U of U Compromises-Uh Oh

The University system tends to focus on research in specific disciplines. These may be business, psychology, sociology, criminal justice, medical, or any of the other areas within the University system. While the staff is fulfilling their tasks, the IT area of operations is continuously working to detect attacks and put in place mitigations to reduce the opportunity for a breach. This is a daunting task for many reasons. One such target was the University of Utah Health system. The organization was unfortunately breached at least twice recently.

Attack

The system is deluged with attacks and the beginning stages of attacks, just like any other medical facility. Unfortunately, two of these recently were successful.

The first was from January 22 through February 27, 2020. This successful attack was focused on email accounts. During this period there was an unauthorized access to a portion of the University of Utah Health staff email accounts. This was accomplished through the infamous phishing attack. This attack vector is so successful with such little capital or effort, this is bound to not slow down.

The second known successful attack was in the form of malware on a system. This was detected on February 3, 2020. Once this was found, the University of Utah Health contacted a third-party cybersecurity organization to assist them with the investigation. This investigation noted the malware may have been able to access a portion of the patient’s data, which was located in the respective employee’s email.

Data

With both of these noted successful attacks, the commonality was an unauthorized access to patient data. With these breach instances, the patient data may have included the patient name, date of birth, medical record numbers, and a limited amount of treatment information.

Post-Attack Actions

The investigation into the attack was not a simple review of logs. The compromises were alleged of a complex nature and of a highly technical nature. This is not an unusual statement by the University of Utah Health. If they were to state the attack was exceptionally simple, the management would be having additional issues from many other parties, including potentially the federal government, attorneys, and others.

The organization is also mailing letters to the affected patients. This is the standard protocol. To lower the potential for this to occur again, the organization is updating InfoSec procedures with the employees. This may or may not be successful, based on the implementation. If after a few months, the management does not reinforce the idea of cybersecurity, any lessons learned will fall by the wayside.

Looking Forward

This is yet another case of where training needs to be done through the year, insightful, and have some level of entertainment. Without this in place, the organizations will continue to be reactive post-breach, instead of pro-active to minimize the potential for a breach. Having known the method for the phishing attack would have been a great step forward. The industry could have learned from this and tailored other’s training to avoid this issue.

Resources

Bennett, L. (2020, March 21). University of Utah health says some patients’ data compromised in ‘phishing’ security breach. Retrieved from https://www.ksl.com/article/46732931/university-of-utah-health-says-some-patients-data-compromised-in-phishing-security-breach

DeWitt, K. (2020, March 20). U of U health announces phishing schemes caused unauthorized access to some employee accounts. Retrieved from https://www.abc4.com/news/top-stories/u-of-u-health-announces-phishing-schemes-caused-unauthorized-access-to-some-employee-email-accounts/

Roberts, A. (2020, March 21). Hacked: Some patient information compromised in U of U Health breach. Retrieved from https://kutv.com/news/local/some-u-of-u-health-patient-information-may-be-compromised-in-data-breach

Hospital pwned!

Hospitals are located throughout the country, and now more than ever are especially operationally stressed. As part of the intake process, the hospitals have to take in patient data. This accumulates rapidly. The hospitals hold a mass amount of patient data. The data grows daily. This data, while it does take space on the servers, also holds value for the bad actors looking to act maliciously with this. There are various tools the attackers can use in order to compromise a system. Munson Healthcare found this out the hard way.

Munson Healthcare

 Munson Healthcare is based in Traverse City, MI. Munson Healthcare operates Munson Healthcare Charlevoix Hospital. This is northern Michigan’s largest health care system. In addition to the Munson Healthcare Charlevoix Hospital, the firm also operations hospitals in Cadillac, Grayling, Kalkaska, St. Ignace, Manistee, Gaylord, and Frankfort.

Attack

After some time, the IT department began to notice certain issues with the email system in January 2020. There was a bit of suspicious activity within the system, which led to further investigation. The IT department detected the root of the issue. The email system had been compromised.

The attackers used the tried and true phishing technique. The attack has such low overhead and ease of use, there is no surprise this was used and was successful. In this case, the victims were actually more than what may normally be encountered. Here, 29 employees took the hook and clicked on a link or opened an attachment they should not have.

As indicated, the phishing attack was successful. The attackers had their unauthorized access from July 31 to October 22, 2019, or over 2.5 months. During this time, the attackers had unfettered access and had the ability to access to patient data. It is surprising it took nearly three months for the IT department to detect the issue. Upon the detection, the healthcare organization contracted with third-party cybersecurity professionals to investigate the breach.

Data

The healthcare facility was not sure how many patients were affected by the breach. The actual number, per the estimate from Munson, is the number is in the hundreds for the affected patients. The patient data may have included the patient names, date of birth, health insurance information, and treatment. The patient data was in the affected employee’s email accounts.

In a limited number of the affected patients, there may also have leaked the financial account numbers, driver’s license numbers, and social security numbers. The limited sample from the overall breached records is much more serious as the data included is more useful when used with the other data.

Post-Attack Actions

Obviously, this is not the optimal circumstance for the healthcare organization. As this included patient data, they had the opportunity to learn from this and report the breach to the U.S. Department of Health and Human Services per HIPAA. In addition to reporting this, the organization also is providing a credit monitoring service for the patients whose social security numbers were included with the compromise.

Internally, Munson Healthcare also had their employees undergo additional cybersecurity training. While this is a step in the right direction, this is a false hope for the future if not implemented correctly. A one-off training this year, and returning to the same routine of the single, annual training where a portion of the employee’s eyes glaze over, while the remainder eyes are trained on their cell phone paying attention to everything except for the presentation.

As for the infrastructure, the IT department has implemented additional cybersecurity measures. Given what occurred, this is a natural extension.

Looking Forward

This is yet another case of where training needs to be done through the year, insightful, and have some level of entertainment. Without this in place, the organizations will continue to be reactive post-breach, instead of pro-active to minimize the potential for a breach.

Resources

Foley, S. (2020, February 29). Munson healthcare notifies patients of data security incident. Retrieved from https://www.cheboygannews.com/news/20200229/munson-healthcare-notifies-patients-of-data-security-incident

Garrity, M. (2020, February 27). 20 michigan Health system employees fall victim to phishing attack, exposing patient data. Retrieved from https://www.beckershospitalreview.com/cybersecurity/29-michigan-health-system-employees-fall-victim-to-phishing-attack-exposing-patient-data.html

Newsbreak. (2020). 20 michigan health system employees fall victim to phishing attack, exposing patient data. Retrieved from https://www.newsbreak.com/news/0OGRRIqF/29-michigan-health-system-employees-fall-victim-to-phishing-attack-exposing-patient-data

Usher, K.H. (2020, February 27). Data breach at munson leaks patient records. Retrieved from https://www.cadillacnews.com/news/data-breach-at-munson-leaks-patient-records/article_661d3882-0b76-51d2-a309-26b7f11eea4e.html

Winant, D. (2020, February 28). 29 michigan health system employees fall victim to phishing attack, exposing patient data. Retrieved from https://seclists.org/dataloss/2020/q1/176

Key fobs at risk

Key fobs at risk

Charles Parker, II

#

A decade ago, breaking into a vehicle was a relatively easy manual process. As technology improved, there was an increase in the technology implemented in the vehicle. We are to the point where the vehicle is a computer on wheels. This will even be more the case once automotive ethernet is implemented through the vehicle manufacturers.

To remove the opportunity for the theft a new technology was placed in the vehicle-the immobilizers. This reduced the number of key fob attacks by removing relay attacks from the attack surface. These required the attacker to be within the range of the original key.

Cryptography Applied to the Key Fob

The key fobs added a cryptographic function to the unlocking device. The attacker could not simply sniff the key fob communicating with the vehicle and replay the signal to break into the vehicle. The cryptographic function instead worked to scramble the key fob communication.

New Attack

The attack-defense cycle was at work here. The defense (the manufacturer) created a cybersecurity feature to stop the attacks. The attackers viewed this, reverse engineered the process, and created a new attack circumventing the cybersecurity feature. This instance was no different. The attackers grasped the idea of breaking through the feature with the key fobs, researched the idea, and reverse-engineered the process.

The researchers purchased a few immobilizer electronic control units from eBay. With these secured, the researchers were able to reverse engineer the firmware located within the key fobs. The purpose of this was to analyze the method of communication between the key fob and vehicle.

The analysis indicated the key used was very easy to crack. This used Texas Instruments DST80 encryption to secure communication. This normally would not be a significant detriment; however, the manufacturer’s implementation was the issue. For instance, the Toyota implementation was based on the serial number. What made this worse was if someone were to scan this with an RFID reader, it showed the serial number. This portion of the research was not difficult to complete. The RFID readers are for sale on Amazon for under $30. Working with these is not complicated.

Another example involved Kia and Hyundai. These manufacturers used 24 bits of random character rather than the 80 bits the DST80 offers. To put this in perspective the 24 bits used could be cracked with a laptop in a few milliseconds. Unfortunately, the rationale for not using the greater number of bits is unknown. Perhaps this was for a cost or processing time savings.

With either attack, once you have the cryptographic key, unlocking the vehicle and doing as you wish is not a far stretch of the imagination. The only other addition to the attack is the person needs to be able to turn the ignition. This may be bypassed using old-school technology (e.g. screwdriver or hot-wiring).

This was a rather significant decrease in cybersecurity applied to the key fob-vehicle communication process. This is much like cybersecurity retreating to the 1980s.

Application

This serious vulnerability is not applicable to all the models for the three automakers. This issue is applicable to older models. While this is positive, this still has the other vehicles at risk of theft and other malicious actions.

This does, however, affect many models. To show the extent, following is the listing:

Toyota                 Auris                     2009-2013

                              Camry                  2010-2013

                              Corolla                 2010-2014

                              FJ Cruiser             2011-2016

                              Fortuner              2009-2015

                              Hiace                    2010+

                              Highlander          2008-2013

                              Land Cruiser       2009-2015

                              RAV4                    2011-2012         

                              Urban Cruiser     2010-2014

                              Yaris                     2011-2013

Kia                         Ceed                     2012+

                              Carens                  2014

                              Rio                        2011-2017

                              Soul                      2013+

                              Optima                 2013-2015

                              Picanto                2011+

Hyundai               I10                        2008+

                              I20                        2009+

                              Veloster               2010+

                              IX20                      2016

                              I40                        2013

What did we learn?

Over time, security should improve. The attackers are not limiting their attacks or type of technology used for the attacks. They certainly are not moving backward in their attack plans. For the cryptography to be used in the format as it was is not appropriate. The cybersecurity needs to be at least matched, however, it should be optimized against the known and future attacks. This is done through testing and forward-looking cybersecurity architecture.

Cybersecurity needs to be built into the product from the beginning of the project. With this in place, the project’s timeline and costs are kept inline. Having to re-engineer, approve, and retrain staff is a costly venture.

Resources

Ansari, U. (2020, March 6). Poor car keys encryption: Hackers can clone millions of toyota, kia and Hyundai keys. Retrieved from https://www.carspiritpk.com/2020/03/poor-car-keys-encryption-hackers-can-clone-millions-of-toyota-kia-and-hyundai-keys/

E&T. (2020, March 6). Millions of cars’ anti-theft systems vulnerable to hacking. Retrieved from https://eandt.theiet.org/content/articles/2020/03/millions-of-cars-anti-theft-systems-vulnerable-to-hacking/

Greenberg, A. (2020, March 5). Hackers can clone millions of toyota, Hyundai, and kia keys. Retrieved from https://www.wired.com/story/hackers-can-clone-millions-of-toyota-hyundai-kia-keys/

Greenberg, A. (2020, March 7). Hackers can clone millions of toyota, Hyundai, and kia keys. Retrieved from https://arstechnica.com/cars/2020/03/hackers-can-clone-millions-of-toyota-hyundai-and-kia-keys/?comments=1

McClain, S. (2020, March 7). Hackers can clone millions of toyota, Hyundai, and kia keys. Retrieved from https://mashviral.com/hackers-can-clone-millions-of-toyota-hyundai-and-kia-keys/

McKay, T. (2020, March 5). Encryption flaws leave millions of toyota, kia, and Hyundai cars vulnerable to key cloning. Retrieved from https://gizmodo.com/encryption-flaws-leave-millions-of-toyota-kia-and-hyu-1842132716

Whazup. (2020, March 7). Hackers can clone millions of toyota, Hyundai, and kia keys. Retrieved from https://www.wazupnaija.com/hackers-can-clone-millions-of-toyota-hyundai-and-kia-keys/

Wouters, L, Van den Herrewegen, J., Garcia, F.D., Oswald, D., Gierlichs, B., & Prencel, B. (2020). Dismantling DST80-based immobilizer systems. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(2), 99-127. Doi:10.13154/tches.v2020.12.99-127

Zendesk will need to meditate after this one: Pwned!

Zendesk is a cloud-based ticketing platform widely used. There are 145k customers across 160 countries. With the issue, there are Zendesk “customers” who are companies who have contracted with Zendesk and have embedded their software for customer chat and support ticketing system into the customer’s websites. There are also agents who are the employees of these companies, who are actively managing the tickets and answering the user’s chats.

Breach

Zendesk was breached in November 2016.  This, unfortunately, happens all too often in this day and age. The issue is this was announced in early October 2019. Zendesk stated they just detected the breach on September 24, 2019. Somehow the unauthorized third party was able to compromise the parameter and breach their systems and maintain a presence for nearly three years, unknown and undetected. The circumstances beg the question, how did other organizations accomplish for so long?

To add to this, Zendesk was alerted by a third party of the compromise, per their Updated Notice Regarding the 2016 Security Incident. Both of these combined make one wonder what the cybersecurity team was doing instead of monitoring their logs, operations, etc.

This does sound bad, and it clearly is, however, this goes beyond the normal level of breach. This also lists its customers like Airbnb, Slack, Uber, Shopify, Tesco, and OpenTable.

There are a number of open questions at this time. One of which involves the attacker’s access. Were they able to move laterally whenever they wanted, accessing everything, and only part of the attack was published? The company website noted the company follows industry standards as this relates to storage. While that sounds great, what would this really mean in simple English?

Data

Email addresses, names, and phone numbers of agents (employees of the companies that work with the Zendesk software for ticketing and chats with users) and end-users of certain Zendesk products were included in the compromise. Also, agent and end-user passwords (these were hashed and salted), TLS encryption keys for approximately 700 clients, configuration settings of apps installed from the Zendesk app marketplace or private applications. These were in a database, which the attackers were able to gain access to. Thus, there was PII involved with the compromise, which did not help the situation much.

The data affected was for tens of thousands of persons. On September 24, 2019, they identified nearly 15k Zendesk Support and Chat accounts affected by this. Later, approximately 7k customer accounts, some no longer active, had their authentication information accessed.

Post-Compromise

The attackers did access 10k passwords. While this is a detriment, Zendesk noted they detected no evidence that the passwords were used in a malicious manner.

Zendesk appreciates the level of error this involves. To address this, they have expanded their single sign-on (SSO) and multi-factor authentication across their workspaces increased their security monitoring and logging, increased security scanning at the application level and corporate enterprise. Zendesk is also expanding its third party testing. This should definitely assist with the prevention of future issues.

Zendesk also has contacted law enforcement, naturally, and forensic experts to help with the breach investigation.

There have been financial repercussions from this also. Zendesk (NYSE: ZEN) lost approximately 4% of its stock value the day after the disclosure. The markets watch this type of activity closely in the short term.

Notification

Of all their clients, the affected sample is, fortunately, a small ratio of their entire customer base. This could easily have been much worse.

Given the magnitude and depth of the breach, Zendesk was required to notify the affected parties. This was done with the mass number of emails. Zendesk also plans on a large password reset for the users in the system prior to November 1, 2016. This is a massive task. There are going to be many, many calls to the IT Help Desk from the affected parties. Fortunately, if anyone had changed their password since the breach or who have been using the single sign-on (SSO) are exempt from this. This will reduce the potential call-load for complaints and questions.

Not the first rodeo

Usually, a company gets pwned once at this scale and there are no issues heard for a long-long time. Well, this isn’t Zendesk’s first incident with this type of issue. Zendesk was also successfully attacked in 2013. This breach affected Twitter, Tumblr, and Pinterest.

Resources

Betz, B. (2019, October 2). Zendesk -4% after disclosing data breach. Retrieved from https://seekingalpha.com/news/3503496-zendeskminus-4-after-disclosing-data-breach

Cimpanu, C. (2019, October 12). Zendesk discloses 2016 data breach. Retrieved from https://www.zdnet.com/article/zendesk-discloses-2016-data-breach/

Daniel, E. (2019, October 22). Zendesk-Discloses 2016 data breach after three years. Retrieved from https://medium.com/datadriveninvestor/zendesk-discloses-2016data-breach-after=three-years-i-e-on-september-24-2019-820d14d14fa0bea

Duran. (2019, October 3). Zendesk reveals that a data breach affected the emails and passwords of 10,000 users in 2016. Retrieved from https://www.cyclonis.com/zendesk-reveals-data-breach-affected-emails-passwords-10000-users-2016/

Gatlan, S. (2019, October 2). Zendesk security breach may impact orgs like uber, slack, and fcc. Retrieved from https://www.bleepingcomputer.com/news/security/zendesk-security-breach-may-impact-orgs-like-uber-slack-and-fcc/

Hashim, A. (2019, October 3). Zendesk alerts users of data breach that occurred in 2016! Retrieved from https://latesthackingnews.com/2019/10/03/zendesk-alerts-users-of-data-breach-that-occurred-in-2016/

Heller, M. (2019, October 3). Zendesk breach in 2016 affected 10,000 customers. Retrieved from https://searchsecurity.techtarget.com/news/252471927/Zendesk-breach-in-2016-affected-10000-customers

Kovacs, E. (2019, October 3). Zendesk discloses old data breach affecting 10,000 accounts. Retrieved from https://www.securiytweek.com/zendesk-discloses-old-data-breach-affecting-10000-accounts

Muncaster, P. (2019, October 3). Zendesk breach hits 10,000 corporate accounts. Retrieved form https://www.infosecurity-magazine.com/news/zendesk-breach-hits-10000/

Panettieri, J. (2019, October 2). Zendesk discloses chat data breach. Retrieved from https://www.channele2e.com/technology/security/zendesk-chat-data-breach/

Paganini, P. (2019, October 2). Zendesk 2016 security breach may impact uber, slack, and other organizations. Retrieved from https://securityaffairs.co/wordpress/92051/data-breach/zendesk-2016-security-breach.html

Payne, D. (2019, October 2). Zendesk has disclosed a 2016 data breach. Retrieved from https://www.internetnewsflash.com/zendesk-has-disclosed-a-2016-data-breach/

Pawluk, A. (2019, October 3). Security breach in zendesk discovered. Retrieved from https://blog.verohum.com/news/security-breach-in-zendesk-discovered/

Secure Reading. (2019, October 3). Zendesk discloses security breach. Retrieved from https://securereading.com/zendesk-discloses-security-breach/

Swartz, J. (2019, October 2). Shares of Zendesk drop 4% after it discloses security breach. Retrieved from https://www.marketwatch.com/story/shares-of-zendesk-drop-4-after-it-discloses-security-breach-2019-10-02

Van Horenbeeck, M. (2019, November 22). Updated notice regarding 2016 security incident. Retrieved from https://www.zendesk.com/blog/security-update-2019/

Winant, D. (2019, October 6). Zendesk discloses 2016 data breach. Retrieved from https://seclists.org/dataloss/2019/q4/20

Overlake Medical Center has more than phishing to deal with: Medical records leaked

Through our lifetimes, we will need to visit a hospital, medical center or clinic for one reason or another. This may consist of the obligatory annual physical, stitches after a fall, or to refill medications. For various reasons, the commonality is the persons are visiting the medical facility for medical services. Dependent on the individual needs, this may be critical or a standard appointment. With these, the patient requires the services. When there is an issue with providing the service, this affects the medical facility, but also every single patient that would have received medical care at the facility. We’ve seen the effects of phishing attacks on most industries. Dependent on the specific attack, this can be especially problematic for the medical facilities. The Overlake Medical Center & Clinics have experienced this recently.

Overlake Medical Center & Clinics

The Overlake Medical Center & Clinics is based in Bellevue, Washington. The facility is non-profit and has 364 beds. All was well until the issue was detected.

Attack

The medical facility was the victim of the infamous, yet uncomplicated, phishing attack. In early December 2019, a small number of employees had seen the phishing lure and decided the email was legitimate when it actually was not, clicking on the link, image, or whatever the attack tool used was in this case. It was noted the unauthorized party, who had harvested the credentials, had infected the accounts between December 6-9, 2019. This was detected once the attackers began to access the email accounts on December 9^th. Within hours, the medical center did secure the affected email accounts and began their investigation.

Data

For some reason, the patient data was stored in the email accounts for the 109k affected patients. This possibly included names, dates of birth, phone numbers, addresses, health insurance information, insurer number, diagnoses, and treatment information. This is a treasure trove for the attackers. This data may be sold in whole or sliced into usable sections for specific malicious parties.

Post-Attack

After the compromise was detected, the medical facility was required to notify the affected. This began on February 7, 2020, as they started to contact 109,000 patients. This is a rather arduous task due to the number of patients, and the subject matter. Even if a small ratio of the persons called the medical center seeking answers to their questions, there would still be a mass amount of labor to take the calls and talk to each proactive affected patient.

As of the notification date, this was the third-largest breach for the year.

The medical center did state there was no evidence the data had been used by the unauthorized parties. This is a hollow statement though. With the attackers having this, they or the purchasers, if applicable, could wait to use this, or if this was used, it may be difficult to pinpoint this compromise as the cause.

Additional Security Features

Due to the successful attack, the medical facility did reset the employee passwords and put into place additional security features (e.g. multi-factor authentication and email retention policies). The facility was also enhancing their staff education to attempt to assist them to better recognize and then avoid the phishing emails.

Questions

There is a question of the timing. They found the credentials had been compromised and used from December 6^th through the 9^th, 2019. They did not start to notify the affected parties until February 7, 2020. Granted the medical facility has to complete their investigation, including the attack vector analysis, and determining who was affected. If this were have taken a month, this still leaves a month for the medical practice to arrive at the data, which seems a bit long, even for a conservative approach to the forensic review.

Helpful Tips

While phishing attacks are an epidemic, there are measures which the medical facilities may put into place to reduce this issue to a reasonable level of acceptable risk. These include, however certainly are not limited to

·        Having secured storage in place and tested regularly. Simply having storage in place is not enough. This would need to be tested to ensure the storage is viable.

·        Log collection. This is a very useful tool. This allows the organization to periodically check activities, including attempted connections, and connections. There are several SIEMs in the market which will analyze these for the organizational, reducing significantly the labor overhead which would need to be expended otherwise. One such highly regarded tool to accomplish this is Splunk.

·        File integrity monitoring. This is coupled with the secured storage. If the files are lacking integrity, they are not exceptionally useful.

·        Event detection. In order to know there has been an issue, the event has to be detected. This is another situation where a SIEM would provide the organization with the data and analysis to show the compromise and begin the incident response protocol. Two SIEMs which could be used to accomplish this are Splunk or AlienVault.

Resources

Davis, J. (2020, February 20). 109k patient records impacted in overlake medical phishing attack. Retrieved from https://healthitsecurity.com/news/109k-patient-records-impacted-in-overlake-medical-phishing-attack

Garrity, M. (2020, February 4). 10 tips for hospitals to mitigate ransomware attacks. Retrieved from https://www.beckershospitalreview.com/cybersecurity/10-tips-for-hospitals-to-mitigate-ransomware-attacks.html

Garrity, M. (2020, February 20). 364-bed Washington community hospital notifies 109,000 patients of phishing attack. Retrieved from https://www.beckershospitalreview.com/cybersecurity/364-bed-washington-community-hospital-notifies-109-000-patients-of-phishing-attack.html

McGee, M.K. (2020, February 25). Phishing in healthcare: Yet another major incident. Retrieved from https://www.databreachtoday.com/phishing-in-healthcare-yet-another-major-incident-a-13767

Overlake Medical Center & Clinics. (2020, February 7). Notice of phishing incident. Retrieved from https://www.overlakehospital.org/notice-of-phishing-incident

EA's code oversight

Everyone loves a good video game every now and again. These vary in their genre and computing power. These grasp and hold the player’s attention for hours upon hours. This has grown into such an industry, there are massive corporations creating and hosting these games, and also hosting the tournaments. One example is Electronic Arts (EA).

Issue

As part of its services, EA offers a tournament series. The subject here is EA’s FIFA 20 Global Series. To those unfamiliar with the group and game, this is a big deal. This is a $3M competitive circuit. This is a rather competitive tournament using the organizations’ FIFA 20 soccer-themed game and the focus. There just happened to be a minor issue with this. On October 3, 2019, right after the website used to sign people up was put online, the gamers noted immediately the other person’s private information was being leaked. EA inadvertently leaked approximately 1,600 user’s personal data, who previously entered the data with EA’s service.

Data

What would happen is the gamer would enter their information and while entering their respective information, the gamers were shown other gamer’s data. Naturally, this created an issue as the gamer is not going to confirm other gamer’s information as to their own. The leaked data included the user/player’s ID, birthday, email address(es), and country of origin. While this is not a good thing, it could have been much worse. This is more embarrassing than an epic fail. Once the leak was discovered, the website was taken down, which took approximately 30 minutes. While this is much quicker than other companies, this still allowed for 1,600 user’s information to be leaked. This quick response was definitely a positive thing. If they would have been the victim of paralysis by analysis, this would have been much worse.

Remediation

EA has apologized for their oversight, which is fair. At this point, no information or data was leaked which could be used for identity theft. This was, however, their oversight and a portion of the affected gamers are still displeased with EA.

Resources

Carpenter, N. (2019, October 4). EA data breach could impact 1,600 FIFA 20 players. Retrieved from https://www.polygon.com/2019/10/4/20898543/fifa-20-global-series-data-breach-ea-sports

Cimpanu, C. (2019, October 4). EA website snafu leaks data of 1,600 FIFA 20 pro gamers. Retrieved from https://www.zdnet.com/article/ea-website-snafu-leaks-data-of-1600-fifa-20-pro-gamers/

Lyles, T. (2019, October 4). EA discloses massive data breach affected thousands of competitive FIFA players. Retrieved from https://www.digitaltrends.com/gaming/ea-fifa-data-breach/