50 million customer records were stolen from LivingSocial. Were you one of them? If you’re one of the millions of people that like to look at their daily deals, then you likely were.
While credit card information was not stolen or accessed, other personally identifiable information (PII) was. This includes names, email addresses, dates of birth and some encrypted site passwords. Despite the fact that clear text passwords were not stolen, Living Social still emailed their full user database advising them of the breach and encouraged all users to change their passwords. (This created another issue as many spam filters saw these emails as phishing attacks and blocked them from getting to end users’ inboxes.) While Living Social is a consumer site, this breach has far reaching ramifications for all types of businesses. It also raises two important questions:
- “What does this mean for my business?”
- “Are we protected against a targeted attack or APT like that one?”
“What does this mean for my business?”
Breaches are commonplace and they can ruin your business’s reputation. Hackers are out to get any data they can monetize. They will get anything they can sell to the highest bidder. That might be credit cards, copyrighted information, or trade secrets but it could be as simple as authentication credentials, names and email addresses. These all have dollar values to someone and are what attackers are after. Every company has something that is of value and hackers want it. It is no longer a matter of if a breach will happen but a question of when it will happen (if not already).
“Are we protected against a targeted attack or Advanced Persistent Threat like that one?”
If you are using legacy protections only (like firewall, signature based anti-malware, and spam filtering), then you’re probably not safe. These new, sophisticated attacks are designed to evade common protection solutions and go undetected for long periods of time. Targeted attacks are the new normal and without a true defense in depth security strategy you may not be adequately protected.