https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26358#M3306 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/887781263">@AppDefects</a>&nbsp;wrote:<BR /><P>Can anyone keep up with the daily barrage of data breach announcements?&nbsp;</P><HR /></BLOCKQUOTE><P>Not really but I remember when these were not reported by corporations as they were afraid for their reputations or CIOs/CISO were afraid they would lose their jobs.</P><P>&nbsp;</P><P>A number of organizations still require silence on these events and only when things like GDPR (or other) audits highlight them do them come to light.</P><P>&nbsp;</P><P>I applaud companies like Norsk Hydro and their openness on the Ransomware that hit them.&nbsp; Believe it allows the benefit of their experience to be shared with the community (what happened, how they handled it, the final outcome).</P> Mon, 05 Aug 2019 14:41:04 GMT dcontesti 2019-08-05T14:41:04Z https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26353#M3304 <P>And it seems that another breach has been reported.</P><P>&nbsp;</P><P><A href="https://www.forbes.com/sites/daveywinder/2019/08/05/cafepress-hacked-23m-accounts-compromised-is-yours-one-of-them/#70e10fdf407e" target="_blank">https://www.forbes.com/sites/daveywinder/2019/08/05/cafepress-hacked-23m-accounts-compromised-is-yours-one-of-them/#70e10fdf407e</A></P><P>&nbsp;</P><P>This time, it says 23 Million accounts may have been breached along with passwords of about 1/2 of those.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 05 Aug 2019 14:04:36 GMT https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26353#M3304 dcontesti 2019-08-05T14:04:36Z https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26354#M3305 <P>Can anyone keep up with the daily barrage of data breach announcements?&nbsp;</P> Mon, 05 Aug 2019 14:25:00 GMT https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26354#M3305 AppDefects 2019-08-05T14:25:00Z https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26358#M3306 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/887781263">@AppDefects</a>&nbsp;wrote:<BR /><P>Can anyone keep up with the daily barrage of data breach announcements?&nbsp;</P><HR /></BLOCKQUOTE><P>Not really but I remember when these were not reported by corporations as they were afraid for their reputations or CIOs/CISO were afraid they would lose their jobs.</P><P>&nbsp;</P><P>A number of organizations still require silence on these events and only when things like GDPR (or other) audits highlight them do them come to light.</P><P>&nbsp;</P><P>I applaud companies like Norsk Hydro and their openness on the Ransomware that hit them.&nbsp; Believe it allows the benefit of their experience to be shared with the community (what happened, how they handled it, the final outcome).</P> Mon, 05 Aug 2019 14:41:04 GMT https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26358#M3306 dcontesti 2019-08-05T14:41:04Z https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26373#M3308 &gt; dcontesti (Community Champion) posted a new topic in Industry News on 08-05-2019<BR /><BR />&gt; &nbsp; This time, it says 23 Million<BR />&gt; accounts may have been breached along with passwords of about 1/2 of those. &nbsp; &nbsp;<BR /><BR />According to email from Have I Been Pwned, I had, over the years, acquired at<BR />least two accounts there. Both, undoubtedly, with "throw away" passwords.<BR /><BR />(My little brother, at one time, conducted a lot of business there, so he might be<BR />more involved ...)<BR /><BR />====================== (quote inserted randomly by Pegasus Mailer)<BR />rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org<BR />A paradox is only the truth standing on its head to attract<BR />attention. - G. K. Chesterton<BR />victoria.tc.ca/techrev/rms.htm <A href="http://twitter.com/rslade" target="_blank">http://twitter.com/rslade</A><BR /><A href="http://blogs.securiteam.com/index.php/archives/author/p1/" target="_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</A><BR /><A href="https://is.gd/RotlWB" target="_blank">https://is.gd/RotlWB</A> Mon, 05 Aug 2019 18:07:57 GMT https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26373#M3308 rslade 2019-08-05T18:07:57Z https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26398#M3309 <P>To build off what&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a>&nbsp;said, If you are the primary security POC for your agency (or can at least get an email account setup that matches one of 4 parameters) you can get alerts from HaveIBeenPwned everytime someone from your domain (@domain.extention) has an email identified in these new breaches.</P><P>&nbsp;</P><P>I get these and then notify the users that whatever password they used in conjunction with their CORPORATE/BUSINESS email has been compromised and to never use that password, or any variation, again. It also helps me see how users are misusing the business email address they were given that was supposed to be for official use only.</P> Mon, 05 Aug 2019 20:14:34 GMT https://community.isc2.org/t5/Industry-News/Another-Breach-CafePress/m-p/26398#M3309 CISOScott 2019-08-05T20:14:34Z