To mitigate risk, both developers and users must include security principles and technologies as core foundations in new devices. Read More
Related Posts
Massive boAt Data Breach: 7.5 Million Customers Data Exposed
Massive boAt Data Breach: 7.5 Million Customers Data Exposed
[[{“value”:”
Personal data belonging to over 7.5 million customers of boAt, a leading Indian consumer electronics brand, has been compromised and is now circulating on the dark web.
This breach has exposed many personally identifiable information (PII), posing significant risks to affected customers and raising serious concerns about the company’s data security measures.
Overview of the Breach
A hacker known as ShopifyGUY is responsible for data leaks.
On April 5, ShopifyGUY claimed to have breached boAt Lifestyle’s database, dumping approximately 2GB of data containing PII of 7,550,000 customers.
This information includes names, addresses, contact numbers, email IDs, and customer IDs, among other sensitive details.
Forbes India has confirmed the authenticity of the breach by contacting several boAt customers, who verified their recent purchases and the accuracy of the leaked data.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
Impact on Customers
The exposure of such a vast amount of personal data has far-reaching implications for the affected individuals.
According to Threat Intelligence Researcher Saumay Srivastava, customers are now at an increased risk of financial fraud, phishing scams, and identity theft.
Sophisticated social engineering attacks could exploit the leaked information, leading to unauthorized access to bank accounts and fraudulent transactions.
Daily Dark Web, a cybersecurity reporting platform, has recently tweeted about a significant data breach allegedly affecting boAt Lifestyle India.
Alleged boAt Lifestyle India Customer Data Breach: 7.55 Million Records Exposed https://t.co/mCJpKI6itD pic.twitter.com/vbIGMyL0dQ
— Daily Dark Web (@DailyDarkWeb) April 6, 2024
The breach threatens customer privacy and poses significant challenges for boAt Lifestyle.
The company faces potential legal consequences, reputational damage, and a loss of customer trust.
As highlighted by Srivastava, this incident underscores the critical need for robust security practices to prevent future breaches.
Despite attempts, boAt Lifestyle has yet to respond to the breach.
Realistic Company Response and Security Measures
Security experts emphasize the importance of a transparent and proactive response from boAt.
Yash Kadakia, founder of Security Brigade, suggests that the company should immediately notify all affected users, thoroughly investigate the breach’s scope, and overhaul its security protocols to mitigate future risks.
However, there is concern that the company may not take these necessary steps.
The leaked data is reportedly available for purchase on dark web forums for a nominal fee, making it accessible to a wide range of malicious actors.
This situation highlights the urgent need for companies to prioritize data security and protect their customers’ information.
The boAt data breach is a stark reminder of the vulnerabilities in digital data storage and the importance of cybersecurity.
As the company grapples with the fallout, the incident should prompt a broader industry-wide reflection on data protection practices and the need for stringent security measures to safeguard consumer information in the digital age.
Secure your emails in a heartbeat! Take Trustifi’s free 30-second assessment and get matched with your ideal email security vendor – Try Here
The post Massive boAt Data Breach: 7.5 Million Customers Data Exposed appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Automattic blocks WP Engine’s access to WordPress resources
Automattic blocks WP Engine’s access to WordPress resources
WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform, urging impacted users to choose other hosting providers. […] Read More
Huge Surge In Attacks Exploiting User Credentials To Hack Enterprises
Huge Surge In Attacks Exploiting User Credentials To Hack Enterprises
[[{“value”:”
There are currently billions of compromised credentials available on the Dark Web, making it the easiest route for criminals to exploit legitimate accounts.
Info-stealing malware, which is meant to obtain personally identifiable information such as email addresses, passwords for social networking and messaging apps, bank account information, cryptocurrency wallet data, and more, is expected to increase 266% in 2023.
This indicates that attackers were investing greater resources in identity theft.
Major attacks triggered by attackers using legitimate accounts required approximately 200% more sophisticated response procedures from security teams than the average incident, with defenders having to discern between legitimate and malicious user behavior on the network.
This extensive monitoring of users’ online behavior was made clear when the FBI and European law enforcement took down a global criminal forum in April 2023, gathering the login credentials of over 80 million accounts.
Threats based on identity will probably keep increasing as long as adversaries use generative AI to make their attacks more effective.
“In 2023, we observed over 800,000 posts on AI and GPT across Dark Web forums, reaffirming these innovations have caught cybercriminals attention and interest”, the X-Force Threat Intelligence team said.
Document
Analyse Shopisticated Malware with ANY.RUN
Try ANY.RUN Yourself with a 14-day Free Trial
More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..
Targeting Critical Infrastructure Organizations
Critical infrastructure firms were the target of roughly 70% of attacks. This is a concerning statistic that shows that cybercriminals are betting on these high-value targets’ requirements for uptime to achieve their goals.
Phishing emails, the use of legitimate accounts, and the exploitation of public-facing applications were the causes of over 85% of the attacks.
With DHS CISA reporting that most successful attacks against government agencies, critical infrastructure companies, and state-level government bodies in 2022 featured the use of legitimate accounts, the latter presents a higher risk to the industry.
The report also mentions that the security industry’s traditional view of “basic security” may not be as feasible, as evidenced by the fact that compromise could have been avoided in approximately 85% of attacks on important sectors through the use of patching, multi-factor authentication, or least-privilege principles.
Exploitation Of User Identities Poses Serious Threat To Organizations
“Our findings reveal that identity is increasingly being weaponized against enterprises, exploiting valid accounts and compromising credentials.
It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.” reads the report.
According to the data, a startling 50% of cyberattacks in the UK started by using legitimate accounts as the attack vector, and another 25% of cases included using public-facing applications.
According to IBM, attacks resulting from the use of legitimate accounts increased 66% in Europe between the previous year and 2023, making the region the most targeted globally.
The report highlights that nearly a percent of cyberattacks rely on legitimate accounts to gain initial access, which poses serious obstacles to organizations’ efforts to recover.
Businesses need to take a strategic strategy to counter this danger, incorporating contemporary security practices to reduce risks and fortify their defenses against the always-changing field of cyberattacks.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Huge Surge In Attacks Exploiting User Credentials To Hack Enterprises appeared first on Cyber Security News.
“}]] Read More
Cyber Security News