“A recent New York Times article about Uber shared some damaging revelations about how Uber leveraged data from an app called Unroll.me:
“Uber devoted teams to so-called competitive intelligence, purchasing data from an analytics service called Slice Intelligence. Using an email digest service it owns named Unroll.me, Slice collected its customers’ emailed Lyft receipts from their inboxes and sold the anonymized data to Uber. Uber used the data as a proxy for the health of Lyft’s business.”
Unroll.me is a third party app that helps you unsubscribe from email subscriptions in order to reduce the size of your inbox. Sounds like a useful and legit productivity app, right? But unfortunately Unroll.me has been selling your data to whoever wanted it and without concern for how the data would be used. The app gains access to your Google account thru OAuth, which you granted when you installed the app on your phone or tablet.
In today’s cut throat business environment, It’s certainly understandable that competing companies might want to acquire the other’s confidential corporate information, and might even use a service like Unroll.me to gain access to employee emails and information. While this type of security threat is new, it is already effective at exposing corporate vulnerabilities and secrets.
To proactively defend against these dangerous security risks, companies should add a Cloud Access Security Broker (CASB) solution to their technology stack. It’s important to select a CASB that automatically looks for all apps that users have granted permission to using corporate credentials so IT managers can take proactive steps, including revoking access or contacting the user to understand the reason for granting permission. By adding a CASB, companies can protect themselves against the risks of cloud data being covertly mined and sold.
ManagedMethods’ CASB product, Cloud Access Monitor, provides detailed information on which employees have granted access to which third party apps and which security scopes were granted. Once you have this information, Cloud Access Monitor allows you to revoke those permissions and prevent this threat in the future.
As threats like the Uber and Unroll.me scenario become more prevalent, companies need to defend themselves before the worst happens. With the right Cloud Access Security Broker solution you can proactively protect your employees from exposing corporate data through third-party apps to competitors or hackers with malicious intent.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.