News
Hackers steal 45 million records from home and tech forums - expert comment
June 2016 by Farshad Ghazi, global product manager at HPE Security - Data Security
It’s been reported that hackers have stolen information relating to around 45 million accounts from VerticalScope, a Canadian media company that runs numerous support forums on various topics. Over 1,000 support forums and online community websites on home, tech and sports have been breached as a result of the hack, leaving millions of users’ records exposed.
See below for comment from Farshad Ghazi, global product manager at HPE Security - Data Security. Feel free to use it in any stories you may be writing.
“The VerticalScope data breach is yet another example that organisations must follow best practices of encrypting all sensitive personal data as it enters a system, at rest, in use and in motion. The ability to neutralise a breach by rendering data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure.
Hackers will steal anything of value and this story is no exception. Data has high value to attackers, and even though the information for sale on the black market is several years old, it can still be used for social engineering attacks for spearphishing to attempt to gain access to deeper systems with even more lucrative data that can be monetised directly if stolen.
We have a saying in security, it’s not a matter of if a breach will happen, but when. Beyond the threat to sensitive data, companies need to be concerned with the impact a data breach can have on their reputation and, ultimately, on their bottom line. A data-centric approach to security is the industry-accepted cornerstone needed to allow companies to mitigate the risk and impact of cyberattacks and other attempts to get this sensitive information.
End-to-end encryption, a key data-centric security technology, protects data at rest, in use and in motion – thereby minimising any clear data exposure and ensuring attackers get nothing of value when they do penetrate systems. The ability to render data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure.
Cyber criminals today are motivated to steal personal data, as well as enterprise data, intellectual property and employee or customer information. Hackers are always looking for a way to exploit a system in a way that they can then turn stolen data into cold, hard cash. As this attack points out, there is a clear need to protect personal information like name, full address, phone number and email address so that criminals can’t use the information to open bogus accounts, sell it for use in more targeted larger-scale spear-phishing, or even to steal identities.”
