UK energy provider The People’s Energy this week suffered a data breach, allowing hackers to ransack their entire database; Including the names, addresses, date of birth and phone numbers of all 270,000 customers.
While most of those affected are unlikely to face any direct financial risk, having their data stolen does leave them more vulnerable to phishing attacks; However, if any of the People’s Energy clients happen to have used their work email address this can also leave their employer more vulnerable to attacks from hackers.
While the focus of data breaches is often on mistakes the company may have made with their cybersecurity and punishing them, there is often less thought on their clients details forever available on the Dark Web. Allowing hackers to use them for identity theft and Business Email Compromise.
This Unprecedented Year
Each year gives rise to a significant number of corporate data breaches, cyberattackers certainly have not given anyone a break this year.
Starting the year (actually, the evening of NYE 2019) foreign exchange service Travelex was taken offline for several months by a ransomware attack, coming back online just in time for the Covid-19 travel lockdown. MGM Resorts lost 142 million guests’ details, Manchester United Football Club had their internal systems taken offline, and even cybersecurity experts FireEye allowed attackers to make off with their internal penetration testing tools – reminiscent of when the Shadow Brokers raided the NSAs cybertool chest just prior to WannaCry.
Covve, a business relationship management (aka address book) app, left an unprotected database containing the names, job titles, email addresses, phone numbers, and addresses of 23 million individuals, which are now readily available on the Dark Web.
Highly popular collaboration and editing provider Nitro PDF had 1TB of documents exfiltrated from their cloud service. Nitro PDF is used by tens of thousands of business customers, including the likes of Google, Apple, Microsoft, Case and Citibank, and 1.8m licensed users.
What Came Before
You cannot discount the continuing vulnerability resulting from past data breeches including:
- Canva (2019) – This popular graphics design website suffered an attack that exposed emails, names, addresses, passwords, and Google OAuth tokens of 137 million users.
- Zynga games (2019) – 218 million user accounts for the players of games such as Farmville and Words with Friends had their emails, passwords and phone numbers exposed.
- My Fitness Pal (2018) – The 150 million Under Armor users of the exercise encouraging app had their email addresses, IP addresses and passwords released on the Dark Web.
- Ashley Madison (2015) – a group calling itself “The Impact Team” stole the user data from this extramarital affairs site, and released more than 60 gigabytes including names, home addresses, search history and credit card transaction records.
- LinkedIn (2012 & 2016) – Some 165 million professional social networkers had their email addresses and passwords were stolen by attackers and posted onto a Russian hacker forum.
- Adobe – Oct 2013 – Hackers stole 153 million Adobe user records including nearly 3 million encrypted customer credit card records.
Your Employees Credentials Have Been Compromised – Now What?
The reality is, once exposed on the Dark Web, your information cannot ever be completely removed or hidden. You cannot file a complaint or contact a support line to demand your data be removed.
Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data.
IT Genie offer businesses a free Dark Web scan to highlight your employee’s credentials available on the Dark Web and provide a custom corrective action plan for your business. Allowing you to adopt a more proactive and preventative approach to your business’ cybersecurity strategies moving forward.
Gain Peace of Mind with Our 100% Confidential Dark Web Reports – Request your free Dark Web report and Action Plan at www.itgenie.com/darkweb, by phone on 0345 0945 353 or email info@itgenie.com
