Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dcontesti
Community Champion
‎08-05-2019 10:04 AM
‎08-05-2019 10:04 AM

Another Breach - CafePress

And it seems that another breach has been reported.

 

https://www.forbes.com/sites/daveywinder/2019/08/05/cafepress-hacked-23m-accounts-compromised-is-you...

 

This time, it says 23 Million accounts may have been breached along with passwords of about 1/2 of those.

 

 

Reply
0 Kudos
4 Replies
AppDefects
Community Champion
‎08-05-2019 10:25 AM
‎08-05-2019 10:25 AM

Can anyone keep up with the daily barrage of data breach announcements? 

Reply
0 Kudos
dcontesti
Community Champion
‎08-05-2019 10:41 AM
‎08-05-2019 10:41 AM

@AppDefects wrote:

Can anyone keep up with the daily barrage of data breach announcements? 

Not really but I remember when these were not reported by corporations as they were afraid for their reputations or CIOs/CISO were afraid they would lose their jobs.

 

A number of organizations still require silence on these events and only when things like GDPR (or other) audits highlight them do them come to light.

 

I applaud companies like Norsk Hydro and their openness on the Ransomware that hit them.  Believe it allows the benefit of their experience to be shared with the community (what happened, how they handled it, the final outcome).

Reply
0 Kudos
rslade
Influencer II
‎08-05-2019 02:07 PM
‎08-05-2019 02:07 PM

> dcontesti (Community Champion) posted a new topic in Industry News on 08-05-2019

>   This time, it says 23 Million
> accounts may have been breached along with passwords of about 1/2 of those.    

According to email from Have I Been Pwned, I had, over the years, acquired at
least two accounts there. Both, undoubtedly, with "throw away" passwords.

(My little brother, at one time, conducted a lot of business there, so he might be
more involved ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
A paradox is only the truth standing on its head to attract
attention. - G. K. Chesterton
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
CISOScott
Community Champion
‎08-05-2019 04:14 PM
‎08-05-2019 04:14 PM

To build off what @rslade said, If you are the primary security POC for your agency (or can at least get an email account setup that matches one of 4 parameters) you can get alerts from HaveIBeenPwned everytime someone from your domain (@domain.extention) has an email identified in these new breaches.

 

I get these and then notify the users that whatever password they used in conjunction with their CORPORATE/BUSINESS email has been compromised and to never use that password, or any variation, again. It also helps me see how users are misusing the business email address they were given that was supposed to be for official use only.

Reply