Thursday, April 11, 2019

Security Round Up: Amazon, Facebook & Ransomware

If you are interested or looking for them you can find near daily news articles discussing some form of risk to the security of our private data. This can come in many forms including, but not limited to:
  • Company data breaches
  • Ransomware attacks
  • Phishing schemes
  • Malware
  • Companies storing files in plain text
  • Servers that did not receive critical updates
  • Social engineering and more
The point of this list is to show all the ways we need to be vigilant. While we do not want to waste all our time worrying about our data, the more present we are while online and the more cautious we are when sharing information, the better protected we will be. There will always be examples of issues out of our hands, for instance when a company gets hacked, but if we protect ourselves by not reusing user id's and passwords we can control how badly we are affected.

This post includes recent security issues happening with everyday companies that might affect you.

Security Round Up: Amazon, Facebook & Ransomware


Amazon

A Bloomberg report from earlier this week reported that Amazon workers are listening to conversations heardy by Alexa. There are thousands of people around the world helping to improve Alexa by listening to voice recordings captured by owners of the Echo. Amazon has responded by saying only a very small portion of conversations are being listened to by humans and that this is done to help improve customer service. 

Alexa's privacy settings do provide the option to disable the use of your personal voice recordings from being used to develop new features. However, disabling this does not guarantee some of your voice recordings will not end up being listened to by a real person.

The Takeaway: Any smart device that has a listening mode is, well, listening. Use these devices cautiously based on what your conversations include and how comfortable you are with that information being listened to by others. As with anything that is sent over the internet, regardless of the intent to keep this data secure, there is the potential for it to end up in the wrong hands or being used in an unacceptable way.

Facebook

Part 1
Obviously Facebook has been in the news frequently and have been under increased scrutiny after the Cambridge Analytica scandal. What has come to light since is more insight into how freely user's data was shared with third-party companies. Once this information was shared, it seems there was little guidelines or enforcement on how the data was handled by those third-parties.

Earlier this month millions of Facebook user's records were found stored in plain text on Amazon cloud servers. Although the information was placed there by a third-party company rather than Facebook, the information came from Facebook and was shared with that company. The information was a database of 540 million people that included users, id numbers, comments, reactions and account names.

The Takeaway: While this particular breach did not include passwords, it is important to note that breaches like this can be combined with other data leaks. As more breaches occur, it is possible to identify active user id's and password combinations for other accounts. While some breaches are more devastating than others, every breach is harmful to our privacy and security when we are included among the victims.

Part 2
Until recently Facebook shared names, passwords and email addresses of its users freely with third party applications. This happened without our express consent, but is covered in the user policies we accept when we sign up. Unfortunately, we do not always realize where our private information, including passwords, is being shared. Most users think their information is contained within the company whose services they signed up for in the first place. 

In addition to the database found in plain text mentioned above, another database of 22,000 Facebook users was found exposed by UpGuard. Unfortunately, this breach has the potential to be far more devastating than the one with millions of records because this breach included the names, emails and passwords of those users. 


The Takeaway: This is yet another example of why it can be critical to use different combinations of user id's and passwords for different accounts. There is no way to predict when a company, or you, might suffer a data breach. The best protection is to prevent anyone from reusing those credentials at another site because they only work at the site that was compromised.

Ransomware

Last week New York's capital city was hit with Ransomware and it affected the city in ways that show how powerful this type of attack can be. For police officers, this attack denied them access to the scheduling system, email and all other internet based programs. Ransomware is crippling to most victims, but when critical systems like police, hospitals, water or fire are affected, the threat is much higher because human lives can be at risk.


Ransomware locks users out of the files on their computers by encrypting the local files until a Ransom is paid. Even then, there is no guarantee the decryption key will work. Worse yet, each time a ransom is paid, the hackers are encouraged to continue this kind of attack. Some victims are forced to pay or risk losing their business. Other victims cannot afford to pay and instead move forward with the loss. Either way, there is no good answer unless you have backup copies of all of your important files.

The Takeaway: The increasing consistency of Ransomware attacks is in response to the effectiveness of these attacks. The more people pay, the longer they will remain a threat. The best thing you can do to protect yourself is to be prepared so you never need to pay. This is accomplished by keeping multiple copies of important files. Be sure these are in separate locations and on separate machines. NOTE: External USB drives connected to computers will also be encrypted in a Ransomware attack!


It is unfortunate that there are constant attacks targeting our data privacy and security. This is not going to change any time soon. What you can do is stay informed, use good practices when creating new user accounts and passwords, never share accounts with others, refrain from making decisions based on emotions, and talk to someone you trust when you run into a problem.

As always, the more you are aware about different types of data breaches and attacks, the better you can protect yourself.

Enjoy this post? Subscribe to our Blog

No comments:

Post a Comment