Leaked Spotify passwords may expose your business to credential stuffing attacks
This past year has been tough for most enterprises. While some industries appear more targeted than others by malicious actors, the media and entertainment industry has definitely felt the consequences, not only of pandemic-generated event cancellations, but also of increasing attacks against their sector. In 2018 and 2019, for instance, the industry witnessed 17 billion […]
Thought Reporting a Data Breach Was Easy? Think Again.
When a data breach occurs, most companies contact their customers by email to inform them of what happened, which information may have been compromised, and what the company is doing to minimize the negative impact. This is what happened in the summer of 2020 when malicious actors manipulated a website vulnerability to steal the personal […]
Open source developers not interested in solving code security issues?
Software developers invest less than 3% of their time in solving security issues in free and open source software (FOSS) and show little interest in allocating more resources moving forward, claims research carried out by the Linux Foundation and Laboratory for Innovation Science at Harvard (LISH). Nearly half of respondents are paid to contribute to […]
Less than 10% of data breaches are made public
In 2020, ransomware groups ramped up their attacks against corporate networks to steal hundreds of gigabytes of confidential information from each of their victims. The stolen data is either released online, if a ransom is not paid, or auctioned off to the highest bidder. Ransomware extortion attacks against your company are unlikely to go unnoticed. […]
Government Source Code Leaks Compromise the Personal Data of Millions
It’s not always security researchers who uncover major data breaches or security mishaps. Reporters from a Brazilian publication have been very good lately at detecting unfortunate incidents generated by official government websites or careless government employees. It appears that for about six months, a database which has been gathering personal information for about 30 years, […]
Top 5 human errors that lead to data breaches
Malicious actors can identify and take advantage of security vulnerabilities in a matter of hours. Security vulnerabilities are an important part of this problem, but do not tell the whole story. More often than not, the victims themselves play a role in leaking their personal and financial information, due to a human error on their […]
When Private Photos Don’t Stay Private for Long
It has always been a challenge to securely share photos, videos and messages on the internet. Few applications offer a ‘trust no one’ mode where the shared content benefits from end-to-end encryption, making it nearly impossible to snoop on. In privacy wars, Apple has a proven track record of providing a much more secure environment […]
Who Lets Access Keys Out?
Technical data leakage takes on many forms, but often revolves around the publication of passwords or cloud services’ access keys on the internet. Many technical data leakages are not the result of a malicious actor. Indeed, the leaks can come from well-intended developers who simply share too much of their code on source code repositories. […]
How to decrease false positives when scanning for committed secrets
In 2019, some 10 million developers joined Github and contributed over 44 million repositories in that year alone. Github is the most popular code repository, with 80% of its users located outside of the U.S. The open source platform is not used only by experienced software developers. Last year, there were over 760,000 developers using […]
How Do Company Secrets Get Leaked Online?
Back in 2017, Facebook suffered a source code leak, initially believed to have been the result of either a developer intentionally leaking it or a security loophole in company servers. The source code leak gave away critical information about the application’s structure and development practices, which ultimately raised some serious data privacy concerns. Once the […]
