Several of the headlines in the past week are related to hackers breaching systems and stealing user data. No one wants to see their company’s name in these types of headlines. We have been talking with our customers a lot lately here at OneLogin about our Customer Identity and Access Management (CIAM) solution. We want to make sure that we can help our customers not only protect the identities of their employees but also protect the identities of their customers.
Not only can these breaches be harmful to the reputation of the companies that have been hacked, but when users’ credentials are stolen it makes other systems vulnerable because users tend to reuse the same credentials for multiple systems. Whatever Identity and Access Management (IAM) system you are using to protect your company data should ensure that users aren’t using those same compromised credentials. For this week’s new roundup we wanted to focus on some of the recent breaches so at least you can be armed with knowledge.
Tokopedia Data Breach: Hackers Leaks 15 Mn User Records
In March of this year, Tokopedia was breached and according to some reports upwards of 91 million user records were stolen. The threat actors put the information up for sale on the Darknet. Most of the content was still hashed and unusable, which is good news. But whether or not the data can be read or decrypted is often immaterial to users. All they hear is their information was stolen and is now out there. Read more about what happened on CISO Mag.
Breach Exposes Data of 774,000 Australian Migrants
A breach that exposed personal data, partial names and user ids of 774,000 Migrants in Australia seems to have come out of human error. The data was in a government system that tracks migration to Australia and a new application intended to invite and encourage skilled workers to move to Australia, SkillsSelect, was connected to that data and mistakenly made that data publicly available. This wasn’t actually hackers at work but journalists at Guardian Australia who discovered how with a few simple clicks you could access this information.
The breach not only hurt the reputation of the Home Affairs Department who built the Skills Select system, but also hurt the efforts of the federal government that is trying to implement a COVID-Safe tracing app. Find more information about this breach from Australia Guardian.
GoDaddy Suffers Data Breach
GoDaddy recently detected a breach that in fact occurred in October of last year. GoDaddy does not know exactly how many credentials were compromised. They have forced a password reset of their users’ accounts. But this means that those in possession of those accounts should make sure they are not using the same set of credentials in other sites. This breach has made the owners of over 77 million domains vulnerable. Find out more about what happened at GoDaddy in Infosecurity Magazine.
Cybersecurity and COVID: 5 Lessons
This last article is not about breaches but about being prepared and being vigilant against cybersecurity attacks is all about being prepared. Just as we might have prepared ourselves better for the current COVID-19 pandemic. The author makes a clear and concise outline of the similarities between Cybersecurity and COVID-19. Read this thought provoking article on Security Boulevard.