Highly Publicized data breach in 2016: Phishing attack that resulted in Snapchat Employee Data Compromise.
Snapchat is a photo-video messaging app that gives users the opportunity to record videos, snap photos, add texts as well as drawing and send it to their friends and followers. (Betters, 2015).
The Incident
Snap Inc. formerly Snapchat Inc. was a victim of a phishing attack in the early months 2016, precisely February, 2016. On Sunday, 28th February, 2016, the company released statements on their blog posts apologizing to the snapchat employees about a phishing attack that left one of the employee of the company to inadvertently release payroll information of some of the present and past employees of the company.
According
…show more content…
The organization, through its blog post stated that it was sorting things out with the present and past employees affected by the scam by offering them free identity-theft insurance and monitoring for two years. The naivety of one of the employees has cost the organization a huge sum of money and also, brought the organization’s name into disrepute, because a lot of security conscious people might be conscious of having their information on Snapchat after the incident.
Major Vulnerabilities Disclosed in 2016
A critical MySQL Zero-Day Vulnerability of CVE-2016-6662 was discovered by a Researcher known as Dawid Golunski.
On the 12th of September, 2016, an independent Researcher at http://legalhackers.com known as Dawid Golunski released a research that shows several critical vulnerabilities with CVEID of CVE-2016-6662 in MySQL Database.
MySQL is a free and open source database that is adjudged to be the most popular databases because of its simplicity, robustness, delivery of high performance and scalable database applications. Startup companies, fastest growing companies as well as well as largest companies in the world all make use of MySQL databases, (Golunsky,
…show more content…
But as a form of temporary mitigation, the researcher suggested that users should endeavor to be certain that all MySQL users should NOT own any of the MySQL config files. He also implore the users of the database to create root-owned my.conf configuration files that are not in use. (Golunsky, 2016). On the 29th July, 2016, the vulnerability was reported to Oracle Corporation as well as MariaDB and PerconaDB that were also affected and by 30th August, 2016, MariaDB and PerconaDB and the database clones’ developer swiftly went on to develop the patches but somehow the patches got into public repositories and also fixed security which could notify attackers were also mentioned.
Unfortunately, the vendor, despite being in communication with the researcher via email, silently released the patches on the vulnerabilities without due notification to the researcher. The patches for the versions 5.7, 5.6 and 5.5 zero day vulnerabilities could be found on https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html, https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html, https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
Discovery of this virus divided scientist in two groups; the ones in favor of publication the virus and the ones are against the publication. According to Fouchier in the article “The Deadliest Virus” by Micheal Green, he says that if more people have access to it, it
This project definitely strengthened my belief that consumers and banks need to be more cautious when it comes to personal information like credit card numbers, email addresses, phone numbers, birthdays, or addresses. I also believe that the government should respond to this large data breach and have harsher laws, and more protection from fraud and identity theft for people that use credit cards. EMV and other technology should be put into effect in order to better protect consumers and their financial information and the economy.
A huge security breach happened at Equifax which exposed sensitive data like Social Security numbers and addresses. The customers don’t even know that their data has been breached. Equifax gets its data from credit card companies, banks, retailers and lenders sometimes without you knowing. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases. Equifax has created the website where
According to Biz Carson (2017, p.1), there are approximately 158 million Snapchat users daily. That is a lot of information and content, such as photos, messages, videos, private information like addresses and more, for one company to hold. These self-destructing pictures are causing a majority of teenagers to think that it doesn’t matter what you share with others on the internet because it’s going to disappear and be gone forever. But does it actually just vanish? It gives people the confidence to send pictures and videos of themselves possibly doing illegal things or even pictures of their bodies without thinking that it could perhaps come back to you.
Snapchat has around 30 million active monthly users, with many being in the 18 to 24 year age range. The ‘snap’ what Snapchat calls its private messages is derivative of the SMS text message and instant messaging applications. One of the most unique things about Snapchat is the ‘self-destructing’ feature for phot...
Snapchat is a revolutionary form of social media. Snapchat can be used for many different forms of communication. Snapchat can be used for communication, news, and making food. Learn a lot from snapchat especially how to make food, you know how there are Pinterest fails there is no such thing as a snapchat fail
For example, if one day you go to a Starbucks Coffee and take a picture of yourself holding your drink, the next few days an advertisement of Starbucks Coffee would appear on your app. With this in mind it’s concerning to see that a company used by millions is profiting off of what can essentially be considered stalking. As users are oblivious to this, Snapchat profits on where you’re going and then if they can get you to go back to that place, or somewhere similar. Moreover, repeatedly in Snapchat’s privacy policy they refer to their business partners and without naming specifically who they are. In it, they talk about how during the time of a merger with another company, that all their information is a free for all. They add that to help with a possible sale or liquidation, Snapchat will offer nearly all of it’s user information to see if they’re compatible with possible investors or companies interested in an acquisition with the company. At the end of the privacy policy, Snapchat even subtly warns the users that information will be shared with Snapchat’s sister companies. Nevertheless stated in the privacy policy, users of Snapchat are clueless in the sharing of their personal and the money being made off of it because they would rather absentmindedly agree to the policy rather than read
The type of beauty that the Snapchat promotes seems to be governed by what the general public thinks of beauty. Consequently, the solution to this problem lies in changing how society thinks of beauty. Society and more specifically parents should encourage confidence within the younger generation within their appearance. But, since many young adolescent’s ideals of the body are influenced by the media, some changes in the media itself will be appropriate. To address this problem, France declared a law that any photoshopped images on the cover of the magazine need to come with a warning "photographie retouchée,"or retouched photograph (B.Lee).
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
Instead of having all one’s information openly out on the Internet, the information seems contained within the app. Other people are only able to find users by their specific username, snapcode or a phone number if the user decides to connect the number to their profile. Snapchat even tells you other people that have added you. At first glance, it seems that user’s information is only shared with the people they decide to share it with. We think this topic is important and interesting to others because is a misconception of the privacy of one’s
Against all expectation, when Sandia laboratories, an expert in global security have been informed about the serious attacks, they decided to pretend that nothing has happened. There was no official report written and Sandia withhold the crucial information. In my opinion, this decision could affect not only Sandia Laboratories and their employees, but the whole
Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.
The Serious Societal Concern of Data Breaching: Which Current laws address this issue and and Areas of Improvement and Concern Summary of Event and Data Breaching Amongst almost millions of others, I was one of the T-Mobile customers whose account had customer data stolen from it in 2014. My personal data including my birthday, home address, driver license number, and full name was amongst important information stolen. I was at that time, grateful that at least my credit card information was not retrieved by these hackers. What occurred was that T-Mobile, a mobile service provider, sends its customer’s data to Experian, who is responsible for checking each customer’s credit score, using this personal data to check if that client is a good
All this information that we naively post online can affect our personal life. Even though, Social networking sites do not pose much of a threat on physical security, but they can pose serious effects on information and operational security. Any personal information that is posted on social media networks can aid identity thieves. Many financial institutions use security questions such as date of birth, mother’s maiden name, and pets’ names, which are commonly posted by users on these social networks. Identity thieves also use illegitimate third-party applications and false connection requests to gain personal information. These applications may be in the form of games, quizzes, and questionnaires that are designed to provide assistance with
Well, they can be "saved", when you consider that Snapchat has more to offer than what meets the attention. Can you utilize Snapchat for Recruitment? The reply to that query is determined by your audience. Figuring out your candidate audience is main in any recruitment effort, after all how will you appeal to the right forms of folks should you don’t know who they are?