This is the third article in our new series, Modern Privacy

It never ceases to amaze me just how much news we can cycle through in about a month. We live in a supercharged climate that makes it seem like events happen with such great frequency. In this climate, it can feel like it’s impossible to keep up.

Unless you’re keeping a running list of major news, it’s so easy to forget about and miss things. And, honestly, that’s how many people in our government and society would prefer it, as it can give people a free pass where none should be granted. So, with this in mind, let’s begin!

Equifax: Giving Us a Collective Heart Attack Since 2017

Most of us are totally clueless. A recent survey shows that only 9% of Americans actually know that they have three different credit scores from the three credit reporting agencies: Equifax, Transunion and Experian. We also suck at geography but more of us can apparently find Afghanistan on a map than speak intelligently about credit. Fortunately for us, Equifax has changed this. Unfortunately for us, all it took was for them to basically give hackers very sensitive information on all of us.

Equifax’s IT department got a bit lax and forgot to update a critical piece of software which let the hackers walk right in and steal a declared 143 million records. So, here’s the thing…breach disclosures are a tricky thing and often subject to change. Many times we will see the initial disclosure of records hacked be revised over time. The best example of this would be Dropbox declaring a breach of seven million accounts in 2012 and then waiting four years before changing that number to 70 million! And this is the real issue here.

If you’re an American who has ever had a credit card, rented an apartment, bought a house, purchased or leased a vehicle, had a bank account and probably even held a tax paying job in the United States, then Equifax knows who you are. That 143 million is only the tip of the iceberg and Equifax knows it. So, freeze your credit with the three reporting agencies, get credit monitoring (though not through Equifax’s free one since they tried to pull a fast one and get you to sign your right to sue them away) and understand that when it comes to a data breach, we’re all in this one together.

Exercise May Kill You But at Least Your Fitbit Will Only Leak Your Personal Data

Recently, I wrote an article about the Internet-of-Things (IoT) and how, globally, we have a serious issue with insecure devices being hijacked and weaponized. Most IoT devices don’t carry personal data about the user as they are generic devices like video cameras, however, the devices that do contain any personal data should be protected. Sadly, Fitbit now joins the ranks of the insecure.

To be fair, Fitbit isn’t the first fitness tracker to be hacked relatively easily and there is no doubt they won’t be the last. However, Fitbit has a very large presence in this industry, so it’s bigger news than normal for this industry. Fitbit responded and is going to be working on improving security. I just wish it didn’t have to come at the expense of our personal data!

Google Docs Once Again Is a Phisher’s Best Friend

Poor LinkedIn. Last year they declared a breach of 117 million logins and this year they’re being used by hackers to run a phishing scam to steal users’ Gmail credentials. Basically, LinkedIn Premium accounts are being used to phish for login credentials and the hackers are using a URL shortener to mask the actual threat of the phishing site.

Users are then being redirected to a site that looks like a Gmail login but is actually a site designed to capture their login information. Once the info is entered, the site redirects to an actual Google Doc. So, unless the user is paying attention to the URL at the initial login page, the whole process looks entirely legit. Ultimately, scams like this come down to awareness. Make sure to check the site you’re linking t0. You can always run a site checker to ensure that where you are going is legit.

Viva Vevo!

I know several large music corporations are beyond thrilled that if they had to get hacked, they’d be lucky enough to have a more important breach like Equifax dominate the news cycle. If you’re unfamiliar with Vevo, it an entity that was created by several large media corporations including Sony, Universal, Warner, Alphabet and others to have a platform for sharing and streaming videos. So, naturally, it’s hacker bait.

OurMine, which is a hacker squad known for pulling off the hacking of HBO’s twitter account as well as some other high-profile hits, was able to penetrate Vevo so deeply that they were able to dump over three terabytes of Vevo data online!

Not just videos but also internal documents including the alarm codes for the UK office and other fun sensitive material. If you didn’t hear about this one, it’s not surprising. As I mentioned above, Equifax has dominated the hacking news lately given that their breach affected an entire national population and Vevo is dealing with only music videos.

This also underscores my original point in that news moves so quickly in the age of interconnectivity. We have simultaneous issues happening together in real time and with an average about of 12 public breaches a day happening at the moment, it’s impossible for anyone to keep up even though we try. So, keep fighting the good fight, people!

Want more Modern Privacy?

Get new Modern Privacy articles delivered straight to your inbox. Sign up here to stay informed about developments in privacy and cyber security.

Related Posts

About Nick Espinosa

Nick serves at BSSi2 as the CIO & Chief Security Fanatic and is an expert in security and network infrastructure. Nick has consulted with clients ranging from a few computers to the Fortune 100 level regarding encryption systems, infrastructure and multinational environments. When he isn’t working magic with computers or playing with his daughter, Nick relaxes by playing chess, riding motorcycles and increasing his knowledge of history. You can follow Nick on Twitter at @NickAEsp

Leave a Reply

Your email address will not be published. Required fields are marked *