Marketing has changed over the years. In the last decade or
so, this has transitioned from the prior print, radio, and television media to
digital media. While these have the same goal, the media itself has changed. The
persons involved with this, social influencers, aren’t just taking selfies, but
have made this into a business for themselves. One firm embracing this is
Preen.Me, based in Tel Aviv. The firm is a next-generation marketing platform. A
bi-product of this involves cybersecurity and attacks, which they found out the
hard way.
Attack
This is an odd situation. Yes, there was a breach and the data
and information were exfiltrated. This is documented via the sample provided.
Generally, when this happens, the situation demands everyone relevant to get
involved to investigate it. There may also be third parties involved with this
to fully review the attack, methods, and other aspects. At least through the
three weeks after the organization learned of the breach, they still have not
announced anything with this attack. The publication of the attack methods and
post-breach remediation will probably not be announced either.
Discovery
As a rule of thumb, the organization should generally be
aware when they have been breached. The cybersecurity area should be there to
review the logs, alerts, and other red flags indicating there has been a
problem. When the organization has no idea, this infers there is some form of a
systemic problem. In this case Preen.Me was notified by Risk Based Security of
the issue. Risk Based Security discovered the compromise on June 6, 2020, when
the attacker revealed they had successfully attacked Preen.Me’s system and
exfiltrated the data. To document this, 250 of these records were posted to
PasteBin on June 6th.
Data
While this was not the largest breach, the number of those
affected is still significant. In this case, approximately 100,000 social media
influencers had their personal information accessed by an unauthorized third
party. While this was detrimental, this breach also led to another 250,000
social media users have their information likewise on a dark web site. The data
itself consists of the social media influencer’s links to their individual
social media accounts, email addresses, names, phone numbers, and home
addresses.
Effects
While merely having the data in the dark web for anyone to
view is not the optimal scenario, there is another use of this for the
attackers. The data, curiously, may also be used for scamming the persons
involved. This does not appear, from the published accounts, to have
confidential data stolen that the attackers could sell rapidly (e.g. social
security numbers). The hope is the company does provide an announcement and do
something for the affected persons.
Resources
Coker, J. (2020, June 25). 350,000 social media influencers
and users at risk following data breach. Retrieved from https://www.infosecurity-magazine.com/news/data-breach-social-media/
Dissent. (2020, June 25). Personal data of 350,000+ social
media influencers and users compromised following preen.me hack. Retrieved from
https://www.databreaches.net/personal-data-of-350000-social-media-influencers-and-users-compromised-following-preen-me-hack/
Duran. (2020, June 29). The personal data of 350,000 social
media influencers and users is at risk after a preen.me data breach. Retrieved
from https://www.cyclonis.com/personal-data-of-350000-social-media-influencers-users-at-risk-after-preen-me-data-breach/
RBS. (2020, June 24). Personal data of 350,000+ social media
influencers and users compromised following preen.me hack. Retrieved from https://www.riskbasedsecurity.com/2020/06/24/personal-data-of-350000-social-media-influencers-and-users-compromised-following-preen-me-hack/
Security Experts. (2020, June 26). Experts on 350,000 social
media influencers and users at risk following data breach. Retrieved from https://www.informationsecuritybuzz.com/expert-comments/experts-on-350000-social-media-influencers-and-users-at-risk-following-data-breach/
No comments:
Post a Comment