Following the News that users of Guardian Soulmates have been targeted with sexually explicit spam emails after their contact information was accidentally exposed on the dating site. Information from users’ profiles was included in the spam messages. IT experts from Lastline and NuData Security commented below.
Marco Cova, Senior Security Researcher at Lastline:
“This breach is good reminder that every breach reveals data that criminals can use to launch additional attacks. They merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. The information that they gather does not have to be highly confidential in order to create successful attacks. Every breach is a reminder of the importance of strong authentication measures in both personal and professional devices, networks, and web applications. The blurring of personal and professional use of enterprise assets such as laptops underscores the criticality of protecting organizations from the network core to the outer edges against advanced persistent threats and evasive malware that could be introduced as a result of an infected personal device targeted as a result of a prior data breach. Data breaches provide a distribution hub for malware for years to come.”
“Any breach of personal information is of extreme significance and concern. With just a name and email address, there is an outsized risk to consumers from targeted phishing and malware attacks. Stolen consumer data can be combined with other personally identifiable information (PII) from other hacks and breaches, to amass even more detailed profiles of users that are traded and sold to other hackers and fraudsters. These bundles of data contain much more complete information about specific individuals providing greater opportunities for fraud to take place. For example, with enough data collected from separate breaches, a fraudster can gain access to enough financial and personal information to enable the successful application for a new credit card or loan, or even takeover of an existing consumer financial account. And layering in all the sensitive personal data that could be found in breaches such as this or the Ashley Madison hack that released 37 million account holder’s private data into the wild.
All this data is out there building full identity profiles to be used maliciously online.
Behavioural analytics can provide victims of a data breach with an extra layer of protection even after a breach has occurred. We need to put a stop to these fraudsters in an entirely passive and non–intrusive way by building barriers to the fraudsters. We do this by learning how a legitimate user interacts with the online world around them, in contrast to a potential fraudster who uses valid consumer information stolen from intrusions and data breaches. Passive biometric technologies are highly accurate and impersonation resistant, making it possible to predict and prevent fraud from occurring in real-time – without interrupting a user’s experience.
The only way we are going to stop these breaches is to devalue the data the fraudsters are going after. Passive biometric technology is being used by many digital organizations that can verify the true user even when valid stolen credentials are presented. Once these dynamic behavioural authentication solutions are more widespread identity thieves will have a much harder time operating in an environment where the data they go after is useless to them. We look forward to seeing online identity thieves go out of business.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.