14 June 2021

Someday Companies Will Take Security Seriously

But today is not that day. We actually get 2 stories today.

First up, Volkswagen US. Audi, Volkswagen data breach affects 3.3 million customers

For two years this data was just on the net, with no security, and no one audited the vendor in question. Or no one thought it was odd.

According to data breach notifications filed with the California and Maine Attorney General's office, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.

Second, we have Intuit and their TurboTax customers. Intuit notifies customers of hacked TurboTax accounts

Similar to the Colonial Pipeline debacle, this stems from people using and reusing the same PW everywhere.

In account takeover attacks, cybercriminals gain access to their victims' accounts using credentials stolen from other online services following past data breaches.

This type of attack works incredibly well against targets who use the same login credentials for multiple sites or services.

Don't be that person.

By accessing your account, the unauthorized party may have obtained information contained in a prior year's tax return or your current tax return in progress, such as your name, Social Security number, address(es), date of birth, driver's license number and financial information (e.g., salary and deductions), and information of other individuals contained in the tax return.

Get a Password Manager - either Bitwarden or 1Password. LastPass is good, but they are charging too much.

No comments:

Post a Comment

Be Nice. Arguments are welcome. Personal Attacks will be deleted