passwords of WordPress admins and database passwords were taken, Secure File Transfer Protocol.
The preliminary investigation emphasised the role of an unauthorised access of a third party via some vulnerability in the system.
Jumio Corp. CEO Robert Prigge has blamed credentials in general, stating that another way to authenticate a user should become as popular. Usernames and passwords are enough to obtain all the data needed for initiating endless phishing attacks or social engineering tricks.