Loren Christopher Hanssen of MN is an InfoSec and identity theft protection expert. Here Mr. Hanssen weighs in on some disturbing leaks of recent news stories, highlighting why consumers need to by hypervigilant when it comes to protecting their online security.
Data breaches seem to be happening on a daily basis around the world. Corporations with a significant public footprint tend to receive the most media attention but consumers could just as easily be impacted by small businesses with poor PCI compliance or weak defenses against hacking and they need to respond appropriately.
Loren Christopher Hanssen notes that some primary considerations after hearing of a major data breach are:
- What information was leaked?
- Who now has access to this information?
- What can I do now to secure my account/data?
We take a look at several recent cyber-attacks around the world and consider their implications. Read below to learn more.
The Twitch Data Leak
The U.S. streaming service Twitch suffered a significant breach at the beginning of October 2021. This received considerable publicity and concern, as many Twitch users make payments to their favorite streamers through the platform. The fact that Amazon owns the corporation heightened concerns about how extensive this leak could be.
Twitch has publicly stated that it doesn’t store users’ credit card information, which doesn’t appear to have been the target of the hack. Mr. Hanssen reports that an anonymous hacker seemingly exploited a server error to acquire information that included:
- The platform’s internal code
- Internal Twitch documents
- Records of payouts the platform made to streamers over the past two years
As yet, there is no indication that users’ login data or financial records were targeted or acquired in the hack. However, the information released was labeled “part 1”, indicating that there may be more to come. So what was the purpose of the breach, and what use is the information leaked?
The primary concern is that the information included Twitch’s internal code and its digital footprint. This makes the platform extremely vulnerable to future malicious interference and is difficult for the company to fix. Twitch relies on users being willing to make financial transactions on the platform. If users fear that the website is vulnerable to hackers, they are far less likely to link their PayPal or credit card information to the site.
Another issue is that high-profile streamers are unlikely to be happy that their earnings on the platform are now in the public domain. The platform’s chat feature means that top streamers’ communities have been dominated by discussions of why fans bother donating to someone who is making (in some cases) millions of dollars per year.
With “part 2” perhaps around the corner, the platform can only scramble to protect itself against further attacks and sensitive information coming to light.
Personal Details of One Million Users of VPN Service Quickfox Leaked
Loren Christopher Hanssen reports that Chinese VPN service Quickfox suffered from a server misconfiguration that exposed personally identifiable information (PII) of over 1m users. The VPN is widely used by Chinese communities worldwide to access sites that are otherwise only available in mainland China, allowing communities to keep in touch.
The sensitive nature of accessing sites that are supposed to only be accessible within China means that users are concerned about the state gaining access to the information.
A more immediate concern is that fraudsters will likely use this information for phishing scams and cracking related users’ accounts on other sites.
A data breach that leaks PII is concerning because internet users use the same password for multiple sites. If an individual’s password for one site can be determined and associated with their other personal information (such as location, name, address), it’s easy for hackers to gain access to their accounts on other sites. This is why cybersecurity experts recommend never using the same password for 2 sites.
Neiman Marcus Suffered Huge Data Breach in 2020, Affecting 4.6 Million Customers
The U.S. retailer Neiman Marcus confirmed that it suffered a massive data breach in May 2020.
It only became aware of the breach in September 2021, which infuriated customers of the luxury retail brand. This was exacerbated by the fact that the breach included payment information from customers. Customers’ financial information was potentially in the hands of malicious parties for 17 months before the retailer realized what had happened.
Neiman Marcus insisted that the company did not store this information in a “readable form. Rather, encryption algorithms were used, meaning hackers stood a low chance of associating payment information with PII. It also stated in its press release that 85% of the payment and virtual gift card information was “old and invalid,” which raised some eyebrows in the cybersecurity community – why was the company still storing that information?
Understanding the impact of this breach on Neiman Marcus customers will take some time, but the news is deeply embarrassing for a company that takes pride in its luxury image and customer care.
Understanding Who Benefits and Who Suffers in a Data Breach is Essential
Data breaches at large firms are often headline news, but public literacy on the subject is still relatively poor. The data leaks of major consumer corporations often result in consequences for the individual – not just the hacked institution. By learning about large-scale breaches, consumers can better the personal impact and ways to prevent their online security.
