Thursday, October 25, 2018

compromised!!!!

This week Tumblr was breached and we explore Dark Web job postings.
Dark Web ID Trends:
  • Total Compromises: 3,767
  • Top Source Hits: ID Theft Forum (1,429)
  • Top PIIs compromised: Domains (3,761)
    • Clear Text Passwords (876)
  • Top Company Size: 11-50
  • Top Industry: Business & Professional Services and Finance & Insurance

Exploit: Exposed database.
Magen David Adom: The state of Israel’s aid and disaster relief organization.Risk to Small Business: 1.444 = ExtremeA large breach of medical and payment information is highly damaging to business and could take a significant amount of time to regain the trust of its clients.Individual Risk: 2.285 = Severe: Those affected by this breach will be at a high risk of identity theft.Customers Impacted: Not disclosed.How it Could Affect Your Customers’ BusinessThe negative impact of a breach of this nature could influence relationships with customers and other businesses for years to come.ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programsRisk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United States – Disqushttps://thehackernews.com/2017/10/disqus-comment-system-hacked.htmlExploit: Exposed DatabaseDisqus: A network community platform that allows users to blog or comment on other company’s websites. It can be installed as a plug-in or drop-in code. Disqus collects user data on the back end and allows companies to use this information for customer analytics, etc…Risk to Small Business: 2.4444 = Severe: Although roughly 1/3 of the 17.5 million records compromised involved passwords, they happened to be salted/hashed. The company also discovered and announced the breach in a quick manner and notified the affected customers.Individual Risk: 2.4286 = Severe: Those affected by this breach will be at a high risk of identity theft.Customers Impacted: 5.8 millionHow it Could Affect Your Customers’ BusinessThe breach involved a large number of customers; however, the database was from 2012 and most credentials could have already been changed. While this is damaging to Disqus’ reputation, they followed protocol and demonstrated how to do breach disclosure the proper way.ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
United States – Tumblrhttps://www.bleepingcomputer.com/news/security/tumblr-fixes-security-bug-that-leaked-private-account-info/Exploit: Bug.Tumblr: A popular blogging website.Risk to Small Business: 2 = Severe: While Tumblr deserves some credit for 1. Having a bug bounty program that resulted in catching this bug, and 2. Fixing the bug in less than 12 hours after it was discovered, many customers will not appreciate their personal information being leaked and will react accordingly. Tumblr’s timely response, disclosure of the breach, and its bug bounty program will likely reduce the impact on the business significantly.Individual Risk: 2.714 = Moderate: Email addresses were leaked so those affected by the breach are at a higher risk of spam.Customers Impacted: All of the ‘recommend blogs’ shown on Tumblr.How it Could Affect Your Customers’ BusinessA breach that exposes user information is always going to have a negative effect on business, but every organization should take a page out of Tumblr’s book here regarding their response to the event and how they discovered it. Customers lose trust in businesses that mishandle their information, but they also respect when a company is making a serious effort to locate vulnerabilities and can handle a problem when it arises with swift action.ID Agent to the Rescue:  Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programRisk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Hackers are Bundling Up This Fall.