Following the News that users of Guardian Soulmates have been targeted with sexually explicit spam emails after their contact information was accidentally exposed on the dating site. Information from users’ profiles was included in the spam messages. IT experts from Lastline and NuData Security commented below.
Marco Cova, Senior Security Researcher at Lastline:
“This breach is good reminder that every breach reveals data that criminals can use to launch additional attacks. They merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. The information that they gather does not have to be highly confidential in order to create successful attacks. Every breach is a reminder of the importance of strong authentication measures in both personal and professional devices, networks, and web applications. The blurring of personal and professional use of enterprise assets such as laptops underscores the criticality of protecting organizations from the network core to the outer edges against advanced persistent threats and evasive malware that could be introduced as a result of an infected personal device targeted as a result of a prior data breach. Data breaches provide a distribution hub for malware for years to come.”
Robert Capps, VP at NuData Security:
“Any breach of personal information is of extreme significance and concern. With just a name and email address, there is an outsized risk to consumers from targeted phishing and malware attacks. Stolen consumer data can be combined with other personally identifiable information (PII) from other hacks and breaches, to amass even more detailed profiles of users that are traded and sold to other hackers and fraudsters. These bundles of data contain much more complete information about specific individuals providing greater opportunities for fraud to take place. For example, with enough data collected from separate breaches, a fraudster can gain access to enough financial and personal information to enable the successful application for a new credit card or loan, or even takeover of an existing consumer financial account. And layering in all the sensitive personal data that could be found in breaches such as this or the Ashley Madison hack that released 37 million account holder’s private data into the wild.
All this data is out there building full identity profiles to be used maliciously online.
Behavioural analytics can provide victims of a data breach with an extra layer of protection even after a breach has occurred. We need to put a stop to these fraudsters in an entirely passive and non–intrusive way by building barriers to the fraudsters. We do this by learning how a legitimate user interacts with the online world around them, in contrast to a potential fraudster who uses valid consumer information stolen from intrusions and data breaches. Passive biometric technologies are highly accurate and impersonation resistant, making it possible to predict and prevent fraud from occurring in real-time – without interrupting a user’s experience.
The only way we are going to stop these breaches is to devalue the data the fraudsters are going after. Passive biometric technology is being used by many digital organizations that can verify the true user even when valid stolen credentials are presented. Once these dynamic behavioural authentication solutions are more widespread identity thieves will have a much harder time operating in an environment where the data they go after is useless to them. We look forward to seeing online identity thieves go out of business.”