ZDNet has reported that Eatstreet, an online and mobile food ordering service, disclosed today a security breach that took place last month and during which a hacker stole the company’s database, complete with customer and partner details. ZDNet learned that responsible for this breach is Gnosticplayers, a hacker who previously breached many other online services, including big names such as Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, Evite, and others.
For customers who ordered food through the EatStreet app and website, this included names, credit card numbers, expiration dates, card verification codes, billing addresses, email addresses, and phone numbers.
Israel Barak, Chief Security Officer at Cybereason:
“With it appearing that more than 1 billion records have been stolen from dozens of companies, the hacker has thus far achieved a level of notoriety not easily achievable. The startling admission by so many companies that they have been breached again sheds light on the advantage hackers have today against the vast majority of companies. It is time for all organisations to take a post breach mindset as inevitably adversaries will successfully breach every organisation. There is no shame in being breached, but it is unacceptable today to be using antiquated tools for discovery and adhering to outdated policies to protect personal identifiable information. This is again a wake up call to the industry to implement threat hunting capabilities. Build a security team now to make it easier to detect and remediate breaches and reduce the risk against your organisation before you are making headlines for the wrong reasons.”
Todd Peterson, IAM Evangelist at One Identity:
“These types of hackers are very skilled and know all the weaknesses of systems, but they will move on to an easier target if it takes too much effort to get to the crown jewels. Ways to make yourself a difficult target are:
- Education – get your user base to understand the simple steps they can take to help security and above all ensure they know that it is in their best interest to work securely (company health, job security, their data is also a target)
- Strengthen authentication – either in the form of better password policy, multifactor authentication , adaptive authentication or all of the above
- Privileged Access Management– the ultimate goal is to always protect admin credential: the better and more complete your PAM program is the safer your systems are. In this case,l the breach was probably allowed to continue for as long as it did because the PAM program was lacking session audit and analytics, which would have detected the anomalous activity and would have been able to shut it down before damage was done.”
No tags for this post.
Based Blockchain Network