Another day another data breach
Verizon leaked 6 million users’ data.
It is almost daily that we hear about data breaches that affect millions of consumers, today’s news is from the nation’s largest cell phone carrier, Verizon was a leak of 6 million users' information. Just like other recent breaches it was caused by a supplier to Verizon.
The leak of customer phone numbers, names, and possibly some PIN codes could potentially be very dangerous for you if you are a Verizon customer and here is why.
- The PIN – many people use the same PIN code for everything, typically a four-digit code it is used for all kinds of access. Most notably your bank ATM card. If you are a Verizon customer you should change your PIN right away and get into the habit of using a different PIN on each account.
- Your name and email address – cyber criminals aggregate all the breached data together to paint a really nice picture of YOU. They then use this to social engineer, most often through a practice called phishing, and extract real valuable data from you….or maybe just all of your money.
The is the latest leak to surface from a misconfigured Amazon S3 storage unit. In June, an analytics firm exposed the data of almost 200 million voters, and earlier this month, an insecure server leaked 3 million WWE fans' data last week.
The crazy thing is this is not Amazon’s fault. By default, the data stored in the company’s S3 data storage is protected. The fact that the data was made public was a result of human error.
The WWE leak, also caused by a business partner, contained demographics on the fans families, including home and email addresses, their birthdates, as well as customers' children's age ranges and genders. Imagine you are a wrestling fan and a Verizon customer the bad guys have your name, address, phone number, number of children, birthdays and your PIN code for your cell phone.
They could write you one convincing email message that tricks you into giving them access to banking or medical records. Worse yet in exposes not only you but your family too.
What’s the bottom line?
Cyber Risk is a fact of life today. None of us wants to give up all the technology that makes the world go round but we can be a little more careful about how we use the great power of all this technology.
What can you do?
- Use a different hard password everywhere. To do this you need either a notebook or a Password Manager. I say a notebook because if you only need your passwords from work or only from home then a notebook is pretty safe. You would need a home or work invasion for the bad guys to get your password. If you are more like me and a digital nomad then I recommend Roboform or Lastpass. If you primarily use the same computer than using the built in password managers in the browser is a good start.
- Use different PIN for different services. This is a little harder to track but you can use the same password managers to track notes as well. These encrypted notes require a master password to unlock them. Obviously, the master password (the password for all your passwords) should be really strong and never used anywhere else. For a quick video on creating secure passwords see this ITECH insights.
- Use 2 Factor Authentication – 2 Factor Authentication of 2FA requires that you both “know something” and “have something”. Typically, this would be something like a password and a 6-digit number that is either auto generated every minute or sent to you in an email.
How we can help?
If you are a business owner, everyone of your employees is a constant threat to your network, proprietary data and potentially your entire business. Find out what percentage of your employees are prone to a phishing attach with ourfree company phishing security test.
At PICS ITech we have realized that simulated phishing tests are a big part of your companies additional security. Today, phishing your own users is just as important as having anti-malware, antivirus and a firewall. It is a fun and an effective cybersecurity tactic that you can use to prepare your users for the big bad internet.