Database | Bach Seat

Tag Archive for Database

RB | August 24, 2019

Comments Off

8,200,000,000 Data Breaches

2019 is on pace to be the worst year ever for data breaches. If things continue at the same pace 8.2 billion records will be exposed by the end of 2019. The threat intelligence firm Risk Based Security reports that during the first half of 2019 over 4.19 billion records were exposed in 3,813 reported breaches between January and July 2019.

Those numbers work out to more than 20 data breaches a day. Eight mega-breaches that exposed more than 100 million records were reported. These web-based breaches were primarily the result of leaving databases accessible to third parties and failing to protect them. Forbes reports that these misconfigured databases and services accounted for 149 of the 3,813 incidents reported this year. According to Forbes, the mega-breaches exposed over 3.2 billion records and accounting for 78.6% of the total records exposed in the first half of 2019.

Largest data breaches

The 10 largest data breaches for the first half of 2019 are:

Verifications.io (982 million),
First American Financial (885 million),
Cultura Colectiva (540 million),
unknown organization in India (275 million),
unknown organization in China (202 million),
Dubsmash (161 million),
Canva (138 million),
Justdial (100 million),
Mobile Drip (80 million), and
Unknown U.S. firm (80 million).

The Verifications.io, First American Financial, and Cultura Colectiva breaches are ranked among the top 10 breaches of all time based on the number of records exposed.

Database security Consumer Affairs says the Verifications.io, an email marketing company whose misconfigured database exposed 982,864,972 names, addresses, and Facebook, LinkedIn, and Instagram accounts. The information associated with the breach includes email addresses, dates of birth, phone numbers, fax numbers, genders, IP addresses, and personal mortgage amounts. As a result of the incident, Verifications.io has ceased operations.

If you’ve bought a house, particularly in California, another breach may impact you. First American Financial Corporation exposed 885,000,000 records. Consumer Affairs writes that exposed data included real estate closing transaction records that contained names, Social Security numbers, phone numbers, email and physical addresses, driver’s license images, banking details, and mortgage lender names and loan numbers.

Other interesting data breach infobits

The number of breaches also reached a new high during the first half of 2019.
The average number of records lost per leak was just 230.
The majority of breaches had a moderate to low severity score and exposed 10,000 records or less.

Thankfully RBS says more critical data was less commonly stolen during attacks.

Social Security numbers were stolen in 11% of attacks,
Addresses were stolen in 11% of attacks,
Account numbers were stolen in 10% of attacks,
Birth dates were stolen in 6% of attacks,

The sectors impacted

Healthcare 224 breaches,
Retail 199 breaches,
Finance and insurance 183 breaches,
Government and information 160 breaches each, and
Education 99 breaches..

Inga Goddijn, executive vice-president at Risk Based Security told ComputerWeekly.com,

It is hard to be optimistic about the outlook for the year … The number of breaches is up and the number of records exposed remains stubbornly high. Despite best efforts and awareness among business leaders and defenders, data breaches continue to take place at an alarming rate.

Phishing

Phishing is a tried and tested first step for gaining access to systems and services, the report said. The phished data can be used to perpetuate attach. The most frequently stolen data are email addresses and passwords. These credentials are valuable to attackers because they can be used across multiple domains (because we know users don’t use unique IDs for each account) for credential stuffing. These credentials can also be changed by the attacker (or the Owner). The report points out that 70% of the known breaches included email addresses and 65% included passwords.

Phishing can also lead to other critical but less monetized data. The report said phishing can lead to the exposure of unusual or unexpected types of data, including electronic signatures, calendars, marriage certificates, and company-issued employee ID numbers, all valuable for social engineering or spear-phishing attacks.

rb-

Businesses need to get their security act together – they were responsible for over 2/3’s of the breaches by RBS. The garden variety cyber-criminal is a script-kiddie who will run automated scripts looking for unsecured databases in order to scrape up any data they can. The big breaches make the headlines, but the everyday incidents make the money for most attackers.

Data breaches affected more than a billion people in 2018 (Computer Weekly)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2019, Data breach, Database, Phishing, PII, Security

RB | January 10, 2017

Comments Off

Blockchain Basics

This is the season for predictions. Many tech prognosticators say that 2017 will be the year for Blockchain. As an emerging technology, Blockchain is approaching what Gartner (IT) calls the Peak of Inflated Expectations – a period the analyst refers to as “when early publicity produces a number of success stories — often accompanied by scores of failures. Some companies take action; many do not.”

Just to prove the point, Business Insider claims blockchain has the capability to transform the world of digital banking and finance — and beyond. The author suggests that the complex technical nature of blockchain makes it difficult for people to fully grasp how the technology works. BI helps blockchain novices understand exactly what blockchain is and how it works.

Blockchain is a distributed database or ledger that allows companies to start trade digitally without the need for approval from a central authority. Because blockchains are distributed, an industry or a marketplace can use them without the risk of a single point of failure.

The ledger is the central part of a blockchain. The ledger is publicly available and shared among all parties within the network. It can’t be changed or tampered with, making it secure. The ledger keeps track of all the details of a transaction, including time, date, parties involved and the transaction amount.

The article examines how the most common blockchain application, a bitcoin transaction, works.

Alice decides to buy bobbles from Bob’s Bead Boutique online.
Bob’s Bead Boutique accepts bitcoin.
Alice has a 3rd party bitcoin wallet set up to hold her digital funds.
Bob at Bob’s Bead Boutique shares his unique numerical bitcoin address with Alice.
Alice makes her payment to Bob’s Bead Boutique by signing it with the private key of her own address. The transaction is called a block.
The block is broadcast to everyone within the peer-to-peer network.
Users who verify the buyer’s block via a process called “mining” will be rewarded with bitcoins.
To verify and validate the block, miners take information from the block and run it through an algorithm.
The approved block is attached to the previous transaction in the network.
Collectively all the transactions form a blockchain that cannot be altered making it permanent and transparent
The transaction is verified and completed.

BI claims that the most important aspect of blockchain is its versatility. The author claims that the disruptive technology has implications far beyond bitcoin. The article points out there are more than 100 blockchain projects spread across many industries. Here are some industries blockchain could disrupt.

Banking and Financial Services – Blockchain is more secure and efficient so financial processes powered by blockchain could save banks up to $20 billion dollars annually by 2022.

Healthcare – Blockchains could allow patients to securely share their health records across a vast network of healthcare providers more securely. Preventing many of the recent healthcare data breaches.

Music – Blockchain could potentially be used to help prevent piracy in music while also increasing sales.

Insurance – Blockchain could allow wholesale insurers to overcome complex transactions that involve a large number of participants and increase efficiency in areas like documentation and claims management.

rb-

The Brookings Institute correctly argues that Blockchain is a foundational technology, like TCP/IP, which enables the Internet. And much like the Internet in the late 1990s, we don’t know exactly how the Blockchain will evolve – but evolve it will.

Similar to the Internet, the Blockchain must also be allowed to grow unencumbered. This will need careful handling that recognizes the difference between the platform and the applications that run on it. TCP/IP empowers many financial applications that are regulated, but TCP/IP is not regulated as a financial instrument.

Disruptive technologies rarely fit neatly into existing regulatory considerations, but rigid regulatory frameworks have repeatedly stifled innovation.

Why Bitcoin Could Be More Important Than the Internet: Here’s why (huffingtonpost.com)

Category: Uncategorized | Tags: 2017, Bitcoin, Blockchain, Business, Coinbase, Data breach, Database, Financial services, Gartner, Healthcare, IT, Ledger, Security

Bach Seat

Tag Archive for Database

8,200,000,000 Data Breaches

Largest data breaches

Other interesting data breach infobits

Phishing

Related Posts

Blockchain Basics

Related articles

Meta