Category: Data Theft

Passwords Leaked : Microsoft in Trouble

Posted on by Srishti Chaubey

Introduction

Recent reports unveil a significant data breach at Microsoft, exposing employee passwords and confidential corporate data to the internet. This breach underscores the pressing need for robust cybersecurity protocols and heightened vigilance to safeguard sensitive information.

Microsoft: Passwords Exposed Online
Credit: Business Today

About the Breach

Security researchers from SOCRadar (Can Yoleri, Murat Özfidan and Egemen Koçhisarlı )discovered an open and public storage server on Microsoft’s Azure cloud service. This server was housing internal data related to the Bing search engine. Left unprotected, it exposed code, scripts, and configuration files containing credentials used by Microsoft employees to access internal systems.

Data Exposure

The exposed data poses severe risks, potentially granting malicious actors access to other confidential files within Microsoft’s network. The lack of password protection on the server facilitated easy access to sensitive information, raising concerns about cybersecurity vulnerabilities.

Response and Resolution

The researchers promptly notified Microsoft of the vulnerability in February, prompting the company to secure the exposed server by March. However, the duration of the data exposure and the extent of unauthorised access remain unclear.

In a statement shared after publication on 10th April, Microsoft’s Jeff Jones said: “Though the credentials should not have been exposed, they were temporary, accessible only from internal networks, and disabled after testing. We thank our partners for responsibly reporting this issue.” But Microsoft has yet to issue an official statement addressing the breach.

Breach History: The latest addition to a series of “Mishaps”


Microsoft has faced numerous security breaches, like the ‘Summer 2023 Exchange Intrusion,’ where hackers accessed mailboxes of 22 organizations and 500 individuals, including senior US government officials. The company’s lax corporate culture and failure to prioritise security investments were criticised by the US Cyber Safety Review Board. Recent oversights, like mislabelling CVEs in Patch Tuesday releases, exposed gaps in Microsoft’s security protocols. Last year, researchers found that Microsoft employees were exposing their own corporate network logins in code published to GitHub.

Conclusion

As Microsoft grapples with the aftermath of this data breach, it highlights the ongoing battle against evolving cybersecurity threats. Human error is inevitable, and we require systems that are error-proof to avoid such breaches occurring in the future. By embracing secure identity and access management technologies, such as passwordless authentication, organizations can significantly reduce the risk of security lapses and enhance overall cybersecurity posture.

Read Also

Microsoft Reveals Russian Hack: Executive’s Emails Compromised

Securing Cloud Environments: Lessons from the Microsoft Azure Breach

BoAt Lifestyle: Understanding the Data Breach

Posted on by Srishti Chaubey

Introduction

A recent data breach has shaken boAt, a leading manufacturer of audio products and smartwatches. The personal data belonging to over 7.5 million customers of boAt is getting sold for 2 euro only. This breach highlights the critical need for robust security measures and the adoption of zero trust architecture to protect customer data effectively.

About the Breach

A hacker named “ShopifyGuy” claimed to have leaked personal data of over 7.5 million boAt customers on the dark web. The compromised information includes names, addresses, contact numbers, email IDs, and customer IDs, posing severe risks to customer privacy and security.

Data Loss

The leaked data, totaling approximately 2GB, exposes boAt customers to potential financial scams, identity theft, and phishing attacks. Threat actors could exploit this information to conduct fraudulent activities, posing significant threats to individuals’ financial and personal well-being.

Credit : TOI

Aftermath

The aftermath of the data breach includes a loss of customer confidence, legal consequences, and reputational harm for boAt. Prompt action is necessary to mitigate risks and restore trust among affected customers.

Strengthening Data Security: The Role of Zero Trust Architecture

In preventing data breaches like the one experienced by boAt, adopting a zero-trust architecture proves crucial. By implementing strict access controls, continuous monitoring, and privilege access policies, organizations can reduce the chances of unauthorised access and mitigate the risks associated with potential breaches.

With these proactive measures, boAt and other organizations can better safeguard customer data and maintain trust in an increasingly digital world.

GitHub: Millions of Secrets Exposed

Posted on by Srishti Chaubey

Introduction

In 2023, developers inadvertently leaked a staggering 12.8 million secrets on public GitHub repositories, marking a concerning 28% increase from the previous year. This revelation underscores the security challenge faced by GitHub, as highlighted in a recent report by GitGuardian, a leading security vendor in the software development realm.

Persistent Security Gap

Despite the alarming number of leaked secrets, GitGuardian found that a staggering 90% of these exposed secrets remained active even five days after the initial leakage. Shockingly, only a mere 2.6% were revoked within one hour of receiving notification via email.

The Threat of Malicious Repository Forks

The report adds to the ongoing security challenges faced by GitHub. Since mid-2023, attackers have exploited GitHub’s ecosystem, employing sophisticated tactics to infiltrate legitimate repositories and spread malware. These incidents serve as a reminder of the ongoing challenges in securing the software supply chain.

Commonly Leaked Secrets

The most commonly leaked secrets included Google API keys, MongoDB credentials, OpenWeatherMap tokens, Telegram Bot tokens, Google Cloud keys, and AWS IAM. These leaked credentials could potentially grant unauthorised access to sensitive enterprise resources, posing a significant threat to organisational security.

Growing Popularity of AI Services

GitGuardian’s report also shed light on the growing popularity of AI services, with a notable increase in leaks of OpenAI API keys and HuggingFace user access tokens. These findings underscore the need for heightened security measures in the rapidly evolving landscape of artificial intelligence.

Sectoral Impact

The IT sector emerged as the worst offender, accounting for 65.9% of the total leaked secrets, followed by education, science & technology, retail, manufacturing, and finance and insurance.

Credit: GitGuardian.com


It’s concerning to see India leading the charge in secret leaks, underscoring the necessity of bolstering security practices in CI/CD pipelines. This serves as a reminder of the critical need for enhanced vigilance in safeguarding sensitive data.

Call to Action

GitGuardian urged organisations to not only detect but also remediate these leaks effectively. While detection is crucial, remediation efforts are equally essential in mitigating the risks associated with leaked secrets. Additionally, organisations can enhance their security posture by leveraging advanced authentication frameworks such as PureAUTH’s CASPR module.

This module ensures codebase integrity with cryptographic verification. By implementing robust security measures and utilising advanced authentication solutions, organisations can better safeguard their data.

Conclusion

In conclusion, the findings from GitGuardian’s report underscore the pressing need for organisations to prioritise security measures to safeguard sensitive data and prevent unauthorised access to critical resources. The threat posed by millions of malicious repository forks since mid-2023 further highlights the importance of bolstering GitHub’s security infrastructure. By adopting advanced authentication frameworks such as CASPR, organisations can bolster their defences against security threats and ensure the integrity of their codebase.

PureID helps enter prises to remove secrets like passwords, static keys, access tokens with its passwordless technology. By adopting it’s other  advanced authentication frameworks such as ZITA – Just-In-Time-Access & CASPR code-commit protection, organisations can bolster their defences against security threats and ensure the integrity of their codebase.

Investigating Fidelity Investments Life Insurance Data Breach: A Closer Look

Posted on by Srishti Chaubey

In recent weeks, Fidelity Investments Life Insurance has come under scrutiny following a significant data breach affecting thousands of customers. Here’s what you need to know about the incident:

1. Data Breach Details:

  • The breach, which occurred between October 29 and November 2, 2023, stemmed from an unauthorised party accessing sensitive consumer data held by Fidelity Investments Life Insurance.
  • Approximately 28,000 customers were impacted by the breach, with their personal information compromised.
  • The breached data includes names, social security numbers, dates of birth, states of residence, and financial information, particularly bank account and routing numbers used for premium payments on life insurance policies.
  • This data can contribute to an increase in phishing attacks, and uplift the risk of identity theft or financial fraud for the customers.

2. Third-Party Involvement:

  • The breach was traced back to Infosys McCamish Systems, a third-party service provider utilised by Fidelity Investments Life Insurance.
  • Infosys McCamish notified Fidelity Investments of the breach in early November, prompting an investigation into the incident.

3. Ongoing Investigation:

  • Infosys McCamish has engaged external experts to conduct a thorough investigation into the breach.
  • While the investigation is ongoing, Fidelity Investments Life Insurance officials believe that a range of sensitive customer data was compromised during the breach.

4. Customer Notifications:

  • Fidelity Investments Life Insurance has begun notifying affected customers about the breach and the potential exposure of their personal information.
  • The company emphasises its commitment to protecting customer data and pledges to take appropriate actions in collaboration with Infosys McCamish.

5. Prior Incidents:

  • This isn’t the first time Infosys McCamish has caused security breaches.
  • In a separate incident, Infosys McCamish notified Bank of America about a breach affecting over 57,000 customers enrolled in deferred compensation plans.

6. Response and Assurance:

  • Fidelity Investments Life Insurance reassures customers that they have not impacted their systems by the breach and that they have detected no related activity within Fidelity’s environment.

7. Legal Investigation:

  • The law firm of Federman & Sherwood has initiated an investigation into the data breach at Fidelity Investments Life Insurance, aiming to assess the impact on affected individuals.

8. Call for Action: Implementing Zero Trust Measures

  • To mitigate the risk of data breaches like this in the future, companies can adopt a zero trust approach.
  • By implementing strict access controls, continuous monitoring, and least privilege access policies, organizations can significantly reduce the likelihood of unauthorised access to sensitive data, hence lowering the risk of data and reputation loss because of a third party vendor breach.

As the investigation unfolds and affected customers are notified, Fidelity Investments Life Insurance remains focused on addressing the breach, safeguarding customer data, and ensuring transparency throughout the process.

Stay tuned for further updates as the situation develops.

#getzerotrust #gopasswordless

Atlassian Pawned by hacker group : Blame Game is on

Posted on by Srishti Chaubey

SiegedSec, the same hacking group that made headlines last year after leaking eight gigabytes of data from the state governments of Kentucky and Arkansas, has hacked the software company Atlassian. The group has shared two floor maps for the Sydney and San Francisco offices and a JSON file containing information about approximately 13,200 Atlassian employees, including their names, email addresses, work departments and phone numbers.

Atlassian Pawned by hacker group Siegedsec. The post by Siegedsec.

SiegedSec post

“THAT’S RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian,” the hacking group said in a message that was posted along with the data. “This company worth $44 billion has been pwned by the furry hackers uwu.”

Reason and responsibility:- 

“On February 15, 2023, we became aware that an unauthorised party had compromised and published data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources,” said Atlassian spokesperson Megan Sutton.

Atlassian Pawned by SiegedSec

Envoy, however, was just as quick to rebuff Atlassian’s claims. Envoy spokesperson April Marks said that the startup is “not aware of any compromise to our systems,” adding that initial research had shown that “A hacker gained access to an Atlassian employee’s valid credentials to manipulate and access the Atlassian employee directory and office floor plans held within Envoy’s app.”

Soon after the startup’s denial, Atlassian changed its stance to align more closely with Envoy. They later said an employee posted their credentials on a public repository by mistake.

Damage Control:- 

Atlassian said they disabled the account of the said employee so there is no more threat to Atlassian’s Envoy data. Therefore Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.”

“The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more.”

Mitigation:- 

It has become increasingly common for hacker groups to target individual employees or devices to gain access to enterprise systems. If an attacker is able to obtain an employee’s credentials, they can use that information to infiltrate the organization. To mitigate this risk, some experts recommend using a passwordless solution like PureAUTH. By eliminating passwords, organizations can significantly reduce the likelihood of future breaches and minimize their exposure to unforeseen vulnerabilities.

Resolution 2023 | Making World Password Free
Know Your Code Infrastructure (CIx)

© 2024 | PureID. All Rights Reserved

Privacy & Terms | Licenses