Bitglass spotlights 15 billion user names and passwords for sale

Top data security stories in recent weeks make for alarming reading, according to Bitglass executive Juan Lugo. The following breaches are among many that made headlines.

  • Bank details to streaming services – it’s all available on the Dark Web
  • North Korea linked to a recent cyber attack on US enterprises

.         TikTok mobile app on the verge of being banned over surveillance concerns

  • Serious security concerns over smartwatch tracker API vulnerability
  • Nearly 100k customers exposed in a leaky database belonging to a fitness platform

“From bank details to streaming services, it’s all available on the dark web,” says Lugo.

The dark web is inundated with over 15 billion user names and passwords to countless services, including banking details, network administrator accounts, antivirus software, streaming services and more, with many being offered free.

Many breaches lead to the illegal distribution of duplicate files, meaning that accounts are shared multiple times amongst cyber criminals. This makes it increasingly difficult to track stolen data, however my view is that there are still over five billion ‘unique’ accounts up for sale on the dark web, providing buyers with illegal and in many cases, free access to services.

North Korea is linked to a recent cyber attack on US enterprises. In recent years, payment card information has become a high ticket item for malicious actors scouring the web for innocent customers.

A hacker group based in North Korea has been effective in skimming sensitive information from the checkout page of large retailers in the US and Europe. These are known as MageCart attacks and threat actors rely on malicious scripts (web skimmers).

The hackers, which have been identified as the Lazarus (Hidden Cobra) group of nation-state hackers, use legitimate websites to exfiltrate credit card information and camouflage the attack.

TikTok concerns

TikTok and other Chinese apps are currently under scrutiny by the US government, as they are on the verge of being banned over security and surveillance concerns.

US government officials have pressing concerns about the potential mismanagement of user data, as the mobile application may have ties to a foreign government. The mobile platform has been under investigation due to allegations claiming that it had been secretly accessing user data from iPhone and iPad clipboards.

However, a spokesperson for the social platform stated that it was an inadvertent consequence of a spam filter.

Smartwatch tracker worries

New API vulnerabilities have come to light over a smartwatch tracker used in applications, including services designed for the support of the elderly and vulnerable.

The major security flaw was an unrestricted server-to-server API that could be used to hijack the SETracker service in ways that include changing device passwords, making calls, sending text messages, conducting surveillance, and accessing cameras embedded in devices. The findings were disclosed with the service provider, 3G Electronics, which promptly fixed the issue.

Fitness issues

A Las Vegas-based fitness company, V Shred, that offers workout plans for women and men, has exposed over 99k customers in an unsecured AWS S3 bucket. The firm claims to have clients in 119 countries, 12 million unique visitors to its website per month, and over 40,000 subscribers to its university program.

CSV files appearing to contain the information relating to both trainers and clients remain exposed. They include IDs, first and last names, email addresses, genders, and client email addresses. A V Shred team member has denied there was an issue with the exposure of PII.

To avoid being exposed to similar headlines, enterprises should consider leveraging a cloud access security broker (CASB) platform to protect their sensitive data.

The first step is to know where sensitive business data is, and how it is being accessed, especially with mobile and cloud applications outside the traditional firewall perimeter.

As escalating volumes of data are stored in the cloud and accessed by mobile and remote workers, SASE (Secure Access Service Edge) is a more cost effective, scalable and secure architecture to protect the modern enterprise from both such internal and external threats while ensuring an agile workforce that can leverage the latest devices, applications and cloud services to fast track business.