HackDig : Dig high-quality web security articles for hacker

Two New Hacks This Week, Some Feeling More Vulnerable Than Others

2015-05-22 23:45

Two new high-profile hacks this week collectively exposed millions of users’ data, both more worrying than what has become a run-of-the-mill credit card breach. The reasons for concern, of course, are a bit different.

The first breach, announced Wednesday, was at CareFirst BlueCross BlueShield, a major health insurance provider in Washington, D.C., Maryland, and Virginia. A relatively small 1.1 million records. According to the Washington Post,

“The database the hackers accessed did not contain members' Social Security numbers, medical claims, employment, credit card or financial information, the company said.”

However, hackers were able to obtain usernames for the company’s patient portal, birth dates, e-mails and subscriber IDs. Because the attack began in July of last year, attackers have had plenty of time to exploit their access and potentially obtain more detailed protected health information.

As we have pointed out before, healthcare data is substantially more valuable on the black market than credit card data. It is harder to detect when it is being used fraudulently and creates a much richer profile that can be used for both identity theft and cyberespionage. In fact, many researchers believe that both the Premera and Anthem breaches reported earlier this year were conducted for espionage purposes rather than financial gain. With CareFirst’s client base largely centered around Washington, D.C., it wouldn’t be a stretch to suspect similar motivations.

And speaking of user profiles...AdultFriendFinder was also hacked this week. Or, perhaps more significantly, was hacked back in March; the company was finally named by a news report in England this week. According to the Channel 4 News report,

“The information of 3.9m Adult FriendFinder members has been leaked, including those who told the site to delete their accounts.”

The hack was first discovered and published on Teksecurity last month, although blogger Bev Robb didn’t disclose the name of the site. 

Hackers have already used the data, which remains available online, to identify and publicly shame more than a few AdultFriendFinder users. They have also demonstrated how easy it is to use the information in the published data and a bit of savvy Googling to turn rows in spreadsheets into actual people. Given that AdultFriendFinder is frequently used to arrange casual sexual encounters, the potential impact of the data breach on users is quite large.

Bottom line? Credit card information is not nearly as interesting as it used to be to hackers. Instead, data that can pinpoint people, make real money from extortion or identity theft, and build profiles for the purposes of espionage are increasingly attractive targets. Expect to see many more such hacks in the months to come.


Source: srehto-naht-elbarenluv-erom-gnileef-emos-keew-siht-skcah-wen-owt/tsop/moc.tenitrof.golb

Read:2627 | Comments:0 | Tags:No Tag

“Two New Hacks This Week, Some Feeling More Vulnerable Than Others”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud