Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Breach. Show all posts
User Data
Cloud Firm Cloudfare Data Breach Data Loss User Data

Faulty Upgrade at Cloudflare Results in User Data Loss

 

Cloudflare has disclosed a severe vulnerability with its logging-as-a-service platform, Cloudflare Logs, which resulted in user data loss due to an improper software update. The US-based connectivity cloud firm acknowledged that around 55% of log data generated over a 3.5-hour period on November 14, 2024, was permanently wiped out. This loss was caused by a succession of technical misconfigurations and system failures. 

Cloudflare logs collects event metadata from Cloudflare's global network and makes it available to customers for troubleshooting, compliance, and analytics. To speed up log delivery and avoid overloading users, the organisation uses Logpush, a system that collects and transmits data in manageable sums. An update to Logpush caused a series of system failures, disrupting services and resulting in data loss. 

The incident started with a configuration upgrade to enable support for an additional dataset in Logpush. A defect in the configuration generation system resulted in Logfwdr, a component responsible for forwarding logs, receiving an empty configuration. This error informed Logfwdr that no logs needed to be delivered. Cloudflare discovered the bug within minutes and reverted the update. 

However, rolling back the update triggered a separate, pre-existing issue in Logfwdr. This flaw, which was linked to a fail-safe technique designed to "fail open" in the event of configuration mistakes, caused Logfwdr to process and attempt to transmit logs for all customers, not just those with active setups. 

The unexpected rise in log processing overloaded Buftee, Cloudflare's log buffering system. Buftee is intended to keep distinct buffers for each customer to ensure data integrity and prevent interference between log operations. Under typical circumstances, Buftee manages millions of buffers worldwide. The large influx of data caused by the Logfwdr mistake boosted buffer demand by fortyfold, exceeding Buftee's capacity and rendering the system unresponsive. 

According to Cloudflare, addressing the issue needed a complete system reset and several hours of recovery time. During this time, the company was unable to transfer or recover the affected logs, which resulted in permanent data loss.

Cloudflare attributed the incident to flaws in its system security and configuration processes. While systems for dealing with such issues existed, they were not set up to handle such a large-scale failure. Buftee, for example, offers capabilities designed to handle unexpected surges in buffer demand, but these functions were not enabled, leaving the system vulnerable to overflow.

The company also stated that the fail-open mechanism in Logfwdr, which was established during the service's early development, has not been updated to match the much bigger user base and traffic levels. This error enabled the system to send logs for all clients, resulting in a resource spike that exceeded operational constraints. 

Cloudflare has apologised for the disruption and pledged to prevent similar instances in the future. The company is implementing new alerts to better detect configuration issues, improving its failover procedures to manage larger-scale failures, and doing simulations to verify system resilience under overload scenarios. 

Furthermore, Cloudflare is improving its logging design so that individual system components can better withstand cascading failures. While faults in complex systems are unavoidable, the company's priority is to minimise their impact and ensure that services recover fast. 

Last month, Cloudflare claimed successfully managing the largest recorded distributed denial-of-service (DDoS) assault, which reached 3.8 terabits per second (Tbps). The attack was part of a larger campaign aimed at industries such as internet services, finance, and telecommunications. The campaign consisted of over 100 hyper-volumetric DDoS attacks carried out over the course of a month, overwhelming network infrastructure with massive amounts of data.
Read more »
insurance
CyberCrime Cybersecurity Cyberthreats Data Breach data security HDFC insurance

HDFC Life Responds to Data Leak, Engages Cybersecurity Experts

 


According to HDFC Life Insurance, the company recently reported a cyberattack resulting in stolen confidential customer data. Cybercriminals allegedly accessed sensitive policyholder information and demanded extortion from the insurance company, so the company submitted a complaint to the South Region Cyber Police. As per the complaint, there was a breach of security at the company between November 19 and November 21, 2024. 

The cybercriminals, operating under the alias of bsdqwasdg@gmail.com and using a WhatsApp account to send unencrypted communications, managed to steal the

personal data of HDFC Life's clients. In a news release on Monday, HDFC Life Insurance Company, the country's second-largest private insurer by premiums, reported that customer information had been stolen from their system. 

In recent months, there has been a second major data breach within the insurance sector following thee leak of many gallons of personal information by Star Health & Allied Insurance a few months ago. Star Health and Allied Insurance had previously been subject to a cyberattack, as well as a forensic investigation conducted by independent cybersecurity experts, into the incident.

The data breach that occurred at Star Health's servers reportedly resulted in the sale of sensitive information about 31 million customers - an amount of 7.24 terabytes estimated - on the messaging network Telegram as part of the breach.  In its article, the Insurance Regulatory and Development Authority of India (IRDAI), which controls the insurance industry in India, had indicated that, even though insurers have not been named, it takes security breaches very seriously and is committed to continuing its engagement with the companies to ensure the interests of policyholders are protected fully. 

There was a lot of personal information leaked, including names, addresses, phone numbers, tax details, and sometimes even medical records of the insurance policyholders. It was reported that Star Health's chief information security officer (CISO), Amarjeet Khanuja, had sold the company's data for $150,000 after a hacker allegedly accessed the data through the company's network. There was another incident involving the loss of data at Tata AIG as well. 

A few days after the presidential election, HDFC Life Insurance received several emails claiming to have been sent by an anonymous sender who claimed to have stolen the sensitive information of its customers. A hacker attached data to the email that included the names, policy numbers, addresses, and phone numbers of 99 of his victims. 

As outlined in the email, unless negotiations are conducted, the data of the company will be leaked or sold to third parties. According to the hacker, the company has two days to respond to the threat and its reputation could be jeopardized. A series of messages had been sent over the weekend of November 20 and 21 by the extortionist, warning the company that if they failed to negotiate, a massive leak would occur. As stated in one of the messages, the company will have to suffer losses of "hundreds of billions of rupees" if the transaction goes through, along with a damaged reputation and regulatory pressure from the government. 

It was requested by the hacker that he pay money in exchange for preventing the exposure of the information. A security expert examined the breach and verified its authenticity with the help of HDFC Life Insurance, which then decided to engage the police and inform the appropriate authorities of the breach. 

As a result, the company has given its customers the assurance that it is taking all possible measures to ensure their information is protected and that the impact of the data theft is minimized. It was decided to file a case under sections 308(3) (extortion) as well as 351(4) (criminal intimidation) of the Bharatiya Nyaya Sanhita, 2023 along with the relevant provisions of the Information Technology Act, 2000, for the commission of the offence. 

There was a statement from HDFC Life that stated the company is committed to safeguarding the interest of its customers and will take swift action to resolve this matter. In recent months, other insurers, including Star Health Insurance and Tata AIG, have also admitted to data breaches as a result of intrusions into their systems. 

It is because of these incidents that IRDAI is constantly monitoring insurers' data security frameworks and ensuring that the necessary corrective actions are being taken as soon as possible. A growing number of cyber threats are posing serious risks to the privacy of customers and the accountability of organizations in the insurance sector. 

HDFC Life's proactive measures reflect the industry's recent push to enhance cybersecurity measures continuously to ensure that the risk of these breaches in the future is diminished. A number of cybersecurity measures have been put in place by the IRDAI to ensure that data protection is robust and that millions of policies are protected
Read more »
Prison Security
Dark Web Data Breach Data Leak England and Wales Prison Security

Jailbreak Worries as Prison Maps Exposed on the Dark Web

 

The Ministry of Justice has taken immediate action to guarantee the security of prisons in England and Wales, following the discovery that jail blueprints had been leaked online. The government official claimed it was aware of a data leak following a Times report that detailed prison blueprints had been shared on the dark web in the last two weeks. 

Prison officials believe that organised crime groups are behind the leak in order to help them deliver drugs into prison yards and cells via drones, or even to facilitate an escape. 

The locations of cameras and sensors are reportedly included in the plans, and security officials are currently attempting to determine the source of the leak and the potential beneficiaries of the information. However, the Ministry of Justice did not specify which jails were engaged in the breach. 

A Ministry of Justice spokesman stated: "We are not going to comment on the specific detail of security matters of this kind, but we are aware of a breach of data to the prison estate and, like with all potential breaches, have taken immediate action to ensure prisons remain secure.” 

Prevention tips

Employ strong passwords: The most common cause of data breaches continues to be weak passwords, which enable attackers to steal user credentials and give them access to corporate networks. Furthermore, people often reuse or recycle passwords across multiple accounts, which means attackers can launch brute-force attacks to hack into additional accounts. As such, use strong passwords that make it harder for cyber criminals to steal credentials. Also, consider using a password manager. 

Use multi-factor authentication (MFA): Due to the inherent vulnerability of passwords, users and organizations should never rely on passwords alone. MFA forces users to prove their identity in addition to entering their username and password. This increases the likelihood that they are who they say they are, which can prevent a hacker from gaining unauthorized access to accounts and corporate systems even if they manage to steal the user’s password.

Educate and train employees: Organizations must educate employees on the risks they face online and advise them on the common types of cyberattacks and how to detect a potential threat. They also should provide regular training courses and top-up sessions to ensure employees always have cybersecurity at the top of their minds and that they are aware of the latest threats.
Read more »
Streaming Platform
Amazon Data Breach Data Leak Data protection data security Fines Hacker attack Personal Data Streaming Platform

Amazon Fined for Twitch Data Breach Impacting Turkish Nationals

 

Türkiye has imposed a $58,000 fine on Amazon for a data breach that occurred on its subsidiary, Twitch, in 2021. The breach exposed sensitive personal information of thousands of Turkish citizens, drawing scrutiny from the country’s Personal Data Protection Board (KVKK). The incident began when an anonymous hacker leaked Twitch’s entire source code, along with personally identifiable information (PII) of users, in a massive 125 GB torrent posted on the 4chan imageboard. The KVKK investigation revealed that 35,274 Turkish nationals were directly affected by the leak. 

As a result, KVKK levied fines totaling 2 million lira, including 1.75 million lira for Amazon’s failure to implement adequate preemptive security measures and 250,000 lira for not reporting the breach in a timely manner. According to the regulatory body, Twitch’s risk and threat assessments were insufficient, leaving users’ data vulnerable to exploitation. The board concluded that the company only addressed the vulnerabilities after the breach had already occurred. Twitch, acquired by Amazon in 2014 for $970 million, attempted to minimize concerns by assuring users that critical login credentials and payment information had not been exposed. The company stated that passwords were securely hashed with bcrypt, a strong encryption method, and claimed that systems storing sensitive financial data were not accessed. 

However, the leaked information still contained sensitive PII, leading to significant privacy concerns, particularly for Turkish users who were impacted. The motivation behind the hack was reportedly ideological rather than financial. According to reports from the time, the hacker expressed dissatisfaction with the Twitch community and aimed to disrupt the platform by leaking the data. The individual claimed their intent was to “foster more disruption and competition in the online video streaming space.” While this rationale highlighted frustrations with Twitch’s dominance in the industry, the data breach had far-reaching consequences, including legal action, reputational damage, and increased regulatory scrutiny. Türkiye’s actions against Amazon and Twitch underline the growing importance of adhering to local data protection laws in an increasingly interconnected world. 

The fines imposed by KVKK serve as a reminder that global corporations must ensure compliance with regional regulations to avoid significant penalties and reputational harm. Türkiye’s regulations align with broader trends, as data privacy and security become critical components of global business practices. This incident also underscores the evolving nature of cybersecurity challenges. Hackers continue to exploit vulnerabilities in popular platforms, putting pressure on companies to proactively identify and address risks before they lead to breaches. As regulatory bodies like KVKK become more assertive in holding companies accountable, the need for robust data protection frameworks has never been more urgent. The Twitch breach also serves as a case study for the importance of transparency and swift response in the aftermath of cyberattacks. 

While Twitch’s reassurances regarding encrypted data helped mitigate some concerns, the lack of prompt reporting to Turkish authorities drew criticism. Companies handling large amounts of user data must prioritize both preventive measures and clear communication strategies to regain user trust after incidents. Looking forward, the Twitch data breach highlights the necessity for all companies—especially those managing sensitive user data—to invest in proactive cybersecurity strategies. As hackers grow increasingly sophisticated, businesses must adopt a forward-thinking approach to safeguard their platforms, comply with local laws, and ensure users’ privacy remains uncompromised.
Read more »
Wi-fi
APT28 Cyber Hackers CyberCrime Cybersecurity Cyberthreats Data Breach Volexity Wi-fi

Wi-Fi Exploit Enables Russian Hackers to Breach US Business

 


A sophisticated cyberattack was carried out by a Russian state-sponsored group, which is believed to be APT28 (Fancy Bear), which exploited a large U.S. enterprise's Wi-Fi network remotely. This breach was first detected by cybersecurity firm Volexity on February 4, 2022, while it targeted a Washington, DC-based organization whose projects related to Ukraine were being carried out. 

A group of Russian hackers, reportedly linked to Russia's GRU military intelligence, managed to gain access to the wireless network through a password-spraying attack on another service, which allowed them to obtain the credentials needed to connect. The Russian state-sponsored hackers known as "APT28" have exploited a novel attack technique called 'nearest neighbour attack' to penetrate a U.S. company's enterprise WiFi network to spy on employees' activity. 

Although the hackers were thousands of miles away, they could compromise an organization nearby within WiFi range, providing a pivot from where they could reach their destination. Security firm Volexity was able to detect the attacks on February 4, 2022, as it had been monitoring the hackers, codenamed 'GruesomeLarch', as they had been monitoring the attack for many weeks beforehand. 

APT28, which is associated with the General Staff's Main Intelligence Directorate (GRU) and is part of the Russian military's 26165 unit, has been conducting cyber operations since at least 2004 in conjunction with a Russian military unit. Using a hijacked device in a neighbouring building across the street, Russian state-sponsored hackers were able to log into a Wi-Fi network in the United States without ever leaving their country of residence. 

Volexity, a security vendor, documented a rare hacking technique that they call the "Nearest Neighbor Attack." The company discovered the incident in January 2022, when an unnamed customer, calling itself Organization A, suffered a system hack. Initially, the attackers, whom Volexity tracks as GruesomeLarch, gained access to the target's enterprise WiFi network by accessing that service through a password-spraying attack that targeted the victim's public-facing services, as the passwords were flooded. 

Nonetheless, the presence of one-time password (OTP) protection meant that the credentials could not be used to access public web-based services. As far as connecting to the enterprise's WiFi network was concerned, MFA was not required, however, being "thousands of miles away from the victim and behind an ocean" posed a significant inconvenience. It was through this creative use of the hacker's brain that they began looking into buildings nearby that could be potential pivots to the target wireless network, in fact they started to do so. 

APT28 compromised multiple organizations as part of this attack and was able to daisy-chain their connection between these organizations by using legitimate access credentials to connect with them. At the end of the investigation, they discovered a device within a certain range that was capable of connecting to three wireless access points near the windows of a victim's conference room to retrieve their data. 

An unprivileged account used for the remote desktop connection (RDP) allowed the threat actor to move around the target network from one point to another searching for systems of interest and exfiltrating sensitive information from them. Three Windows registry hives were dumped by the hackers: SAM, Security, and System. This hive was compressed into a ZIP archive and then exfiltrated by the hackers using a script named 'servtask.bat'. 

The most common way they collected data while minimizing their footprint was to use native Windows tools. As a result of Volexity's analysis, it was also identified that GruesomeLarch was actively targeting Organization A so that data would be collected from individuals and projects active in Ukraine who have expertise in and experience with those projects. Despite Volexity's initial inability to confirm an association between the attacker and any known threat actors, a subsequent report by Microsoft pointed to certain indicators of compromise (IoCs) that matched the information Volexity had observed, indicating that the Russian threat group was responsible. 

Microsoft's cybersecurity report indicates that it is highly likely that APT28 was able to escalate privileges before launching critical payloads within a victim's network by exploiting the CVE-2022-38028 vulnerability in the Windows Print Spooler service within the victim's network. This is a zero-day vulnerability in Windows. 

APT28, a group that executes targeted attacks using the nearest neighbour technique, successfully demonstrated that close-access operations, which are usually performed at close range, can be executed from a distance, eliminating the risk of identifying or capturing the target physically. Even though internet-facing devices have benefited from increasing security over the past year, thanks to services such as multi-factor authentication and other types of protections that have been added, WiFi corporate networks have largely remained unprotected over the same period.
Read more »
Telecom Firms
CISA cyber espionage Data Breach Telecom Firms

US Exposes Major Chinese Cyber-Espionage Targeting Telecom Networks

 


The United States has accused China of conducting a vast cyber espionage operation that targeted multiple telecommunications networks. The hackers allegedly stole sensitive data and intercepted communications relating to a few government and political leaders. The incident raises national security concerns, in which officials are sounding warning bells.

US officials said that Chinese state-sponsored hackers broke into the systems of several telecom companies, looking to syphon away customer call records and gain unauthorised access to communication data. In some cases, the attackers allegedly copied information sought by US law enforcement through court-approved procedures, said analysts. That's a disturbing breach of sensitive data.

This is receiving full-time investigation by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to help targeted companies. Officials said they are only slowly learning the extent of what happened, but preliminary reports indicate a sophisticated attack that probably reaches virtually everywhere in the country.


 

Key Targets and Methods


Unnamed sources suggest that major telecom providers, including AT&T and Verizon, were among those breached. Hackers allegedly found a way into systems used for court-authorised wiretaps, bypassing security measures. Microsoft identified the group responsible as “Salt Typhoon,” a hacking collective linked to the Chinese state.


According to reports, this group had been undetected for months before exploiting vulnerabilities to gain access to sensitive communication networks. The list of allegedly targeted big fish includes former President Donald Trump, members of his family, and Vice President Kamala Harris' campaign staff. 


Impact Beyond Large Companies

The scope of the attack does not only extend to big corporations. Regional internet service providers were also targeted, which shows how the hackers covered many areas. Experts think that the attackers must have abused the wiretap systems by monitoring some specific numbers, which may give them audio data through such breaches.

 

Wider Issues and Follow-Up Investigations

US authorities have already informed dozens of affected organisations. Classified briefings have lately been conducted to enlighten lawmakers on the serious implications. Senator Ron Wyden, who attended one of the briefings described the breach as deeply concerning in regard to its implications across various sectors.

While the probe is still ongoing, more efforts have been committed toward discovering the scope of the operation. According to a State Department official, this attack highlighted vulnerabilities in telecom systems believed to have been secure, and a greater need for upgraded cyber defence mechanisms is therefore urgent.

This incident typifies the dynamic threat of state-sponsored cyberattacks with regard to challenges in safeguarding critical infrastructure. The US is to enhance its defence mechanisms and systems for better preparedness to such breaches in the future as investigations continue.

Read more »
Personal Data
Data Breach Data breaches attacks Data protection Data Theft Financial Data Hacker attack Hackers Personal Data

Set Forth Data Breach: 1.5 Million Impacted and Next Steps

 

The debt relief firm Set Forth recently experienced a data breach that compromised the sensitive personal and financial information of approximately 1.5 million Americans. Hackers gained unauthorized access to internal documents stored on the company’s systems, raising serious concerns about identity theft and online fraud for the affected individuals. Set Forth, which provides administrative services for Americans enrolled in debt relief programs and works with B2B partners like Centrex, has initiated notification protocols to inform impacted customers. The breach reportedly occurred in May this year, at which time Set Forth implemented incident response measures and enlisted independent forensic specialists to investigate the incident. 

However, the full extent of the attack is now coming to light. According to the company’s notification to the Maine Attorney General, the hackers accessed a range of personal data, including full names, Social Security numbers (SSNs), and dates of birth. Additionally, information about spouses, co-applicants, or dependents of the affected individuals may have been compromised. Although there is currently no evidence that the stolen data has been used maliciously, experts warn that it could end up on the dark web or be utilized in targeted phishing campaigns. This breach highlights the ongoing risks associated with storing sensitive information digitally, as even companies with incident response plans can become vulnerable to sophisticated cyberattacks. 

To mitigate the potential damage, Set Forth is offering free access to Cyberscout, an identity theft protection service, for one year to those affected. Cyberscout, which has over two decades of experience handling breach responses, provides monitoring and support to help protect against identity fraud. Impacted customers will receive notification letters containing instructions and a code to enroll in this service. For those affected by the breach, vigilance is critical. Monitoring financial accounts for unauthorized activity is essential, as stolen SSNs can enable hackers to open lines of credit, apply for loans, or even commit crimes in the victim’s name. 

Additionally, individuals should remain cautious when checking emails or messages, as hackers may use the breach as leverage to execute phishing scams. Suspicious emails—particularly those with urgent language, unknown senders, or blank subject lines—should be deleted without clicking links or downloading attachments. This incident serves as a reminder of the potential risks posed by data breaches and the importance of proactive protection measures. While Set Forth has taken steps to assist affected individuals, the breach underscores the need for businesses to strengthen their cybersecurity defenses. For now, impacted customers should take advantage of the identity theft protection services being offered and remain alert to potential signs of fraud.
Read more »
User Security
B2B Data Breach Data Leak Demand science User Security

Data Aggregator Breach Exposes Data of 122 Million Users

 

Pure Incubation, currently known as DemandScience, allegedly experienced a data breach earlier this year, resulting in the theft of critical data, including contact information. 

The impacted entity is a B2B demand-generation and data aggregator that collects, collates, and organises data from public sources to create a comprehensive dataset that digital marketers and advertisers can use to create rich "profiles" for lead generation or marketing material. 

Furthermore, this organisation gathered data from public and third-party sources, including full names, physical addresses, email addresses, phone numbers, employment titles and positions, and social media links. 

The alleged cause of the data breach is an unsecured system on Pure Incubation, which allowed a threat actor known as 'KryptonZambie' to sell around 132.8 million documents on BreachForums starting last February.

On the other side, the data aggregator persisted on one of the enquiries, stating that there was no evidence of a hack. However, a follow-up email asking if the leaked data samples belonged to them went unanswered.

Furthermore, the senior director of corporate communications stated that a post from a black hat hacker criminal website triggered them to activate their security and incident response systems. The company also stated that its systems are completely working and that its first investigation did not find any sign of a hack or data breach. Still, it assured every concerned party that it constantly monitored the issue. 

On August 15, 2024, KryptonZambie made the dataset available for eight credits, which is equivalent to a few dollars. This disclosure forced the company to verify the data's legitimacy. However, the confirmation stated that anyone who was exposed to the DemandScience leak did so through a system that had been discontinued two years ago. 

The 122 million unique email addresses from the stolen dataset have been added to Have I Been Pwned, and impacted subscribers will be notified of the incident. Therefore, the individuals who may have been affected by the data leak should be vigilant of any unsolicited contacts, since threat actors can already carry out targeted phishing operations.
Read more »
User Privacy
Data Breach Data Leak Employee Data MOVEit Attack User Privacy

Amazon Employee Data Leaked in MOVEit Attack Fallout

 

Amazon has confirmed that some employee data was accessed last year, presumably as part of the huge MOVEit hacking campaign. A hacker recently revealed on the BreachForums cybercrime forum that they had stolen Amazon employee information, such as names, phone numbers, email addresses, job titles, and other job-related information. 

The hacker claimed the data came from the 2023 MOVEit attack, which entailed exploiting a zero-day vulnerability in Progress Software's MOVEit file transfer software to gather sensitive information from thousands of organisations that had used the program. 

The MOVEit campaign, which is widely thought to have been carried out by the Cl0p ransomware group, impacted about 2,800 organisations and compromised the data of approximately 100 million people. 

Amazon confirmed the data theft in a statement released earlier this week, but added several important details. According to the firm, the data was obtained via a third-party property management vendor; neither Amazon or AWS systems were compromised. 

The incident impacted several of the third-party vendor's clients, including Amazon. Amazon stated that only employee work contact information, such as work email addresses, desk phone numbers, and building locations, were revealed, while other, more sensitive information, such as Social Security numbers and financial information, were not compromised. 

The hacker claims that the Amazon employee database has nearly 2.8 million records, however it is unknown how many employees are affected. The same hacker has also leaked employee data from BT, McDonald's, Lenovo, Delta Airlines, and HP. The data appears to be the result of the same MOVEit breach that targeted the same real estate services company that housed Amazon employee information.
Read more »
phishing
Data Breach Microsoft visio Perception Point phishing

Phishing Scams use Microsoft Visio Files to Steal Information

 


The latest phishing attacks involve users being victimised in private information scams through the use of Microsoft Visio files. According to a security firm called Perception Point, the trick mainly involves using the .vsdx file extension, used for business diagrams and flowcharts. It has been found that cyber attackers can embed malicious links in Visio files to circumvent most of the traditional checks a secured system carries out on users.


Why Visio files are a hacker's best friend

In particular, Microsoft Visio files are less often encountered by users due to being not as well known as other attachment types, for instance, PDFs or Word documents. This means that the files of the type Visio would be less likely to be considered suspicious by a security system, making them a good target for hackers who send phishing links secretly. All of this aside, Visio files themselves are transmitted via email attachments, which most users trust because they are all Microsoft tools.


How the Visio Phishing Attack Work


This is how the particular phishing scheme unfolds, according to Perception Point:

1. Accessed Accounts: Scammers first gain access to a legitimate account so they can use it to send their phishing email. This gives them a head over basic security checks since it is coming from a trusted source.

2. Email Content : It has an attachment which is a Visio file (.vsdx) or an Outlook email (.eml), and from what it looks like, it's authentic: probably a proposal or order for some kind of purchase.

3. Opening the File: As soon as the recipient clicks on the attachment to open it, they are taken to a SharePoint page, serving the Visio file. Thieves brand some of the hacked organisation's logos to give the document the look of authenticity.

4. Link in Visio document: Attackers will go and add a link within the Visio document titled "View Document." Users are encouraged to click with the Ctrl key in order to click on the link. It is thought that this behaviour should bypass many forms of automated security scanning. Once they have clicked on it, the victims are taken to a mock Microsoft log-in page that forces them to input their passwords, which are then stolen.


Phishing by Trusted Platforms

As Perception Point reports, phishing attacks using trusted Microsoft tools-SharePoint and Visio-have been rising alarmingly. Using credible tools creates layers of trust, which diminishes the chances of detection for phishers. Thus, Microsoft has warned users to look out for the potential abuse of its tool in phishing scams.

According to Perception Point, this phishing method utilises trusted tools from Microsoft, such as Visio and SharePoint-meaning cybercrooks adapt to evade detection. As per the same sources, these methods are designed to gain user trust and evade traditional systems in email security.

 Recommended Security Best Practices

The best practices to mitigate such advanced phishing are as follows for both organizations and individual users:
There is verification of the sender's identity before opening attachments from unknown or unfamiliar contacts.

Enable multi-factor authentication: In addition to the extra security multi-factor authentication has in place, it will be much harder for hackers to access your accounts without any kind of authentication

Stay updated on phishing techniques: Educate the employees to become aware of recognizing and avoiding attempts from hackers.

Advanced Email Security Tools: Implement tools that are now specifically designed to monitor unusual file types, including Visio files, with the aim of detecting emerging phishing strategies.

In this day and age of phishing scams, staying abreast and refreshing security protocol can definitely go a long way.



Read more »
User Security
American Firm Data Breach Data Leak Hot Topic User Privacy User Security

Hot Topic Data Breach Exposes Private Data of 57 Million Users

 

Have I Been Pwned warns that an alleged data breach compromised the private data of 56,904,909 Hot Topic, Box Lunch, and Torrid users. Hot Topic is an American retail franchise that specialises in counterculture-themed clothes, accessories, and licensed music merchandise. 

The firm has approximately 640 stores in the United States and Canada, mostly in shopping malls, with a large customer base.

According to HIBP, the exposed information includes full names, email addresses, birth dates, phone numbers, physical addresses, transaction history, and partial credit card data for Hot Topic, Box Lunch, and Torrid users. 

On October 21, 2024, a threat actor known as "Satanic" claimed responsibility for the security incident on BreachForum. The threat actor claims to have siphoned 350 million user records from Hot Topic and its subsidiaries, Box Lunch and Torrid. 

"Satanic" attempted to sell the database for $20,000 while also demanding a $100,000 ransom from Hot Topic to remove the ad from the forums. According to a HudsonRock report published on October 23, the intrusion could be the result of an information stealer malware infection that acquired credentials for Hot Topic's data unification service. 

While Hot Topic has stayed silent, and no notifications have been issued to potentially impacted users, data analytics firm Atlas Privacy revealed last week that the 730GB database impacts 54 million users. Atlas further highlighted that the collection contains 25 million credit card numbers encrypted with a poor cypher that can be easily broken by current computers. 

Although Atlas is not positive that the database belongs to Hot Topic, it did note that approximately half of all email addresses had not been seen in previous breaches, adding to the authenticity of the threat actor's claims. According to Altas, the hack appears to have occurred on October 19, with data ranging from 2011 until that date. 

The company has set up a website where Hot Topic consumers can see if their email address or phone number was compromised in the data breach. Meanwhile, the threat actor continues to offer the database, albeit for a lower cost of $4,000. Potentially impacted Hot Topic consumers should be wary of phishing attacks, keep track of their financial accounts for strange activity, and change their passwords on all platforms where they use the same credentials.
Read more »
Third Party App
Data Breach Data Leak Data Privacy Telecom Firm Third Party App

Hacker Claims to Publish Nokia Source Code

 

The Finnish telecoms equipment firm Nokia is looking into the suspected release of source code material on a criminal hacking site. See also: Gartner Market Guide for DFIR Retainer Services.

An attacker going by the handle "IntelBroker," who is also the proprietor of the current iteration of BreachForums, revealed on Thursday what he said was a cache of "Nokia-related source code" stolen from a third-party breach. The data consists of two folders: "nokia_admin1" and "nokia_etl_summary-data."

IntelBroker initially stated in a Last week's BreachForums post that he was selling the code, characterising it as a collection of "SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, Webhooks, and hardcoded credentials."

A Nokia spokesperson stated that the company is "aware of reports that an unauthorised actor has alleged to have gained access to certain third-party contractor data, and possibly Nokia data." We will continue to constantly watch the situation." Last week on Tuesday, the hacker told Hackread that the data would cost $20,000.

IntelBroker told Bleeping Computer that the data came from Nokia's third-party service provider SonarQube. The hacker claimed to have gained access using a default password. SonarQube did not immediately reply to a request for comment.

In 2023, IntelBroker published online data stolen from a health insurance marketplace used by members of Congress, their families, and staffers. Earlier this year, he sparked a probe at the Department of State by uploading online papers purportedly stolen from government contractor Acuity. 

Third-party breaches at major firms are becoming more regular as companies improve their own cyber defences. Earlier this year, a slew of well-known brands, including AT&T, Ticketmaster, Santander Bank, automotive parts supplier Advance Auto Parts, and luxury retailer Neiman Marcus, were hit with breaches caused by a series of attacks on their accounts at cloud-based data warehousing platform Snowflake.
Read more »
Wayne County Michigan
Cyberattack Data Breach double-extortion encryptor FreeBSD servers Interlock ransomware ransomware attacks Trend Micro Wayne County Michigan

Interlock Ransomware: New Threat Targeting FreeBSD Servers and Critical Infrastructure Worldwide

 

The Interlock ransomware operation, launched in late September 2024, is increasingly targeting organizations around the globe. Distinctly, this new threat employs an encryptor specifically designed to attack FreeBSD servers, a relatively uncommon tactic among ransomware groups.

Interlock has already affected six organizations and publicly leaked stolen data after ransoms went unpaid. One prominent victim, Wayne County in Michigan, experienced a cyberattack early in October, adding to the list of affected entities.

Details about Interlock remain limited, with early reports emerging from cybersecurity responder Simo in October. Simo's analysis noted a new backdoor associated with the ransomware, discovered during an investigation on VirusTotal.

Shortly after, MalwareHunterTeam identified a Linux ELF encryptor related to Interlock. Upon further examination, BleepingComputer confirmed that this executable was built specifically for FreeBSD 10.4, though attempts to execute it in a FreeBSD environment failed.

Although ransomware targeting Linux-based VMware ESXi servers is common, an encryptor for FreeBSD is rare. The now-defunct Hive ransomware, disrupted by the FBI in 2023, was the only other known operation with a FreeBSD encryptor.

Trend Micro researchers shared additional samples of the Interlock FreeBSD ELF encryptor and a Windows variant, noting that FreeBSD is often used in critical infrastructure. This likely makes it a strategic target for Interlock, as attacks on these systems can lead to significant service disruptions.

Trend Micro emphasizes that Interlock’s focus on FreeBSD infrastructure allows attackers to disrupt essential services and demand high ransoms, as these systems are integral to many organizations’ operations.

It is important to note that Interlock ransomware is unrelated to any cryptocurrency token of the same name.

While BleepingComputer encountered issues with running the FreeBSD encryptor, they successfully tested the Windows version, which performed actions like clearing event logs and deleting the main binary using rundll32.exe if self-deletion is enabled.

When encrypting files, Interlock appends the .interlock extension and generates a ransom note titled "!README!.txt" in each affected folder. The note explains the encryption, threats, and includes links to a Tor-based negotiation site where victims can communicate with the attackers. Each victim receives a unique ID and email for registration on this negotiation platform.

During attacks, Interlock breaches networks, steals sensitive data, and then deploys the encryptor to lock down files. The data theft supports a double-extortion scheme, with threats to leak data if ransoms—ranging from hundreds of thousands to millions of dollars—are not paid.
Read more »
Tech Industry
Data Breach data security Hacker attack NordVPN Retail Industry SMBs Tech Industry

Why Small Businesses Are Major Targets for Cyberattacks and How to Defend Against Them

 

Recent research by NordPass and NordStellar, backed by NordVPN, has shed light on small private businesses being prime targets for cybercriminals. After analyzing around 2,000 global data breaches over two years, they found that retail and technology sectors, particularly small companies in the U.S., were highly attractive to hackers.  

Small- and medium-sized businesses (SMBs) are especially vulnerable due to limited cybersecurity resources and sometimes underestimating their value to hackers. Cybercriminals exploit common weaknesses like poor password practices, phishing attacks, and malware infections. Even technology firms—often thought to be well-protected—are at risk when human error allows hackers to bypass their defenses. 

One reason hackers favor small businesses is the prevalence of reused and weak passwords. Many attacks are untargeted; instead, hackers run credential-surfing or dictionary attacks across broad sets of data. When employee credentials are found in leaked databases, they provide easy entry points for cyberattacks, often resulting in financial and reputational damage that can be catastrophic for smaller firms. 

To protect against such threats, businesses are advised to adopt several practices. One essential tool is using a Virtual Private Network (VPN), which encrypts internet traffic, safeguarding remote employees who may connect via public Wi-Fi. This encryption layer prevents hackers from intercepting sensitive data, ensuring businesses and employees remain protected in various working environments. 

In addition to VPNs, companies can enhance security by employing password managers, which generate strong, unique passwords. Passwords are often the first line of defense, and using complex ones significantly reduces the risk of unauthorized access. Cybersecurity audits, ideally conducted by third-party experts, also play a vital role. These audits help uncover vulnerabilities and reinforce trust with customers by demonstrating the company’s dedication to data security. 

Employee training is another effective line of defense, as human error is a common cause of data breaches. Many incidents occur when employees fall for phishing scams or fail to follow security best practices. Regular cybersecurity training ensures staff are better equipped to recognize and avoid threats, thereby reducing potential risks. 

By implementing these protective measures, small businesses can better shield themselves from cyber threats. In today’s digital landscape, investing in cybersecurity isn’t just a precaution; it’s essential for the long-term viability of any business, big or small.
Read more »
ransomware attacks
Columbus Data Breach CyberCrime Cyberhackers Cybersecurity CyberThreat Data Breach ransomware attacks

Columbus Data Breach Affects 500,000 in Recent Cyberattack

 


In July, a ransomware attack on Columbus, Ohio, compromised the personal information of an estimated 500,000 residents, marking one of the largest cyber incidents to affect a city in the United States in recent years. There has been great interest in the attack linked to the Rhysida ransomware group due to the extent of the data stolen as well as the controversy surrounding the city's response. 

The City of Columbus, the state capital of Ohio, has confirmed that hackers stole data from 500,000 residents during a ransomware attack in July, locking them out.  The City of Columbus confirmed in a filing with the state attorney general that a "foreign cyber threat actor" had infiltrated the city's network to access information about residents, including their names, dates of birth, addresses, ID documents, Social Security numbers, and bank accounts.  

With a population of 900,000 people, the city in Ohio has the largest population of any municipality in the state, with around half a million people affected by the flooding, but the exact number of victims has yet to be determined.  In a regulatory filing, the city revealed that it had "thwarted" a ransomware attack on July 18 of this year, which was the effect of disconnecting its network from the internet to thwart the attack. This attack has been claimed by the Rhysida ransomware group, which specializes in crypto-ransomware attacks.

Cybercriminals believed to be connected to Russian threat actors sought a ransom from Columbus in the initial stages of the attack, claiming that 6.5 TB of data was stolen by this group. It is alleged that Rhysida introduced 3.1 TB of data from this database to the dark web leak site after negotiations with the city failed. A significant data breach in the public sector has occurred within the last two years as a result of this exposure. 

 According to Rhysida, the ransomware gang, the attack occurred the same day. They claim they have stolen databases containing 6.5 TB of data, including information about staff credentials, video feeds from the city camera system, and server dumps, along with other sensitive data. There has been no increase in the amount of stolen data that is now being published on the dark web leak portal of the gang because they failed to extort the City. Some 45% of the stolen data includes 260,000 documents (3.1 TB) on this portal. 

There was no need to be concerned about the leak of the data because the data was "encrypted or corrupted" as the mayor of Columbus Andrew Ginther said in his statement to the Columbus media. As a result, David Leroy Ross (aka Connor Goodwolf) of the Security Research Group, a British security research company, refuted the Mayor's claim by sharing some samples of the leaked data with press outlets, which showed that it contained unencrypted personal information belonging to city employees, residents, and visitors. 

As of early August, Columbus had filed a lawsuit against security researcher David Leroy Ross, escalating the situation to a point where it became an extreme situation. In an announcement to the local media, Ross, who goes by the username "Connor Goodwolf", reported that residents' personal information had been uploaded on the dark web. According to the disclosure, Columbus officials had earlier claimed that only unusable, corrupted data had been stolen, which was contrary to the new disclosure.

The first cyber analysts to investigate the stolen data discovered a significant volume of sensitive files among them databases, password logs, cloud management files, employee payroll records, and even footage culled from city traffic cameras in the aftermath of Ross's revelations. In response to this attack, the city said it has committed to improving its cybersecurity protocols in the future to prevent similar attacks from happening again. 

In Columbus, a town of approximately 915,000 people, the Maine Attorney General's Office received a report from the city informing them that the breach may affect approximately 55% of its citizens. Those affected by this tragedy will receive two years of free credit monitoring and identity protection services as a gesture of goodwill from the city. The city of Columbus has been put under increasing public pressure to ensure that data is protected and transparent communications about the extent of the breach are made in light of rising public pressure. As a result of the City's lawsuit, Goodwolf is alleged to have spread stolen data illegally and negligently. 

There was a request for monetary damages with a request for a temporary restraining order and a permanent injunction, and the researcher was ordered to stop further dissemination of the leaked data to prevent future disclosures. It was decided in December 2011 that a temporary restraining order would be issued in Franklin County prohibiting Goodwolf from downloading and disseminating the data they stole from the City.

The City had previously claimed that the leaked data was useless, but as shown in breach notification letter samples filed with the Maine Attorney General's Office, despite its claims, it informed 500,000 people in early October that some of their financial and personal information had been stolen and published on the dark web by those who stole it. There has been a breach of the City information system, according to the breach notification letters, which include your personal information, including your first and last name, date of birth, address, bank account information, driver's license number, Social Security number, and other identifying information that may have been included as a result of the incident. 

Although the City has yet to find evidence of the misuse of its data, it warns those affected by this breach to keep a close eye on their credit reports and financial accounts to ensure no suspicious activity is taking place. It is now also offering 24 months of free 24 months of monitoring of credit and identity, provided by Experian IdentityWorks, as well as identity restoration services provided by Experian.
Read more »
Zero-click vulnerability
cloud storage security Data Breach malware infection network storage flaw Pwn2Own hack Ransomware attack Synology NAS Synology Photos app Synology QuickConnect Zero-click vulnerability

Zero-Click Vulnerability in Popular NAS Devices Exposes Millions to Cyber Attacks

 

A widely used device and application for storing documents, trusted by millions of users and businesses globally, has been found to have a vulnerability. A team of Dutch researchers revealed that this zero-click flaw could potentially compromise many systems worldwide.

This flaw, termed "zero-click" because it requires no user interaction to trigger, affects Synology's photo application, a default program on network-attached storage (NAS) devices from the Taiwanese company. Through this vulnerability, attackers could gain unauthorized access to these devices, allowing them to steal files, plant malicious code, or install ransomware, which could lock users out of their data.

The Synology Photos app comes pre-installed on Synology’s BeeStation storage devices and is also popular among users of their DiskStation models. These NAS devices enable users to expand storage via add-on components. Since 2019, Synology and other NAS brands have frequently been targeted by ransomware groups. Recently, DiskStation users have reported specific ransomware attacks. The vulnerability was uncovered by Rick de Jager, a security researcher with Midnight Blue in the Netherlands, during the Pwn2Own hacking event in Ireland. De Jager and his team identified hundreds of thousands of vulnerable Synology NAS devices online, although they warn that the real number of at-risk devices is likely in the millions.

The researchers, alongside the Pwn2Own organizers, alerted Synology about the flaw last week.

Network-attached storage systems are attractive targets for cybercriminals due to the large volumes of data they store. Many users connect their NAS directly to the internet or utilize Synology’s cloud storage for backup. Although security credentials can be required to access the devices, this specific zero-click flaw in the photo app doesn’t require authentication. Attackers can exploit it remotely over the internet, granting them root access to execute malicious code on the device.

The photo app allows users to organize images and provides attackers easy access whether the NAS is connected directly to the internet or via Synology’s QuickConnect, which offers remote access. Once an attacker compromises one cloud-connected Synology NAS, it becomes easier to identify others, thanks to how the system registers and assigns IDs.

The researchers found several cloud-connected Synology NAS devices linked to U.S. and French police departments, as well as numerous law firms in North America and France. Other compromised devices were used by logistics and oil companies in Australia and South Korea, along with maintenance firms in South Korea, Italy, and Canada, serving industries like energy, pharmaceuticals, and chemicals.

“These organizations store a range of critical data, including management documents and sensitive case files,” Wetzels said.

Beyond ransomware, the researchers warn of other threats, such as botnets, which infected devices could join to assist in hiding broader hacking operations. The Chinese Volt Typhoon group, for example, previously used compromised home and office routers to mask espionage activities.

Synology has not responded publicly to requests for comment, but on October 25, the company issued two security advisories marking the vulnerability as “critical.” Synology confirmed the discovery was made during the Pwn2Own contest and released patches for the flaw. However, without automatic updates on NAS devices, it is unclear how many users are aware of or have implemented the patch. Releasing the patch also increases the risk that attackers could reverse-engineer it to exploit the vulnerability.

While finding the vulnerability independently is challenging, “it’s not hard to connect the dots from the patch,” Meijer explained.
Read more »
Trending Cyberattack news
blockchain breach Breach Incidents Data Breach News Trending Cyberattack news

Researchers Develop Blockchain-Based Federated Learning Model to Boost IoT Security

 

In a groundbreaking development for Internet of Things (IoT) security, a team of researchers led by Wei Wang has introduced a novel distributed federated intrusion detection system. The study, published in Frontiers of Computer Science and co-published by Higher Education Press and Springer Nature, addresses key challenges in protecting IoT networks from sophisticated cyber-attacks. IoT devices have long been vulnerable to cyber intrusions, and traditional, centralized models of training detection algorithms often come with risks, including high communication costs and potential privacy leaks. 

They also struggle to identify new, unknown types of attacks. The research team’s new approach aims to overcome these issues by using federated learning, a decentralized method where data is processed locally rather than on a central server. 
This approach enhances privacy and minimizes communication expenses. To strengthen the security of their detection model, the team integrated a blockchain-based architecture into the federated learning system. 

In this setup, all participating entities conduct model training on their devices and upload only the model parameters to the blockchain. This design creates a secure, distributed environment for collaborative model verification. A proof-of-stake consensus mechanism is implemented, ensuring that only trustworthy entities contribute to the training process, effectively blocking out malicious participants. 

A unique aspect of this method is its ability to detect unknown attack types. Each device in the system uses an end-to-end clustering algorithm that relies on spatial-temporal data differences to identify new types of intrusions. Tests conducted on the AWID dataset showed that this model outperforms previous detection techniques, offering enhanced security and accuracy in identifying novel threats. The research team views this development as a significant step toward more secure IoT networks. 

“The integration of blockchain with federated learning brings a new level of security and adaptability to intrusion detection,” the team noted. 

Looking ahead, the researchers plan to focus on refining the model’s efficiency to support real-time detection needs in IoT systems. This study highlights the potential of blockchain-based federated learning as a robust defense against cyber threats in the expanding IoT ecosystem.
Read more »
Social Security Number
Data Breach Digital Security Passwords Sensitive data Social Security Number

Why Ignoring Data Breaches Can Be Costly




Data breaches are now more rampant than ever, exposing passwords and payment details to hackers. You could be getting breach alerts that pop up every so often, warning you that your data has been exposed. It's a wake-up call on how rampant the breaches are.

A Persistent Problem 

Data breaches have become part of our online lives. From credit card numbers to social security information, hackers never cease their attempts to access sensitive data. In fact, many breaches are financially driven, and about 95% of cyberattacks aim for money or valuable information. Still, despite all the news every day, companies often do not realise they have been breached until almost six months pass. The average time to discovery is 194 days according to Varonis. Therefore, the attackers have sufficient time to use the information before the companies can even initiate their response.

Rise of Breach Blindness

Over time, exposure to breach after breach has created "breach blindness," as if these alerts do not matter anymore. Since most of the time, nothing immediate happens, it is easy to scroll past breach notifications without thinking twice. This apathy is dangerous. Such a lack of care could mean stolen identities, financial fraud, and no one holding the companies accountable for their inability to protect the data.

When companies lose money as a result of these breaches, the consumer pays for it in the form of higher fees or costs. IBM reports that the worldwide average cost of a data breach is nearly $5 million, a 10% increase from last year. Such a high cost is a burden shared between the consumer and the economy at large.

How to Protect Your Data

Although companies are liable for securing data, there are various measures that can be undertaken personally. The first and most obvious measure is that your account should have a very strong and unique password. Hackers rely on frequently used, weakly protected passwords to bypass most accounts. Changing them with complexity makes it even more challenging for attackers to bypass and get to compromising your data.

It is much important to stay vigilant nowadays with data breaches being as common as a part and parcel of the internet. This breach, little by little, erodes privacy online and security. Stop pretending not to know those prompts; take them as warnings to check on your web security and work on strengthening it if needed. The one thing to do with all this is to keep apprised so as to not be taken in on the hook.




Read more »
Data Safety and Protection
AI Privacy CyberCrime Cybersecurity Cyberthreats Data Breach Data Removal Data Safety and Protection

When and Why to Consider a Data Removal Service

 


With the risk of data misuse and breaches increasing daily, individuals will be driven to seek reliable methods for securing their online privacy in 2024 to manage these risks. A growing number of privacy solutions are available online now, including services for removing users' data online, generating a great deal of interest. 

As a result of these services, individuals can identify and remove personal information from the internet that can lead to identity theft and other unpleasant circumstances, in some cases targeting data brokers, people searching websites, and other repositories where potentially sensitive information is readily accessible. 

There is, however, the need to evaluate the effectiveness, reliability, and value of these services, regardless of how appealing they may seem. This is a crucial step that needs to be understood by those who are considering whether to invest in these services, as well as finding out the scope of their capabilities, and what limitations they may have. 

Individuals need to judge the reality behind the promises made by data removal services before deciding whether or not such services are a worthwhile endeavour to achieve greater privacy control or if alternative methods might be more effective for making the required changes. With the widespread importance of digital privacy, as well as the increased risk it is subject to, understanding the nuances of online data removal services is vital for individuals to make informed choices regarding how to protect their personal information effectively. 

A vast amount of information about an individual is readily available on the internet today, and this has increased dramatically over the past few years as advertisers attempt to target us with ads and content based on the information they can gather about them. As well as this advances in technological advances such as artificial intelligence have compounded the situation by making it easier for cybercriminals to gather data and commit online scams across the world. 

While online privacy concerns continue to grow, data removal services offer a glimmer of hope that privacy can be preserved. It is a third-party tool that helps individuals locate online platforms and databases where their private data can be found, make sure they are removed from those platforms and curtail their digital footprints by removing these private data from those platforms. 

For data removal services to be available to the general public, they require specialized professional services that can locate and remove personal information from an array of online platforms and databases promptly. Initially, these services were developed with a strong focus on privacy protection. They worked hard to make sure that sensitive data, such as credit card numbers, driver's licenses, or other forms of personal information, was not easily accessible by anyone other than authorized parties, such as strangers, corporations, or criminals. 

Data removal services essentially function as a crew of "digital cleaners" for resolving problems in terms of data security and privacy concerns. The experts at these services have a deep understanding of data-sharing pathways and online repositories, which allow them to track down where personal information is stored across the internet, and to assist clients in either eradicating or restricting access to it as needed. 

A variety of sources, including social media platforms, online directories, websites, and a variety of data brokers, are commonly used to remove personal information from electronic domains. This usually involves removing data from their sources, including websites, social media, and data brokers. 

Here is a brief overview of the purpose and benefits of data removal services-

 A data removal service should always be able to guarantee enhanced privacy protection, in that it aims to make sure that no unauthorized parties have access to or misuse personal information. 

They are an integral part of the defence mechanism against identity theft, fraud, and data breaches that occur due to their use. There is a growing number of companies that offer services to help companies and individuals protect their sensitive information by targeting data from public records, databases, and marketing platforms. By doing so, they provide security layers that help limit who has access to sensitive information and assist them in securing it. 

As people move into an increasingly hyper-connected world, digital footprints are accumulating rapidly, and the information they leave behind can often be obsolete or irrelevant due to their rapid accumulation. To reduce this digital footprint, data removal services remove unnecessary or outdated information from these files as part of their operations. Through the minimization of online presence, these services can increase the difficulty of third parties being able to control the online activities of their users, which leads to greater control over a person's privacy online. 

A lower risk of falling victim to fraudulent schemes and receiving excessive marketing solicitations Due to the scattered nature of personal information on the internet, there is a high probability that one will fall victim to fraud or receive unwanted marketing solicitations. To mitigate this risk, data removal services manage the visibility of data, thereby reducing the chances of being contacted by marketers or malicious actors using personal details for phishing attacks, scams, and frauds. 

Many people find peace of mind in knowing that their personal information is being managed by privacy experts who are committed to protecting their privacy. As a result, clients can navigate the internet with a greater sense of security, free from the continuous worry about data misuse or privacy infringement when they are dealing with personal information online.

It is quite common for companies and data brokers to collect a wide range of personal information about us through a variety of different methods, including the users' shopping history on e-commerce sites, public records, social media profiles (including posts, likes, comments, and connections), medical records, online search history, credit card transactions, and other forms of information. There is a great deal of valuable information that advertisers can use to target their advertisements, including users' names, ages, genders, and Social Security Numbers, along with their IP address, browser cookies, and how they use the internet. 

To achieve this purpose, it is important to understand that it can be used for targeted advertising, suggesting content/products that users may find beneficial and ultimately decide to buy. Is there a benefit for the companies and data brokers who harvest their data to sell to other companies and businesses? The company sells users' data to advertisers for a profit, which is how they make money. It is a well-oiled system in which everyone benefits from the information that they provide. 

The results of having users' data exposed, however, can lead to identity theft, financial fraud, harassment (including stalking and surveillance), and social engineering attacks such as doxxing, potential discrimination, and, of course, targeted advertising, which is something most people do not like. Several benefits can be gained from using data removal services, but they also have certain limitations as well. As far as the effectiveness of the services is concerned, there is a primary concern. 

These services cannot completely guarantee that personal information will be removed from the platforms or brokers of online data, but they do have some assurances. The effort to erase data from specific sites could, however, fail for various reasons, including data breaches, data mining activities, or newly updated public records which might reappear when the site is updated. The use of a data removal service, on the other hand, does not provide a comprehensive, one-time solution to the problem of data loss. 

A data removal service usually targets companies that sell search engine optimization and data analytics software, which means they have limited ability to remove "public" data - that is, any information that is publicly available through government records, social networking sites, and news publications. Publicly available data, such as information found in government records, social media posts, or news publications, remains accessible despite data removal efforts. This underscores a critical limitation in the scope of data removal services, as they are unable to remove information classified as public.

The persistence of this data online reflects the inherent challenges these services face in fully securing individual privacy across all platforms. Cost considerations also play a significant role in evaluating the viability of data removal services. Typically, these services charge subscription fees that can range from moderate to significant monthly costs, often amounting to several tens of dollars. 

While they strive to protect personal information, they cannot guarantee complete data removal from all sources. This limitation is not due to a lack of effort but rather the complexities involved in tracking and controlling data spread through diverse online channels, some of which are continually refreshed or redistributed by third parties. Consequently, for individuals or businesses considering data removal services, it is important to weigh these costs against the limitations and partial protections offered, ensuring that the service aligns with their privacy needs and risk tolerance.
Read more »
Subscribe to: Posts (Atom)