Highly Publicized data breach in 2016: Phishing attack that resulted in Snapchat Employee Data Compromise.
Snapchat is a photo-video messaging app that gives users the opportunity to record videos, snap photos, add texts as well as drawing and send it to their friends and followers. (Betters, 2015).
The Incident
Snap Inc. formerly Snapchat Inc. was a victim of a phishing attack in the early months 2016, precisely February, 2016. On Sunday, 28th February, 2016, the company released statements on their blog posts apologizing to the snapchat employees about a phishing attack that left one of the employee of the company to inadvertently release payroll information of some of the present and past employees of the company.
According
…show more content…
The organization, through its blog post stated that it was sorting things out with the present and past employees affected by the scam by offering them free identity-theft insurance and monitoring for two years. The naivety of one of the employees has cost the organization a huge sum of money and also, brought the organization’s name into disrepute, because a lot of security conscious people might be conscious of having their information on Snapchat after the incident.
Major Vulnerabilities Disclosed in 2016
A critical MySQL Zero-Day Vulnerability of CVE-2016-6662 was discovered by a Researcher known as Dawid Golunski.
On the 12th of September, 2016, an independent Researcher at http://legalhackers.com known as Dawid Golunski released a research that shows several critical vulnerabilities with CVEID of CVE-2016-6662 in MySQL Database.
MySQL is a free and open source database that is adjudged to be the most popular databases because of its simplicity, robustness, delivery of high performance and scalable database applications. Startup companies, fastest growing companies as well as well as largest companies in the world all make use of MySQL databases, (Golunsky,
…show more content…
But as a form of temporary mitigation, the researcher suggested that users should endeavor to be certain that all MySQL users should NOT own any of the MySQL config files. He also implore the users of the database to create root-owned my.conf configuration files that are not in use. (Golunsky, 2016). On the 29th July, 2016, the vulnerability was reported to Oracle Corporation as well as MariaDB and PerconaDB that were also affected and by 30th August, 2016, MariaDB and PerconaDB and the database clones’ developer swiftly went on to develop the patches but somehow the patches got into public repositories and also fixed security which could notify attackers were also mentioned.
Unfortunately, the vendor, despite being in communication with the researcher via email, silently released the patches on the vulnerabilities without due notification to the researcher. The patches for the versions 5.7, 5.6 and 5.5 zero day vulnerabilities could be found on https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html, https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html, https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
Discovery of this virus divided scientist in two groups; the ones in favor of publication the virus and the ones are against the publication. According to Fouchier in the article “The Deadliest Virus” by Micheal Green, he says that if more people have access to it, it
This project definitely strengthened my belief that consumers and banks need to be more cautious when it comes to personal information like credit card numbers, email addresses, phone numbers, birthdays, or addresses. I also believe that the government should respond to this large data breach and have harsher laws, and more protection from fraud and identity theft for people that use credit cards. EMV and other technology should be put into effect in order to better protect consumers and their financial information and the economy.
A huge security breach happened at Equifax which exposed sensitive data like Social Security numbers and addresses. The customers don’t even know that their data has been breached. Equifax gets its data from credit card companies, banks, retailers and lenders sometimes without you knowing. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases. Equifax has created the website where
Just like any other security tool or software available, there are many different forms of vulnerability s...
Snapchat has around 30 million active monthly users, with many being in the 18 to 24 year age range. The ‘snap’ what Snapchat calls its private messages is derivative of the SMS text message and instant messaging applications. One of the most unique things about Snapchat is the ‘self-destructing’ feature for phot...
Snapchat is a revolutionary form of social media. Snapchat can be used for many different forms of communication. Snapchat can be used for communication, news, and making food. Learn a lot from snapchat especially how to make food, you know how there are Pinterest fails there is no such thing as a snapchat fail
According to Biz Carson (2017, p.1), there are approximately 158 million Snapchat users daily. That is a lot of information and content, such as photos, messages, videos, private information like addresses and more, for one company to hold. These self-destructing pictures are causing a majority of teenagers to think that it doesn’t matter what you share with others on the internet because it’s going to disappear and be gone forever. But does it actually just vanish? It gives people the confidence to send pictures and videos of themselves possibly doing illegal things or even pictures of their bodies without thinking that it could perhaps come back to you.
Against all expectation, when Sandia laboratories, an expert in global security have been informed about the serious attacks, they decided to pretend that nothing has happened. There was no official report written and Sandia withhold the crucial information. In my opinion, this decision could affect not only Sandia Laboratories and their employees, but the whole
The type of beauty that the Snapchat promotes seems to be governed by what the general public thinks of beauty. Consequently, the solution to this problem lies in changing how society thinks of beauty. Society and more specifically parents should encourage confidence within the younger generation within their appearance. But, since many young adolescent’s ideals of the body are influenced by the media, some changes in the media itself will be appropriate. To address this problem, France declared a law that any photoshopped images on the cover of the magazine need to come with a warning "photographie retouchée,"or retouched photograph (B.Lee).
Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.
The Serious Societal Concern of Data Breaching: Which Current laws address this issue and and Areas of Improvement and Concern Summary of Event and Data Breaching Amongst almost millions of others, I was one of the T-Mobile customers whose account had customer data stolen from it in 2014. My personal data including my birthday, home address, driver license number, and full name was amongst important information stolen. I was at that time, grateful that at least my credit card information was not retrieved by these hackers. What occurred was that T-Mobile, a mobile service provider, sends its customer’s data to Experian, who is responsible for checking each customer’s credit score, using this personal data to check if that client is a good
All this information that we naively post online can affect our personal life. Even though, Social networking sites do not pose much of a threat on physical security, but they can pose serious effects on information and operational security. Any personal information that is posted on social media networks can aid identity thieves. Many financial institutions use security questions such as date of birth, mother’s maiden name, and pets’ names, which are commonly posted by users on these social networks. Identity thieves also use illegitimate third-party applications and false connection requests to gain personal information. These applications may be in the form of games, quizzes, and questionnaires that are designed to provide assistance with
It had been seen that the data which was hacked by the hacker was exposed and base don information about more than 4.5 million people. This data breach was announced on Friday, the attackers obtained parts of the computer that contained individual and restorative data and information of the people. One of the most important things regarding the data breach was that it was not clear that whether the data and the information of the people have been collected and breached by the attackers (Morgenroth, 2017). Stephen Newman, general manager of Dambala, an Atlanta-based security firm, said it seemed unlikely. " Despite the fact that the University of California says there is no assurance that individual and restorative statements have been taken, the reality of the situation will undoubtedly be clear," he said.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
Now threats come in a multitude of shapes and sizes. Not many years ago intrusion attacks were done by youngsters having an all-night hack-a-thon with loads of Redbull. Now such attacks are carried out by organized groups. It is not that they are doing it just to prove something, the groups look to exploit all and any of your vulnerable spots to run drugs and exploit their data repository. This is also done to tamper with the data, in order to remove evidence or vice versa. Although there is not a sing...