CouchSurfing is investigating a security breach affecting 17 million users. The CouchSurfing data is currently being sold for $700 on Telegram channels and hacking forums. As part of our expert comment series, the cybersecurity expert reacted below on this breach.
Experts Comments
Organisations need to have layered controls.
Organisations need to have layered controls - this means having security controls that make it difficult for attackers to gain access, as well as having detection and response controls that can help identify and respond to any attacks that are successful so that remedial actions can be taken in a quick manner. Along with technical controls, this means having good procedures in place, as well as providing security awareness and training to all employees so that they act as an extension to the.....Read More
Anyone with an account must be vigilant to current phishing emails purporting to be from CouchSurfing or their connected partners.
This price tag seems a little high for data without password details, however, leaked information has a high value in its initial week, before it is mainstream. Once the affected users are made aware of the breach, and the heightened risk of phishing emails, the price will drop as the click-through rate decreases.
Anyone with an account must be vigilant to current phishing emails purporting to be from CouchSurfing or their connected partners. It would also be a good idea to change the password .....Read More
In this year of social activism, resources like CouchSurfing can be invaluable.
The good news is that they are aware of the situation, were forthcoming, and got help – both from law enforcement and cyber experts. It’s interesting and more concerning that the passwords weren’t shared. In this year of social activism, resources like CouchSurfing can be invaluable. Might it be that the bad actors wanted to get lists of people couch surfing around specific events such as protests? Perhaps they’ll go back to CouchSurfing for payment to hold off on the release of.....Read More
While it's fortunate that user passwords weren't compromised, the millions of active email addresses are still useful for spam and scam lists.
The release of information from the popular CouchSurfing website is of some concern to their millions of users. While it's fortunate that user passwords weren't compromised, the millions of active email addresses are still useful for spam and scam lists. Information on how the attack happened hasn't been released, but it seems likely from the volume of data and what was in it that attackers gained access to an exposed database backup. If that's the case, they'll need to review their process.....Read More
The information in the database can be used to make malicious emails more convincing and personalised.
Even though no passwords were reportedly leaked, I would still recommend CouchSurfing users change their account passwords, as well as any other accounts that share the same password.
Users should also be on the lookout for targeted phishing emails from scammers posing as CouchSurfing or a related company. The information in the database can be used to make malicious emails more convincing and personalised. Never click on links in unsolicited emails and double-check senders' email domains.
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Chris Hauk, Consumer Privacy Champion, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Users should always be wary of clicking links or opening attachments in any emails, even those appearing to be from your personal contacts...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-reaction-on-couchsurfing-investigates-data-breach
Facebook Message
@Chris Hauk, Consumer Privacy Champion, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Users should always be wary of clicking links or opening attachments in any emails, even those appearing to be from your personal contacts...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-reaction-on-couchsurfing-investigates-data-breach