Comments by: Tim Mackey, Principal Security Strategist, Synopsys Software Integrity Group
Attackers define the rules of their attack, and increasingly they are operating just like businesses. But just like any business, there is nothing to say that they too can’t be hacked and their data stolen.
When your primary asset is data, that asset is going to be valuable to more than just you. If that data is stolen from one criminal enterprise, that criminal group might not protect their data and it could easily be stolen multiple times. Effectively, data security is only as good as the weakest link. The people most interested in keeping data secure are the data owners (us) and the businesses we share our data with. We should limit the data we share to only what’s required, and hold those with whom we share our data accountable for its safe-keeping.
Comments by: Clement Lee, Security Architect, APAC, at Check Point Software Technologies
This might be just an extension of an earlier incident with Facebook in 2019. The exposed data was based on an API permission that would allow anyone to query a user’s number. So far, the motive of publishing the data online is not clear, as there is no financial incentive in giving out the information for free. However, it is also not a new trend that Check Point is seeing.
Facebook users should take caution – with the information leaked, bad actors can leverage on these details to perform hacking and phishing attempts through social engineering. One should always take extra precaution to ascertain the legitimacy of the interaction, even if the person is someone you trust.
Comments by: Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky
The re-emergence of users’ personal data that was previously leaked highlights how the impact of a data breach transcends the limits of time, and imparts upon us the valuable lesson that what is lost will be lost forever. With access to phone numbers, user IDs, full names and even email addresses, cybercriminals have a fertile ground from which they can launch multiple cyberattacks in the form of phishing scams, social engineering attacks as well as break into an organisation’s IT systems to deploy ransomware.
From a business standpoint, communication is key as choosing the right spokespeople, informing your customers in a prompt and truthful manner will help an organisation regain their public goodwill and trust as quickly as possible. Beyond that, it is equally important that you get your business continuity plan right by ensuring any vulnerabilities are patched and software upgraded to prevent further leaks.
As with most things, cybersecurity takes two hands to clap and any effort to mitigate the impact of data breaches will also require the proactive effort of consumers who have been affected. Apart from changing your passwords and running an effective antivirus solution, knowing how to respond if your identity is stolen will help you prevent cybercriminals from exploiting your data further. As soon as you discover unauthorised access into your accounts, get in touch with your service provider to update them immediately so that you will not be held liable for anything that happens. In this instance where old personal data has resurfaced online, one can hedge against the long-term consequences of identity theft by monitoring your financial activity as this remains a perennial area of interest for many cybercriminals.