Monday, January 21, 2019

United States - Quora

United States - Quora 
Exploit: Unclear at this time.
Quora: A popular question and answer site that boasts 300 million monthly active users.
correct severe gauge
Risk to Small Business: 2.333 = SeverePeople are not soon to forget that the question and answer site was unable to keep their data safe. This could cause a migration from any site to another similar one, something that is common among social media sites in particular.
correct moderate gauge
Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks 
Customers Impacted: Unclear at this time.
How it Could Affect Your Customers’ BusinessQuora handled the breach very well, with the CEO releasing a blog post detailing what they know and apologizing to their users. The amount of time it will take for the organization to regain their users’ trust is unclear. The transparency by the organization’s leadership will greatly help it bounce back sooner than if they hadn’t responded as such.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 - Extreme Risk
2 - Severe Risk
3 - Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
Exploit: Credential Stuffing.
Humble Bundle: Humble Bundle, Inc. is a digital storefront for video games, which grew out of its original offering of Humble Bundles, collections of games sold at a price determined by the purchaser and with a portion of the price going towards charity and the rest split between the game developers.
correct severe gaugeRisk to Small Business: 2.333 = SevereThe breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
correct moderate gaugeIndividual Risk: 3 = Moderate: No information directly related to the individual has been compromised other than the subscription status of users.
Customers ImpactedA “very limited” number of people.
How it Could Affect Your Customers’ BusinessThis breach is a good lesson in how it is important to report any breach, as this seemingly minor breach is most likely the first step in a spear phishing campaign.ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go tohttps://www.idagent.com/dark-web/
Risk Levels:
1 - Extreme Risk2 - Severe Risk3 - Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

No comments:

Post a Comment