Huge data breach at a U.S. chain, UN servers hacked and why your personal accounts need to be protected
Welcome to Cyber Security Today. It’s Friday January 31st. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
As last year closed news broke that a data breach had been discovered at the Wawa chain of 850 convenience stores and gas stations in the United States. Now we know how big it was: Security firm Gemini Advisory believes that 30 million payment card records promised this week for sale on an online criminal marketplace were from that theft. To start 100,000 records were put up for sale. This is just the beginning of the release of credit card data from a 10-month long theft at Wawa. It could turn out to be among the biggest in U.S. history.
An update on Wednesday’s podcast news that antivirus software maker Avast was quietly selling some data to marketers on what its users were doing online. After getting bad publicity the company said it is shutting down the subsidiary selling the data and laying off hundreds of employees. The chief executive admitted the news rightfully raised a lot of questions about his company.
United Nations servers in Geneva and Vienna were hacked last summer, according to a news site called The New Humanitarian. It has seen a confidential UN report on the attack. News is only coming out now because the UN kept quiet about it. But dozens of servers were hit, including systems with UN employee records and records at the UN high commission on human rights. The news report says that staff were asked to change their passwords, but they weren’t told why. While the UN doesn’t come under any country’s data breach notification laws, not telling employees their personal data might have been compromised is problematic. One staff member who spoke to the news site described the breach as a “major meltdown.”
Website administrators are still doing a poor job of keeping their sites secure. You might have figured this out already judging by the number of data breaches in the news. But a new report from website security provider Sucuri provides concrete evidence. Looking at data from its customers the company found lots of compromised websites. Common problems were poor administrator password protection, poor application patching and failure to keep on top of the latest plugins.
Finally, I often talk about the need to implement two-factor authentication in addition to a safe password on your important sites, like email, banks and social media. Here’s why: The personal Facebook account of an employee for an ad and marketing company called LiveRamp was hacked last fall. That allowed the attacker to get into the LiveRamp Business Manager account and then run ads for fake products on Facebook. News of this came out this week from CNET. It isn’t clear how many people were victimized. LiveRamp says it has a number of security features including password controls and multifactor authentication. But remember, this started with the hack of an employee’s personal Facebook account. So the lesson is a personal account can be used to get into your company’s systems if you’re not careful.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.