Cash App Breach By Ex-Employee ImpactsOver 8 Million Users

By   ISBuzz Team
Writer , Information Security Buzz | Apr 18, 2022 01:56 pm PST

As the Cash app breach story unfolds, it is clear why Zero Trust & Least Privilege Access matter. In the SEC disclosure of the breach, Block, Inc. (parent co) reported:

“it recently determined that a former employee downloaded certain reports…  While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.

“The information in the reports included full name and brokerage account number (this is the unique identification number associated with a customer’s stock activity on Cash App Investing), and for some customers also included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day.”

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jackson Shaw
Jackson Shaw , CSO
April 18, 2022 9:56 pm

There should be no standing privileged accounts. If you need privileged access you should:

  1. Request it; include a rationale, and a time duration.
  2. Send it for approval to someone else – the owner of the app; your manager; someone in IT – there needs to be an audit trail
  3. Have the request granted
  4. Check the password out
  5. Check the password in before the time duration expires

On expiration, or early check-in, the privileged account password is scrambled and saved along with the account being disabled until the next valid request.

Turning privileged accounts off is the best way to protect them from hackers.

Last edited 1 year ago by Jackson Shaw
Andrew Moyad
Andrew Moyad , CEO
April 8, 2022 10:44 am

This type of breach occurs more widely than most people may realize and is a textbook example of why the rapid removal of privileged access during employee terminations is an essential hallmark of strong cybersecurity programs. One of the most common findings in service organization controls (SOC) reports over the last decade has been the absence of timely revocations during employee termination, so Block, Inc. is not alone here. Sadly, with so much industry focus on investments in technology solutions to fend off malware, ransomware, and other external attack vectors, we often overlook the insider threat and the risk from human factors as a predominant cause of security breaches. This example is a stark reminder that network hardening also needs more focus on the inside of an organization, not just against outside threats.

Last edited 2 years ago by Andrew Moyad

Recent Posts

Would love your thoughts, please comment.x