The Life Cycle of a Breached Database

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse. Continue reading The Life Cycle of a Breached Database

Dow Jones Watchlist of risky businesses exposed on public server

A company with access to the Dow Jones Watchlist of risky people and businesses left it on a public AWS server without a password. Continue reading Dow Jones Watchlist of risky businesses exposed on public server

Seven Must-Dos to Secure MySQL 8.0

Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security configuration and privilege abuse. Every new database … Continue reading Seven Must-Dos to Secure MySQL 8.0

Change your password! VoIP provider leaves huge database exposed online

A researcher has discovered an exposed database containing gigabytes of call logs, SMS data, and internal system credentials belonging to US Voice-over-IP (VoIP) service provider VOIPo.com. Continue reading Change your password! VoIP provider leaves huge database exposed online

Stolen details of 3.3m Hello Kitty fans – including kids – published online

A year after Sanrio promised that the records were safe, the database – including more than 186,000 children’s details – has appeared online Continue reading Stolen details of 3.3m Hello Kitty fans – including kids – published online

Millions of AdultFriendFinder user accounts hacked – again

One hacker is claiming to have stolen a database of 73 million users: a whole lot of details for a whole lot of people who’d rather keep that bedroom door closed. Continue reading Millions of AdultFriendFinder user accounts hacked – again