Over the past couple of weeks, both Macy’s and Timehop experienced breaches as a result of authentication weaknesses. On July 4, social media startup Timehop experienced a data breach that affected 21 million customers and included information such as names, emails, and phone numbers. According to a preliminary investigation conducted by the Timehop team, the attacker gained unauthorized access to the company’s cloud service provider using stolen administrative credentials back in December 2017. For months, the hacker conducted reconnaissance on the system before launching an attack against the company’s production database on the July 4 holiday.
Unfortunately, credential theft attacks like these happen all too often: According to the 2018 Verizon Data Breach Investigation Report, credential theft was the top cause of data breaches. Attackers can gain privileged access to a system using administrative credentials, remaining undetected (sometimes for months as in the Timehop incident) as they move laterally across a system, conducting reconnaissance, and waiting for the right opportunity to exfiltrate data.
Timehop’s breach is an example of the security risk that employees, both current and former, can pose to any organization that practices poor cloud security hygiene. Given the sheer scope of security incidents involving some form of credential theft, it’s important for IT staff and engineers to understand not only where data is stored but also who is accessing and exporting it.
Businesses issue thousands of credentials to employees and contractors, making it more important than ever for them to improve access management. Not doing so could cause an organization’s most sensitive data to be stolen.
Here are a few tips on where to start. Read more “Access Management Lessons From Timehop’s Cloud Security Breach”