Cloud Security News: Week in Review is our blog series, grabbing the more interesting cloud security scoops from the web. Sit back, relax, and catch up on all you should know about this week.
Another week, another WADA data breach… Fancy Bear was hard at work leaking data of international athletes. Although concerning, WADA wasn’t the only one suffering from data loss this week. Payment gateway service BlueSnap and affiliate, reported a data leak of details of roughly 324,000 users, Chinese hackers also swiped millions from Wall Street technology firm, SS&C Technologies and up to 875,000 were potentially affected in MoDaCo breach which is believed to have been caused by a compromised administrative account. In prevention news, Brandon Butler shared 9 examples of controls to implement when utilizing public cloud services within the healthcare industry. Then of course there was the biggest news of the week, with Yahoo confirming a massive breach that was said to have occurred back in late 2014.
CNN Money: Yahoo Says 500 Million Accounts Stolen
By Seth Fiegerman (@sfiegerman)
The headline-grabbing news this week is Yahoo’s announcement of a massive data breach, revealing around 500 million accounts had been breached. The origin is still being investigated but is believed to be the workings of a government-sponsored hacker. We’ll update this story next week, as more details emerge.
By Owais Sultan (@owais49892846)
Details of nearly 324,000 users are at risk in the most recent payment data breach. The victims? Users of payment processing service BlueSnap and its affiliate, RegPack. Data was dumped through a link on Twitter and shared payment information including CVV numbers of some users. Australian security expert, Troy Hunt, reviewed and confirmed the links as authentic. The breach affects those who registered with the service during March 10, 2016 and May 20, 2016. The records include filenames containing both ‘BlueSnap’ and ‘Plimus,’ the original name of the company. As the RegPack has used the payment platform since April of 2013, many believe that RegPack may be accountable for the breach.
By Jon Marino (@JonMarino)
Human error faults Wall Street technology firm as employees fall for email scam. A $6 billion market capitalization company, SS&C Technologies, was fooled by China-based hackers to release client funds. As a result of this, their client Tillage Commodities Fund has had to halt operations as a reported $6 million in funds were shared with hackers via wire transfers. Tillage is suing the firm and the suit states that one SS&C staffer “directed the release of Tillage’s funds oftentimes merely minutes after receiving the fraudulent wire requests.”
Network World: 9 keys to having a HIPAA-compliant cloud
By Brandon Butler (@BButlerNWW)
An increasing number of healthcare organizations are open to using public cloud services, calling for increased security within the industry. In an effort to streamline the move to the cloud, Brandon Butler shares 9 suggestions from chief privacy and security officer Chris Bowen.
The Register: Mobile review website MoDaCo coughs to data breach
By John Leyden (@jleyden)
MoDaCo, smartphone news and reviews site, has reported a very large data breach believed to have taken place in January of 2016. WIth up to 875,000 potentially affected, the breach was likely caused by a compromised administrative account. The founder shared a statement for further protecting user data: “We have taken action to prevent this vector being accessible in this way in the future, for us it is a lesson learned, albeit in a very difficult way to stomach. We are also liaising with the CMS provider to determine additional ways to mitigate similar attacks going forward.”