Data Breaches Don’t Discriminate
When applications are intentionally designed to secretly spy on unsuspecting users, it’s no great shame when the operators themselves experience a data breach that compromises their own information. Three stalkerware apps – phone monitoring apps which allow a user illicit access to a target’s personal data via the phone on which it is implanted – have recently been taken offline, along with their websites. Though often advertised as child protection software, they are also used to spy on others without knowledge or consent.
After exploiting the personal data of millions of users, the applications were subjected to the discovery of a common security flaw. A security researcher was able to use it to scrape 3.2 million email addresses of stalkerware customers, according to TechCrunch. An ironic twist that demonstrates what we’ve discussed in the past: how data breaches target all sectors, not exempting cybercrime, demanding cyber vigilance from businesses, healthcare, government and others still.
That said, it’s unclear what the actual reason for the closures was. If the flaw in question exposed the emails of all those who signed up, anyone could have uncovered it, and possibly even weaponized it against the trio. But this is all speculative. Perhaps it was simply TechCrunch’s spotlight on the breach that made the stalkers slip back into the shadows. Even their Amazon cloud storage was deleted. Last year, the spyware vendor pcTattletale went under after its own hacking incident, so it wouldn’t be unprecedented.
Meanwhile, another mega breach made headlines at the end of the month. Over 184 million passwords for Google, Microsoft, Facebook, Apple and more accounts were compromised, along with credentials for banks, healthcare and government portals. Again a data security researcher discovered a flaw in a file locked away in a database, which contained all this information. Well, I say locked away, but in fact it was just the opposite.
We’ve talked a good deal lately about the importance of encryption and not being caught in a breach without it, but the file in question here was yet another instance of unencrypted data. Pure plaintext, open to all eyes. Whether the database was a legitimate one or created for cyber crime reasons is still unclear, but the researcher also found evidence that malware was responsible for capturing the data, before contacting the hosting provider to remove it from public access.
No one is exempt from errors in data security judgment, as we can see. For the “good” actors, however, there can be no excuse for lapses. Data encryption, via such solutions as NetLib Security’s Encryptionizer, provides a robust layer of critical defense for this valuable resource, so that when other protections fail and the network is infiltrated, all the intruders will find is an illegible scramble. Across the physical, virtual and cloud environments, Encryptionizer locks down your data with minimal effect on performance. Headlines are rife with organizations that didn’t take advantage of these tools and bore the consequences: don’t become one of them.