Data Breaches of 2020 May Be Upscaling Beware!!
COVID 19 has made an unpredictable journey in both personal and professional lives. The halfway mark of 2020 has reached and also the online work from home dependency has become the new normalcy for many professionals and organizations. From Mid-size to big organizations to also start-up companies with e-commerce and mobile applications are on futuristic trends in the coming years ahead. Almost Online technologies and data information will become the new storm and data security will be a new fear. There is no doubt that many cybersecurity stories will make headlines in the coming days ahead.
How does a Data Breach Occur?
Cybercrime is a huge profitable industry for data attackers and continues to grow. Hackers are always on the go to seek personally identifiable information to steal money, damage identities or sell over the dark web. Data breaches can occur for a number of reasons, including accidental human error, but cyber-attacks are targeted typically in these four ways:
1) Manipulating system vulnerabilities: Outdated software can create a hole that allows a hacker to sneak malware on to a computer and steal all the data.
2) Weak Passwords: Weak and insecure user passwords are easier for hackers to guess and break the code.
3) Over the net downloads: While visiting a compromised web page or downloading an application, unintentionally a virus or malware can be downloaded and can take advantage of a browser, application or operating system that is out of date or is not secured.
4) Malware attacks by hackers: Hackers use spam and phishing email sources to trick the users into revealing their personal credentials, downloading malware attachments or directing users to uncompromised vulnerable websites. Email is a common way for malware to get stored on your computer or mobile devices. Fraud and unfamiliar source of email with links and attachments when opened can be infected with malware.
Dunzo Recent Data Breach Project – July 11, 2020
The recent data breach on Dunzo has something to teach businesses and consumers about how sensitive data is most likely to be exposed in 2020. Let’s talk about Dunzo major breach: what data was compromised, how it was exposed, and what we can learn from the story.
Dunzo Data Breaching – Security Update
Dunzo is an online delivery app for essential services having outlets over 6 cities in India to deliver essential goods and services. From using WhatsApp to the online platform, Dunzo built an all-encompassing platform that puts the user’s security and privacy at its core. Recently, the team identified a security breach that involved unauthorized access to one of their databases.
Investigation Results:
As soon they became aware of the breach, Dunzo launched an internal investigation to determine what happened.
• Their investigation so far suggested that the servers of a third party they worked with were compromised. This allowed the attacker to get unauthorized access and breached their database.
• This database only contained a user phone number and email address information. No payment information like credit card numbers was compromised as Dunzo do not store this data on their servers.
Steps taken to prevent Data Breach
The tech team at Dunzo had taken swift action to plug the security gap and added additional layers of security protocols to ensure that data is protected. Below are some of the immediate measures they had taken:
• Secured all their database and data stores from network and access standpoint
• Rotated all the access tokens and updated all passwords as a precautionary measure
• Tightened infrastructure security and closed all the vulnerable ports
• Reviewed and updated all access privileges to their system and infrastructure
• Enabled Firewall and Threat intelligence tool for even better monitoring
• Reviewed all the third-party plugins and integrations
• Enhanced their logging and tracing even further across various services to monitor and get alerted about any suspicious activity.
Conclusion
Conclusion: Based on their investigation, Dunzo learned that their user information was compromised and a quick step was taken to prevent the data breach. Dunzo, are committed to earning that trust from their users, every single day on every single order. Their teams worked on resolving and strengthening their security efforts. They also engaged with leading TSCM cybersecurity firms and experts to further strengthen their efforts to resolve the security breach and updated their users.
Data Breach at Intel Suffers 20GB of IP & Documents Leak on to Internet -6th Aug 2020
Intel the world’s biggest chipmaker today became the latest victim of a massive internal data breach, as roughly 20GB of IP and various Intel documents began showing up a data cache uploaded on to the Internet. With enormous data information and materials spanning over a decade, the data breach reported everything from Intel presentation templates to BIOS code and debugging tools which represents one of the biggest intellectual property leaks in years.
Responding to this data leak, Intel has issued a brief statement to the press that the investigation is going on and they acknowledge and believe it came from the Intel Resource and Design Center, a secure Intel repository for third-party partners to access various confidential documents and schematics. We believe an individual with access downloaded and shared this data. While Kottmann claims that the leak has a wide collection of various intel confidential and NDA’d documents and tools, thus while no one has reported finding anything as sensitive as Intel CPU or GPU design schematics – which is consistent with the claim that it originated from Intel’s Resource and Design Center. Never the less, the material in the leak seems to be quite valuable and potentially very damaging in the long run. Firmware blobs are interesting as these would be reverse engineered to extract useful information that could contain significant information.
This leak is likely to cast doubt upon all future Intel leaks. The inclusion of the company’s presentation templates would mean that it’s now trivial to generate fake, but similar-looking intel roadmaps and presentations. These materials are regularly faked and now it will get easier than ever to do so. Kottmann’s claims, it would seem that this is just the start of a run of leaks for Intel. While this investigation no doubt Intel will be doing everything possible to stop the process or whether they have any legal power to do so remains to be seen ahead.