It has been reported that PDF solutions provider Foxit has informed customers that it had recently detected unauthorised access to data associated with its “My Account” service. The company told SecurityWeek that the incident impacted 328,549 users. The compromised data includes names, email addresses, passwords, phone numbers, company names, and IP addresses, but payment information was not exposed.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Since no payment information was compromised in the Foxit breach, this latest cyber incident may appear to be innocuous. Yet since Foxit sells its software to many major companies including Google, Microsoft and Amazon, this breach has the power to provide cybercriminals with a backdoor into businesses. With access to business emails and passwords, hackers can conceivably obtain sensitive information that can cause significant damage to company reputation and result in prohibitive regulatory penalties. To help avoid cyber incidents like this, it\’s always important to comprehensively evaluate and continuously monitor the cyber posture of all parts of the supply chain.
Here is yet another of the many headlines we see daily about exposed credentials through breaches, phishing, and other treacherous means. Foxit and its customers are the latest victims who need to mitigate any harm stemming from this incident. To reduce the ramifications, consumers must ensure to have different passwords for different online accounts so that when one password is compromised, it does not work for a variety of online accounts.
For online companies who share customers with Foxit, credentials like passwords are not reliable anymore. To protect customer accounts and company assets, businesses need to make sure they have other authentication technologies like passive biometrics and behavioural analytics that can verify that the right customer is behind the device – by identifying them by their online behaviour. This way, even if a password has been compromised, the company can still verify the user behind the device correctly and protect the account from fraud.