Just like that, the first week of September is in the books. We hope you enjoyed a nice Labor Day weekend and had a productive, short work week. Even with a four-day week, we found ways to keep busy and kick-start the new month!
This week, we announced that we will become the first Identity as a Service (IDaaS) partner for PowerSchool. PowerSchool helps schools and districts efficiently manage instruction, learning, grading, attendance, assessment, analytics, state reporting, special education, student registration, talent, finance, and HR. We look forward to working together to help school districts simplify the onboarding and offboarding process through Identity Management automation.
This is a special partnership for us at OneLogin as the education sector is very important to us. Helping educators, students, faculty, and alumni be safer, more secure, and more efficient helps them focus on more important things like teaching and learning.
We’re also less than three weeks away from Connect ‘19 in San Francisco. We’re excited to connect together with OneLogin customers, partners, and users to shape the future of identity and access management. We recently published a blog outlining what attendees can expect from this year’s event. Check it out before the event!
Now onto this week’s news…
User Phone Numbers Exposed in Unsecured Facebook Database
A couple weeks ago we shared a story about MoviePass customer data being exposed due to an unprotected database. This week, hundreds of millions of phone numbers linked to Facebook accounts were discovered in unsecured databases. While the total number of affected records has yet to be determined, it’s becoming increasingly clear that human error is a consistent security risk when it comes to data protection. Read more on TechCrunch.
The Growing Threat of SIM Swapping
SIM swapping is making headlines this week after Twitter CEO Jack Dorsey’s account was hacked. SIM swapping allows malicious actors to take control of a target’s phone by persuading a mobile carrier to switch a phone number to a new device using a new SIM card. Once hackers have control of the phone number, they can request temporary login codes from providers like Twitter or Facebook. Given its simplicity and effectiveness, SIM swapping is growing in popularity. Read more on the New York Times.
SharePoint Attacks Target Banking Industry
Malicious actors recently used SharePoint to bypass a Symantec email gateway and target the banking industry with a phishing campaign. The campaign, which includes a malicious OneNote file and fake OneDrive for Business login portal, demonstrates the creative measures malicious actors will take to obtain high-value credentials and compromise corporate applications. Read more on SC Magazine
Behavioral Analytics Can Limit the Risk of Breached Credentials
Large-scale breaches like the recent Hostinger breach present a conundrum for users and service providers. To limit the risk posed by compromised credentials, users must change their username and password wherever the breached credentials were re-used. For service providers that want to prevent the re-use of stolen credentials, behavioral analytics and passive biometrics offer the most secure solution. Read more on Information Management