Security Round Up: Ticketmaster, Swatting & a T-Mobile Breach
While the last few weeks were busy with holidays, plenty of security attacks were also happening. Some, like FireEye's SolarWinds vulnerability was widely publicized, while others may have gone unnoticed. These include a fourth data breach for T-Mobile, an increase in swatting attacks, and a $10M Ticketmaster fine that exemplifies why it is critical to a business to remove employee access when their employment ends.
This post covers recent security threats and data breaches, how they happened, and what you need to know to protect yourself.
Security Round Up: Ticketmaster, Swatting & a T-Mobile Breach
The following are a few examples of recent security threats and breaches that might affect you.
Ticketmaster was recently ordered to pay a $10 million fine for "hacking" a rival competitor. I would dare to say this was less hacking than it was taking advantage of an ex-employee account that should have already been shut down. After Ticketmaster hired an employee from a rival, the employee used their old credentials to access proprietary company information at the old company for Ticketmaster's gain.
In this example, a user's credentials, a device, or server was not really hacked. Instead, access was gained because it was mistakenly left open when the employee stopped working for the company. No matter how much an employee is trusted, or what the terms are when they leave a company, their access should always be shut down the same day. However, if the termination is hostile, this should be done sooner.
There are lots of ways to handle shutting down employee accounts, some things to consider include:
- Disabling accounts rather than deleting them - this is helpful in case you need to access something related to their account at a later time.
- Changing the password to an account rather than disabling or removing it - this is helpful when this person was the main point of contact for a project or communications.
- Forwarding the person's extension so calls and messages are not missed.
- Forwarding a copy of all incoming emails to someone who can handle them so leads and customer support are not abandoned.
In the case of Ticketmaster, they hired someone whose access was not properly shut down, and they used this to their advantage, which is illegal. The ex-employee was able to share information about their old employer with Ticketmaster in hopes of poaching those potential customers. As a result of getting caught, Ticketmaster has been ordered to pay $10 million in restitution.
The takeaway: The list above shows a few things to consider when an employee leaves a business. It does not account for special access like third-party software, websites, etc. The important thing to note is how important it is to promptly remove access when someone is no longer an employee. When businesses fail to do this, ex-employees can freely communicate with clients as if they were still speaking on the business's behalf, possibly access company data, and much more, which can end in disastrous results.
A swatting attack is when someone erroneously deploys emergency services to an unsuspecting victim. This is typically done by portraying a life-threatening situation that does not actually exist. Though the purpose of these types of attacks can vary, victims are often thought to be targeted by someone with a grudge. These types of attacks are wasteful of emergency services, pulling them away from legitimate situations and can end up with serious consequences when victims are surprised by the arrival of emergency services.
The FBI has warned that swatting attacks are on the rise. The most common way they are being implemented is by hacking people's voice and video-enabled smart home devices. These are big targets because many people have one or more of these devices in their home, hackers can use them to listen in or watch the drama unfold once they have initiated a swatting attack, and these devices are known for lacking security. Users often forget to consider the ways these devices can be used against them and fail to create complex passwords or enable two-factor authentication.
The takeaway: If you are a victim of such an attack, cooperate with emergency services to prevent anyone from being hurt. This will also increase the likelihood your attacker is caught. These kinds of attacks can incur jail sentences and are taken very seriously by law enforcement. Also, make sure you secure all smart devices, even if they do not have voice or video capabilities! You never know what a hacker can accomplish if given even the smallest access to your home network!
T-Mobile recently released information that they had suffered a data breach that included call-related information about some of their customer accounts. This is the fourth data breach reported by T-Mobile in just three years, which can be alarming for customers.
One good thing about this breach is that personally identifiable information, or PII, was not reportedly accessed in this breach. This means items like social security numbers, addresses, credit cards, email and more were not breached. This time customers were not put at as much risk as they could have been.
The takeaway: If you are a victim, you should be notified by T-Mobile. In this example, there is no way for customers to prevent this type of breach. However, it is always advisable to use different user credentials for each account you have. While user account login information was not reported to be accessed in this breach, this information is frequently targeted in data breaches. When that information is exposed, any duplicate credentials you use are also at risk. Make it a habit to keep user accounts unique.
There are lots of ways data can be breached or hacked. It is important for companies to do all they can to protect customer data. This includes removing access for employees who no longer work for a company. It is also important for individuals to better protect themselves by ensuring all their devices have complex passwords and that they use unique credentials. Sometimes there is nothing you can do but be aware of what has happened and keep a close eye on your accounts to be sure an unauthorized user hasn't gained access to them.
As always, the more aware you are of the types of attacks that are going on, the more prepared you will be to protect your privacy and data!