Identity is Security: Hackers Run on Data
There is a lot to unpack this week as we wind down for the weekend. If you run on Dunkin, as many of us do, then you should pay close attention to the breach of the week. The company discovered that hackers were trying to get into user accounts, likely using a method called “credential stuffing,” which simply means they used credentials they acquired as a result past data breaches. It’s our weekly, not-so-gentle reminder to not reuse passwords, especially across both work and personal accounts. That’s where a consumer breach like this one gets dicey for companies who may now be at risk for exposure if one of those exposed consumer accounts shared login credentials with a work account.
We need only look back through 2018 to see that these are no longer one-off events. Millions of potentially affected accounts sound like a lot, but that is only a notch in the round-up of major breaches over the past year.
Our data is how hackers are making a living, and it’s only getting easier. They take opportunities like Brexit to wiggle their way into people’s inboxes, as we saw this week with the group behind Fancy Bear luring people with “Brexit” emails containing malicious documents. We know hackers are opportunistic, and those opportunities seem only to be growing. Stay vigilant with your online interactions, please!
That has gone so far as to extend to our DNA (perhaps the most precious PII of all). That’s the conversation our CMO began this week by raising questions about the increase in the consumerization of DNA and asking: is the digitization of our DNA the safe thing to do?
While danger lurks, so do opportunities to get in front of these evolving threats. With that, we’d like to know what security news caught your attention this week?