Leakage of sensitive and personal information happens on a weekly basis, and quite a lot of such cases have become very resonate. Most companies try to avoid such expenses as users data protection or just ignore this problem, thinking that no one will access the database. The main question that the users ask after an exposure is “Why didn’t the company protect my personal information?” This is where MacKeeper, Bitdefender, and Hello Kitty can find something in common.
Despite the fact that data breaches happen in the IT sphere, today you don’t even need to be a hacker to hack user data of any company. There’s a wide range of plugins and applications that search for shady data stored in Google and, according to Forbes, the most advanced one is Shodan. Its working principle resembles the work of a search engine, which finds devices, vehicles, equipment, and data storages that are connected to the Internet. An average user with a simple key request is able to find countless lights, security cameras, home automation systems, heating systems, all of which are connected to the Internet and can be easily detected.
At the Defcon conference dedicated to cybersecurity, an independent researcher Dan Teller showed what he could find via Shodan. He found a car wash which he was able to activate and deactivate, an ice arena in Denmark which he could unfreeze with just a single click, and even the control systems of a road transport network. Fortunately, most of these systems were protected.
This year another independent security researcher Chris Vickery has initiated the real wave of leakages by using the same Shodan service. Thus, on December 20 Chris discovered the breach in Sanrio database, the owner and manager of the Hello Kitty brand. Vickery says that Sanrio has been notified alongside the ISP being used to host the database in order to secure 3 million sensitive user data.
Another discovery courses the security and optimization software for Mac MacKeeper. Vickery uncovered four IP addresses with the MongoDB database, which contained users’ emails, names, types of operating systems, and phone numbers. After that Vickery contacted MacKeeper, and the сompany fixed the problem within a few hours after it had been discovered. MacKeeper responded to its users with the official Security Announcement on its blog. The company provided necessary information about the security improvements. Besides, they reported that the storage system showed only one individual gained access that was performed by the security researcher himself and he has not shared or used the data inappropriately. As of today, Chris Vickery has confirmed that his copy of the encrypted database has been destroyed. Company invited him to visit its booth at upcoming CES in Las Vegas tol discuss the details of security cooperation. According to company’s statement, MacKeeper will be working with a range of groups and individuals including Chris Vickery to conduct ongoing security audits.
Data breaches happen to large, small, public, and private companies, and even security providers are vulnerable. Another security vendor Bitdefender has lost the unencrypted usernames and passwords of its users, according to the hackers who took the data and tried to extort the firm. The hackers demanded BitDefender to pay $15,000 or the data would be leaked, and apparently after renouncement 250 emails and passwords appeared online. Some emails had .gov domain extensions, meaning that the government customers were also affected. At the ending point BitDefender’s data was hacked and DetoxRansome hacker got nothing from the company.
All these cases are a call to action for companies to encrypt their data and keep an eye on security at least to save their reputation. And such plugins as Shodan prove that the threat is quite real.