Friday 20 September 2013

Vodafone Hacked! Over 2 Million Users Exposed

For a while now, we’ve been pushing the point that we can no longer trust established businesses and institutions to properly safeguard our data. If you doubted us, here’s some more evidence.

News broke last Thursday that a Vodafone server in Germany was hacked and the names, addresses, birth dates and bank account numbers of approximately 2 million customers have been exposed.

According to the latest statement from Vodafone (in German
), it appears hackers were unable to access other sensitive details like passwords and credit card numbers, but the information that was exposed should certainly be cause for concern.

As Vodafone explained in their (translated) statement, "It is virtually impossible to use the data to get direct access to the bank accounts of those affected." And that’s true. It is also true, however, that the leaked information could be enough to distribute very convincing, but fraudulent phishing emails and phone calls that encourage customers to hand over key access information like passwords that could ultimately give hackers full access to bank accounts.

The exact timing of the attack has not yet been made public, but the German branch of Vodafone said police have identified a suspect and began notifying customers on Thursday that their information may have been compromised.

Sadly, this is the type of attack that is very difficult for the end user to prevent. But it should also act as a reminder that our digital security is constantly exposed to very real and potentially damaging threats. If you aren’t yet taking practical measures to safeguard your personal data, it’s time to start.

You can try SumRando for free here.

Tuesday 10 September 2013

Google Docs Phishing Attack Puts All Your Online Data at Risk

Just over a week ago, we warned you about putting all your digital eggs in one service provider's basket. This week, the universe decided to back up our argument as cyber-scammers unleashed a large-scale phishing attack that pretended to be a "Secure Document" sent through Google Docs.  

The email reads:

Hello, A Secure Document was sent to you by your financial institute using Google Docs. Follow the link below to visit Google Docs webpage to view your Document Follow Here. The Document is said to be important. Regards. Happy Emailing, The Gmail Team 

Readers who click the link in the email are taken to a fraudulent Google login page that's actually hosted in Thailand. The page asks users to input their email address and password. Bonus: according to the fake login page, Google Docs now supports users from other email providers including Yahoo!, AOL, Hotmail, and others; so phishees can feel free to submit any email address they might have. Unfortunately, as the Sophos researchers who discovered the attack put it, filling out the form "can only end in tears."

Remember, falling for an attack like this doesn't just put your email at risk. Many services including online banking use your email address to verify your identity when you forget your password or username, so in many instances, unauthorized email access can put other data in jeopardy. Furthermore, as we previously mentioned, many users treat Google as a hub for their digital content with services like Google Docs and Google Calendar. If you have sensitive data in either of these services, you've just been compromised.