Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Comment from Skurio: MeetMindful data dump

January 2021 by Jeremy Hendy CEO, Skurio

Following the news that user records from dating site MeetMindful have been published on a hacking forum, Skurio CEO Jeremy Hendy comments the following:

“Business can be forgiven for thinking that data breaches from dating sites don’t affect them, and for the most part this is true. There are, however, two situations where this can be an issue that security professionals should be aware of and have a plan for dealing with if they occur.

It the first instance, it can happen that a member of staff uses a business email address for registering for non-business services. They may, for example, use a corporate account to conceal their activities from people that have access to a personal email account. It is important to have a clear policy regarding this, and this policy should be effectively shared and understood. If a staff email address has been included in this kind of breach, it’s critical that you know as soon as possible – especially if passwords are included. Having the ability to monitor for data on forums, markets and sites where data dumps are typically shared or traded is an easy way to ensure this. Any breach notification should, of course, be handled with discretion and this is why solutions may withhold sensitive breach details.

The second concern is the protection of targeted individuals. When sensitive data or communications about a CEO of a multi-billion-dollar organisation are leaked – it certainly makes the headlines, but executives of much smaller organisations are increasingly targeted. New pandemic-induced remote working practices have made payment diversion and other fraudulent activities like blackmail which require CEO or CFO details more attractive. Obtaining a personal mobile number or an unguarded password can unlock corporate systems or social media accounts in order to impersonate an individual or give access to details which could be used for blackmailing attempts. Organisations with concerns in this area are adopting digital risk protection services for their VIPs - not to spy on them, but to ensure sensitive information is not available to individuals who can use it for malicious purposes”.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts