Expert Comments

Expert Reaction On CouchSurfing Investigates Data Breach

Expert(s): Security Experts
Expert(s): Security Experts

CouchSurfing is investigating a security breach affecting 17 million users. The CouchSurfing data is currently being sold for $700 on Telegram channels and hacking forums. As part of our expert comment series, the cybersecurity expert reacted below on this breach.

Experts Comments

Dot Your Expert Comments
Chris Hauk
July 24, 2020
Consumer Privacy Champion
Pixel Privacy

Users should always be wary of clicking links or opening attachments in any emails, even those appearing to be from your personal contacts.
While the CouchSurfing breach doesn't appear to have included password information (meaning hackers won't be able to use the information to attempt to access users' accounts on other sites and services), the breach does still present a threat to users' online privacy. Bad actors can use the email addresses to flood users' inboxes with spam emails, some of which will most surely include malicious links and attachments. Users should always be wary of clicking links or opening attachments in any.....Read More
While the CouchSurfing breach doesn't appear to have included password information (meaning hackers won't be able to use the information to attempt to access users' accounts on other sites and services), the breach does still present a threat to users' online privacy. Bad actors can use the email addresses to flood users' inboxes with spam emails, some of which will most surely include malicious links and attachments. Users should always be wary of clicking links or opening attachments in any emails, even those appearing to be from your personal contacts.  Read Less
Javvad Malik
July 24, 2020
Security Awareness Advocate
KnowBe4

Organisations need to have layered controls.
Organisations need to have layered controls - this means having security controls that make it difficult for attackers to gain access, as well as having detection and response controls that can help identify and respond to any attacks that are successful so that remedial actions can be taken in a quick manner. Along with technical controls, this means having good procedures in place, as well as providing security awareness and training to all employees so that they act as an extension to the.....Read More
Organisations need to have layered controls - this means having security controls that make it difficult for attackers to gain access, as well as having detection and response controls that can help identify and respond to any attacks that are successful so that remedial actions can be taken in a quick manner. Along with technical controls, this means having good procedures in place, as well as providing security awareness and training to all employees so that they act as an extension to the security team in helping defend and detect attacks.  Read Less
Jake Moore
July 24, 2020
Cybersecurity Specialist
ESET

Anyone with an account must be vigilant to current phishing emails purporting to be from CouchSurfing or their connected partners.
This price tag seems a little high for data without password details, however, leaked information has a high value in its initial week, before it is mainstream. Once the affected users are made aware of the breach, and the heightened risk of phishing emails, the price will drop as the click-through rate decreases. Anyone with an account must be vigilant to current phishing emails purporting to be from CouchSurfing or their connected partners. It would also be a good idea to change the password .....Read More
This price tag seems a little high for data without password details, however, leaked information has a high value in its initial week, before it is mainstream. Once the affected users are made aware of the breach, and the heightened risk of phishing emails, the price will drop as the click-through rate decreases. Anyone with an account must be vigilant to current phishing emails purporting to be from CouchSurfing or their connected partners. It would also be a good idea to change the password – or, if the account is not used any more – it would be a good idea to close it completely. Far too many accounts become dormant online, and if these accounts are connected to reused passwords, users are at further risk of attacks elsewhere.  Read Less
Chloé Messdaghi
July 24, 2020
VP of Strategy
Point3 Security

In this year of social activism, resources like CouchSurfing can be invaluable.
The good news is that they are aware of the situation, were forthcoming, and got help – both from law enforcement and cyber experts. It’s interesting and more concerning that the passwords weren’t shared. In this year of social activism, resources like CouchSurfing can be invaluable. Might it be that the bad actors wanted to get lists of people couch surfing around specific events such as protests? Perhaps they’ll go back to CouchSurfing for payment to hold off on the release of.....Read More
The good news is that they are aware of the situation, were forthcoming, and got help – both from law enforcement and cyber experts. It’s interesting and more concerning that the passwords weren’t shared. In this year of social activism, resources like CouchSurfing can be invaluable. Might it be that the bad actors wanted to get lists of people couch surfing around specific events such as protests? Perhaps they’ll go back to CouchSurfing for payment to hold off on the release of passwords, but if not, there are potentially both privacy and personal liberty/freedom of expression issues at play here.  Read Less
Saryu Nayyar
July 24, 2020
CEO
Gurucul

While it's fortunate that user passwords weren't compromised, the millions of active email addresses are still useful for spam and scam lists.
The release of information from the popular CouchSurfing website is of some concern to their millions of users. While it's fortunate that user passwords weren't compromised, the millions of active email addresses are still useful for spam and scam lists. Information on how the attack happened hasn't been released, but it seems likely from the volume of data and what was in it that attackers gained access to an exposed database backup. If that's the case, they'll need to review their process.....Read More
The release of information from the popular CouchSurfing website is of some concern to their millions of users. While it's fortunate that user passwords weren't compromised, the millions of active email addresses are still useful for spam and scam lists. Information on how the attack happened hasn't been released, but it seems likely from the volume of data and what was in it that attackers gained access to an exposed database backup. If that's the case, they'll need to review their process for storing backups and make sure they have the tools in place to secure them.  Read Less
Paul Bischoff
July 24, 2020
Privacy Advocate
Comparitech

The information in the database can be used to make malicious emails more convincing and personalised.
Even though no passwords were reportedly leaked, I would still recommend CouchSurfing users change their account passwords, as well as any other accounts that share the same password. Users should also be on the lookout for targeted phishing emails from scammers posing as CouchSurfing or a related company. The information in the database can be used to make malicious emails more convincing and personalised. Never click on links in unsolicited emails and double-check senders' email domains.

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Experts Reaction On World Economic Forum 2021 Report Cites Cyber...

Major Security Flaws Found In Signal And other Video Chat...

Comment On IoT Risks Of Peloton Bike

70% of UK Finance Industry Hit With Cyber-Attacks In 2020

A Chinese Hacking Group Is Stealing Airline Passenger Details

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For...

NSA And Dutch NCSC Warn Outdated TLS Certs

Federal Agency Warns Cloud Attacks Are On The Rise –...

Experts Reaction On New Chrome Update To Boost Password Security

Experts Insight On Latest Flaw Within DNSpooq