Photography has been a hobby for decades. People take pictures on vacation, of their friends,
pets, and virtually everything else. For special events, e.g. a wedding, graduation, or other events,
they may hire a professional to not only take but also print the pictures with quality paper.
pets, and virtually everything else. For special events, e.g. a wedding, graduation, or other events,
they may hire a professional to not only take but also print the pictures with quality paper.
Target
In this instance, the Target was 500px. This is a photography website used, among other
services, to store portfolios. The breach occurred at approximately Jul 5, 2018. This directly
affected 14,870,304 of the service’s user accounts, or nearly all the accounts. Put another
way, if the user had an account on or before July 5, 2018, they were impacted.
services, to store portfolios. The breach occurred at approximately Jul 5, 2018. This directly
affected 14,870,304 of the service’s user accounts, or nearly all the accounts. Put another
way, if the user had an account on or before July 5, 2018, they were impacted.
Attack
The organization was the victim of a successful attack, breach, and compromise. The data
exfiltrated included names, user names, email addresses, birth date if the user provided it,
city, state, country, and gender. This data is easily sold or otherwise used maliciously. This
could be easily sold, used by the attackers, or simply used for credential stuffing attacks.
exfiltrated included names, user names, email addresses, birth date if the user provided it,
city, state, country, and gender. This data is easily sold or otherwise used maliciously. This
could be easily sold, used by the attackers, or simply used for credential stuffing attacks.
???
The timing seems unique for the breach and detection. The detection appears to have taken
nearly 7.3 months to notice. This seems a bit long for any timeline. Seemingly any SIEM
would have detected not only the unauthorized IP, but also the mass amount of data being
floated from the organization. Nearly 15M users involves a mass amount of data. Also,
the organization did not indicate how the attack happened. By now, the hole or vulnerability
would have been fixed at this point. The publication would not have hurt the organization.
Management could have disclosed something about, even at a high level, a successful attack.
nearly 7.3 months to notice. This seems a bit long for any timeline. Seemingly any SIEM
would have detected not only the unauthorized IP, but also the mass amount of data being
floated from the organization. Nearly 15M users involves a mass amount of data. Also,
the organization did not indicate how the attack happened. By now, the hole or vulnerability
would have been fixed at this point. The publication would not have hurt the organization.
Management could have disclosed something about, even at a high level, a successful attack.
Remediation
There was a password reset for the 14.8M affected users. To correct this required a mass
amount of time, which was compounded by calls from the users questioning what happened.
amount of time, which was compounded by calls from the users questioning what happened.
Resources
Digital Trends. (2019, February). 500px reveals almost 15 million users are caught up in
security breach. Retrieved from
https://www.digitaltrends.com/computing/500px-almost-15-million-users-caught-up-in-security-breach/
security breach. Retrieved from
https://www.digitaltrends.com/computing/500px-almost-15-million-users-caught-up-in-security-breach/
Dunn, J.E. (2019, February 15). Photography site 500px resets 14.8 million passwords after
data breach. Retrieved from https://nakedsecurity.sophos.com/2019/02/15/photography-site-600px-resets-14-8-million-passwords-after-data-breach/
data breach. Retrieved from https://nakedsecurity.sophos.com/2019/02/15/photography-site-600px-resets-14-8-million-passwords-after-data-breach/
Page, C. (2019, February 13). 500px confirms 2018 data breach that exposed data on
15 million users. Retrieved from https://www.theinquirer.net/inquirer/news/3070980/500px-data-breach
15 million users. Retrieved from https://www.theinquirer.net/inquirer/news/3070980/500px-data-breach
No comments:
Post a Comment