Posts

Disney Plus Data Account Breach Thumbnail

Thousands of Disney Plus Accounts Hacked After Launch

Disney’s new streaming service was hacked a week after launching and hackers are offering breached accounts for sale online for $1 a month or $3 a year.

The service garnered over 10 million subscribers on their first day and within hours hackers took control of user accounts.

Disney+ users said on social media hackers were logging in to their accounts, logging them out and changing the email and password of their accounts.  If this is true, then some users could be in huge trouble. 59 percent of people use the same password everywhere, according to a poll conducted by Lastpass. Therefore, there’s a big chance Disney+ subscribers use the same email and password for multiple accounts.

Other streaming services such as Netflix, Hulu and HBO Now have been targeted by hackers too. Users report finding unfamiliar names and profiles in their accounts.  And if you’re a hacker looking to make a quick dollar, it this isn’t too hard to do.

How Did This Happen?

It’s estimated that millions of online accounts are scouted and tested using a method called credential stuffing. Hackers test a database of stolen information such as passwords and usernames against various accounts in order to find a match.

Hackers have programs that run these tests in seconds. And since we know over half of people use the same username and passwords across multiple accounts, there’s a huge probability they’ll find a match.

Another scam cybercriminals use to get your email, in the instance of Disney+, would be to send a fake email to a subscriber warning them their accounts were locked. The fraud email asks the user to provide their account information for “verification”. After a hacker gains this information, they log in to the account, change the password and block the subscriber from accessing his or her account. This is a form of phishing and it happens every day.

Disney Plus Data Account Breach Statistics

It’s a Bad Week for Disney+

The curious thing about Disney+ is that users who had unique passwords also got their accounts hacked according to a ZDNet report. Secondly, the new streaming service was still in the seven-day free trial period, even for people who signed up for it immediately after it went live. In other words, there wouldn’t be any profit for hackers since people were still using it for free. Moreover, if you’re a Verizon customer you get Disney+ free for a year.

The new streaming platform has had a rough first week since it went live on Nov. 12, with slow screen loads to messages on their homepage displaying ‘unable to connect’. The company said it was working hard to fix the problem and they were mainly due to a demand for the service that was higher than expected.

Subscribers of streaming services should ignore and avoid emails relating to their accounts and never provide account information through email. Also avoid using the same password for everything. It’s honestly an invitation to get hacked. If even one of your accounts is compromised that risks all your accounts.

Why Does it Happen?

And this isn’t something common just among streaming service users, it’s common for everyone. Even people who work in industries and companies with extremely valuable data fail to take precaution. It’s been reported repeatedly that human error is the leading cause of cybercrime. To be more specific, human error is the main cause of 95 percent of cyber security breaches according to an IBM study.

Human error encompasses a large variety of actions, not just password related errors. It can be downloading malware after opening a phishing email or working on an insecure network. Victims of ransomware attacks aren’t foolish, just careless.

The Disney breach might not seem related to company breaches until you consider Disney+ users are accountants, lawyers, financial advisers, and business owners. If over half of people use the same password for everything, what’s stopping them from using their Disney+ password to access their account information or login to their database?

For a cybercriminal, this is their best-case scenario. They access a user’s information, discover he works at a medium size accounting firm, and proceed to use the password they got from accessing their streaming service to access their firm. There are even cases where people use their work email as their login email for other accounts.

It Takes More than Good IT

There is only so much IT for accounting firms can do in this case. Companies must do more than rely on their IT infrastructure to keep them safe. Situations like these create huge compliance risks for those who work in the financial services industry. For those who work in or own their own business, it creates liabilities that could potentially ruin the company.

Hackers always look for the path of least resistance. They choose a small or medium sized business because it won’t attract too much attention. They send hyper-targeted phishing emails because people are likely to fall for them. Cybercriminals even buy malware programs on the dark web so they don’t have to develop it themselves. The trick is to do everything possible to make their jobs as difficult as possible by implementing smart, best-practice procedures. At the end of the day it’s about eliminating liabilities.

Disney+ users should be mindful of what email they use to login and what password they choose. It might affect more than their weekend.

Click here to read our blog about how  businesses can protect themselves from cyberattacks.

Riviera Beach Got Hacked : Forced to Pay 600K in Bitcoin

Cyber-attacks are becoming ever more frequent, affecting local business, schools and even cities.

Most recently, it was reported that Riviera Beach had to pay 65 bitcoins, which is the equivalent of $600,000, to hackers after a government employee clicked on a malicious email link three weeks ago.

This was a classic case of ransomware. A hacker uses social engineering to attack unsuspecting people to click on a link or an email attachment. Once they click, malicious software encrypts files, making them inaccessible until the victim pays to get it encrypted, hence the name ransomware. Ransomware, like in the case of Riviera Beach, is delivered through email via links, downloading attachments and in some cases social media messaging. Many Nerds Support partners who receive suspicious emails, send them to our IT and Software experts to analyze and vet to determine whether the email is safe to open or not. This is just one way to prevent a situation like the one in Riviera Beach.

According to a report by The Council of Economic Advisers, malicious cyber activity cost the US economy between $57 billion and $109 billion in 2016 and since then, cyber-attacks have become far more common. Juniper Research, a cyber-security firm, projected cybercriminals will steal an estimated 33 billion records by 2023. Juniper expects more than half of all data breaches globally to occur in the US by 2023 as well.

Having Backups are Key!

The most important thing businesses can do is back-up their data regularly and consistently. Here at Nerds Support, we provide our partners with daily automated back-ups, for example, and filter out potential malicious websites and emails. Also having cyber security measures in place to mitigate the risks is a big step. Training staff in yearly, quarterly, or semi annual trainings is an effective strategy. Should your business suffer a ransomware attack, at the very least you’ll be able to access your important information, mitigating the impact of the attack. As an organization, you can also employ anti-ransomware software to prevent ransomware from successfully launching. Nerds Support has IT engineers along with sophisticated security software, monitoring suspicious activity 24-7 and alert our partners of any potential threats including strange files, email links, or attachments.

 The DOJ reported an average of 4,000 ransomware attacks occurred per day in 2016 with over a billion dollars in ransoms paid. These numbers have increased since. A Beazley Breach Response study revealed, about 70 percent of ransomware attacks in 2018 targeted small businesses with an average ransom demand of over $100,000, the highest demand topping at $8.5 million.

Ransomware is becoming increasingly lucrative because it offers cyber-criminals a low-risk, high reward method for monetizing malware.  The malicious software typically isn’t very complicated because most businesses are underprepared to deal with ransomware anyway, which appeals to even the most amateur cybercriminal. In March, Albany New York, the state capital, admitted being hit with ransomware on a Saturday. There are minimal to no IT staff on Saturday’s. Neither the private nor public sectors are adequately prepared to handle even the most primitive malware attack precisely because IT security has traditionally been a minimal concern, only now are we seeing the damaging consequences of underappreciating it.

Nerds Support is working hard to protect medium and small businesses from experiencing any cyber breach, including ransomware with its dedicated team of engineers and IT professionals.

Contact us today at 305-551-2009 and hacker proof your firm!