Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Rapid Response - Exactis database vulnerability 340 million records (US)

June 2018 by Nico Fischbach, Global CTO, at Forcepoint

Following the news that marketing and data aggregation firm, Exactis exposed a database containing nearly 340 million individual records on a publicly accessible server, compromising close to two terabytes of data, please find a comment below from Nico Fischbach, Global CTO at Forcepoint.

Comments to be attributed to Nico Fischbach, Global CTO, at Forcepoint:

“Reports of the Exactis data leak are alarming, as the 340 million records leaked goes beyond typical credit card or social security numbers, and includes more than 400 variables on personal details that individuals assume aren’t made public including religion, pet ownership and shopping habits.

This highly sensitive data could be exploited by malicious actors to carry out a number of different types of attacks. For example, if an attacker combined this intel with data from the Equifax breach they could run human intelligent-type special operations attacks. It’s also a huge asset to criminals using impersonation as a tool for phishing. If an attacker wanted to get creative, he/she could use the data to guess passwords and secondary authentication questions such as “What was the name of your first dog?” Further as 110 million of the records pertain to businesses, criminals could utilize the data for spear-phishing campaigns aimed at data exfiltration.

Bottom line is, this is another example of users not following security hygiene best practices. In the case of Cambridge Analytica, attackers had to “steal” this type of profile data from Facebook but with Exactis, the data was publicly accessible on a server with weak or no authentication. This further underscores the need for enterprises to focus on knowing how their people (whether employees, customers or suppliers) interact with their data, have insight to risky activity and to think ahead on how vulnerabilities like this could be mitigated against, or prevented entirely.“


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts