2 posts from January 2014
January 31, 2014
 Yahoo’s email breach, another 3rd party incident.
Pin It

IStock_000029358058MediumEarly last year, Imperva published a report analyzing a breach that Yahoo had suffered via a vulnerability on their astrology site. As a reminder, back then Yahoo’s astrology site was operating with data coming from a platform provided by a third party company. When that third party server was breached, Yahoo got the bad headlines.

Today, Yahoo disclosed a breach that effected their own mail system that apparently resulted from a third party hack. And while Yahoo definitely responded very fast to the incident, it raises questions for any company out there.

Companies should ask themselves:

  • How are we securing our users information and ourselves when we use third party services (which could be hosting, SaaS, call centers, authentication providers, website plugins and more)?
  • How much do we know about the security measures implemented by the third party companies we obtain services from?
  • If we provide a service to others, how secure is it?

Often, companies seem to put their trust in code and services that are not homegrown without knowing if they have the ability to monitor and secure said services.

What is the industry doing about it?

PCI v3.0 is a very good example of one regulation that addresses this issue, as it just added a mandate for service providers to secure their client information, making them accountable for the security of that data.

Where can I learn more?

  • Background information on last year’s Yahoo breach can be found in this HII report
  • Our webinar covering the most recent PCI v3.0 changes
  • Our CMS Hacking research, covering the implications ofthird party vulnerable applications


January 21, 2014
 The Impact of Insider Threats – The South Korea Episode.
Pin It

IStock_000008997674SmallYou can’t escape the data breach news that has spawned over the last few months. The recent high-profile hacks have raised market awareness.

Today, both CNN and Bloomberg covered the South Korean data breach that apparently hit ~40% of the South Korean population, about 20 million people.

In Layman’s Terms, What Happened?

At the center of the story is an employee who was working as a software engineer for three credit card companies. Over the course of a year and a half, this employee copied data from corporate servers to his personal drive. What makes this story particularly interesting is that the software engineer was writing anti-fraud software for the firms that he worked for during the same time that he was stealing data.

Business Impact? You Bet!

According to Bloomberg, 27 executives resigned following this incident, including bank CEOs and other senior management. Over half a million credit card users have already asked for new credit cards with many more to come. Perhaps the most significant impact is on the brand of the affected companies. Some companies never recover from the brand damage caused by such a massive security breach.

Key Takeaway

There are opportunities to prevent these sort of breaches. Audit and a properly deployed behavior alerting system could and should have flagged abnormal behavior from a user with privileged access. In this case, a software engineer who needed access to perform his job was copying massive amounts of data over time. From a security standpoint, a simple “rule” that alerts IT when a user accesses massive amounts of sensitive data over time would have caught him in his tracks.



Find Us Online
RSS Feed - Subscribe Twitter Facebook iTunes LinkedIn YouTube
Monthly Archives
Email Subscription
Sign up here to receive our blog: