Following the news that tech company Wappalyzer has disclosed a security incident this week after a hacker began emailing its customers and offering to sell Wappalyzer’s database for $2,000, “If you receive this e-mail it’s because we get the full database of Wappalyzer, and your e-mail is on the database,” the hacker, going by the name of CyberMath, wrote in an email sent to Wappalyzer customers this week.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Wappalyzer has admitted that one of its databases was left exposed online due to a misconfiguration and maintains that the stolen data did not include personal information like passwords or payment card details. Whether the database or cloud instance is properly secured or not, the data is still vulnerable since only the system is protected, not the data itself. Organizations need to adopt data security to protect their data, wherever it may exist or whomever may be managing it on their behalf. A data-centric security model allows data to be protected and used it while it is protected without losing the analytic value, something that is key for analytics and data sharing on cloud-based resources. Although Wappalyzer claim no personal information was exposed, cases like this highlight the need for security tactics like tokenization where sensitive information is rendered unusable to unauthorised malicious actors. These incidents would have been preventable with such security – and if a security lapse does occur due to misconfiguration, the data still remains private.