This is our first article of 2023 in a series that puts the spotlight on Information Security.
Here, Parmenion’s Information Security Manager Sarah Coles looks at 3 recent breaches that hit the headlines, and how they could impact you.
1. Twitter data for “200+ million unique users” up for sale
What happened:
In early 2023, over 200 million stolen Twitter account records appeared on a popular hacking forum. The data was obtained sometime in 2021, enabling email addresses to be linked to Twitter profiles. The results were composed into collections of data containing email addresses alongside public Twitter profile information including names, usernames, and follower counts. [1]
What it could mean for you:
- If you have a Twitter account, its likely your information is being sold online today.
- Although the attacker gained accessed to the usernames and email addresses in this breach (rather than the passwords), they can use this information to send you phishing emails and trick you into exposing more information. For example, you could receive a fake notification referencing a recent attack, advising you to update your password.
- Attackers often try username and password combination on other popular sites such as Outlook or Gmail. If you reuse password across different sites, they could gain further access to your personal information.
How to stay protected:
- Visit https://haveibeenpwned.com/ to confirm if your information has been compromised in the Twitter attack.
Be cautious of phishing attacks where scammers may attempt to obtain personal information through email or other forms of communication.
2. LastPass – Password Vaults Stolen
What happened:
In December, popular password manager LastPass revealed a hacker had gained access to “backup customer vault data” [2]. Customer vaults contain both unencrypted information such as website URLs and fully encrypted, sensitive information such as website usernames and passwords, secure notes, and form-filled data.
What it could mean for you:
- If you or anyone in your company uses LastPass, your personal information could be at risk. Your password vault (and the data within it) is encrypted with your master password (the one used to unlock access to your password storage vault). A hacker could use freely available tools to gain access to your password – a weak one can be breached in minutes. Hives Password Table highlights how quickly an attacker can get access to your password.
How to stay protected:
- Visit haveibeenpwned.com to confirm if your information has been compromised in the LastPass attack.
- Be cautious of phishing attacks where scammers may attempt to obtain personal information through email or other forms of communication. LastPass will never call, email, or text you and ask you to click on a link to verify your personal information
- Use unique and strong (long) passwords to protect your online privacy
3. Royal Mail – International Deliveries Stopped
What happened:
In January, Royal Mail confirmed they were suffering from a cyber-attack (allegedly carried out by a ransomware gang linked to Russia), and systems used to despatch deliveries abroad were unavailable. With no workaround in place, Royal Mail couldn’t despatch items to overseas destinations or accept letters and parcels overseas until further notice. They confirmed there was no evidence to suggest customer data has been compromised ‘at this stage’ and deliveries within the UK were unaffected.
What it could mean for you:
- Royal Mail haven’t released full details yet, as the attack appears to be ongoing. You can’t be certain your information hasn’t been compromised if you have an online account with Royal Mail, so you should continue to follow the story. Royal Mail should contact you if your information does turn out to be compromised. I’ll post an update for you when I hear more.
How to stay protected:
- Update your account password if contacted by Royal Mail to confirm a data breach.
- If you rely on Royal Mail services for fraud or security controls (e.g. application forms, paper-based fact finds, ID documents), it’s worth reviewing your resiliency plans - for example, if Royal Mail couldn’t deliver post within the UK.
[1] https://haveibeenpwned.com/
[2] https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.
Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.