Experts Reaction On Latest Mashable Data Breach

Mashable issued a statement on their website saying in part: This past Wednesday evening, November 4th, we learned that a hacker known for targeting websites and apps had posted a copy of a Mashable database to the internet. Based on our review, the database related to a feature that, in the past, had allowed readers to use their social media account sign-in (such as Facebook or Twitter) to make sharing content from Mashable easier…”.

Experts Comments

November 10, 2020
Saryu Nayyar
CEO
Gurucul
The Mashable breach represents another case where potentially important data has fallen into the attacker's hands. While there were apparently no passwords or financial information revealed, the personal information such as email addresses, names, locations, etc., could be very useful for an attacker looking to do targeted phishing emails or social engineering attacks. There is always a lot of attention on breaches that reveal passwords or financial information, but there is a lot of other.....Read More
The Mashable breach represents another case where potentially important data has fallen into the attacker's hands. While there were apparently no passwords or financial information revealed, the personal information such as email addresses, names, locations, etc., could be very useful for an attacker looking to do targeted phishing emails or social engineering attacks. There is always a lot of attention on breaches that reveal passwords or financial information, but there is a lot of other personal information an attacker can leverage, especially when they take the time and effort to engage in social engineering attacks. That's why even organizations that don't hold confidential PII need to keep their cybersecurity stack up to date, including behavioral analytics, to identify novel attacks before they turn into major data breaches.  Read Less
November 10, 2020
Dan Piazza
Technical Product Manager
Stealthbits Technologies
Although it took Mashable a few days to confirm the breach, their straightforward response is commendable. They confirmed the breach, outlined what data was stolen, stressed that Mashable doesn't store financial data, and offered comfort that they don't believe any password data was breached. If these details remain the extent of the breach, and additional concerns don't come to light later, then this is a good example of how organizations should handle PR in the event of a data breach.
November 10, 2020
Chloé Messdaghi
VP of Strategy
Point3 Security
I’ll start with the fact that I think Mashable did a pretty good job after this breach – they took the right steps. They sent out messages warning their visitors of possible phishing campaigns. They were definitely trying to be part of the conversation and be involved with the situation. That being said, Mashable should be more informed about using the correct terminology regarding this breach – it was not a “hacker,” this was an attacker, a criminal (or criminals). The attacker,.....Read More
I’ll start with the fact that I think Mashable did a pretty good job after this breach – they took the right steps. They sent out messages warning their visitors of possible phishing campaigns. They were definitely trying to be part of the conversation and be involved with the situation. That being said, Mashable should be more informed about using the correct terminology regarding this breach – it was not a “hacker,” this was an attacker, a criminal (or criminals). The attacker, ShinyHunters, definitely has been collecting a good portfolio of leaking databases. And while we can’t assume ShinyHunters is one person or more than one person, we do need to state what this ShinyHunters is – and that is NOT a hacker. A hacker does not steal and breach information and exploit it – that is criminal behavior. Hackers protect. Hackers let organizations know when they have vulnerabilities and to be aware of it so it can be corrected.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.