September 11, 2017

The Era of Accidental Breaches

Discovering an Era of Accidental Breaches: By Alberto Casares, 4iQ Breach Hunter

The former 6th Director of the FBI wasn’t just speaking in hyperbole. He was spot on, and we see it everyday.

Our team continuously scans the deep and dark web indexing known and unknown breaches. This allows us to alert clients when their sensitive information — credentials, documents, intellectual property — are exposed. Time is of the essence. The sooner organizations and individuals know about the breach, change credentials, and lockdown networks, the less damage occurs.

Consider this: Recently, the Federal Trade Commission posted a database of fake consumer data on a site frequently visited by hackers. It took criminals a mere nine minutes to access it. And there were 1,200 attempts to use it to pay for food, clothing, games, online dating memberships and who-knows-what.

Not all of the information available on the dark web starts out as stolen. Incredibly, much of it is exposed by accident — misconfigured server settings, unsecured backups and other accidents. The amount of information released this way is growing rapidly, in part due to the increasing number of cloud infrastructures. But whether the information is out there due to crooks or carelessness doesn’t matter much. If it isn’t secured quickly, it will be used for ill intent.

Everyday, we uncover countless instances of intentionally and unintentionally exposed information that the owners/victims are often unaware of and, consequently, are unable to do anything about.

We’ve recently uncovered unintentional exposures from an Indian shipping company, a residential building in Korea, a new shopping center planned in Malaysia, and health records in China.

Read the details of our breach findings in our  4iQ 4iQ Blog on MediumBlog Post