800,000+ credentials compromised in data breach - Netwrix comments
October 2020 by Netwrix
Chowbus a mobile-based Asian food delivery service that allows customers to order food from local restaurants in cities around the USA, Australia, and Canada has been hit by a data breach. It is reported that 800,000 + entries of personal data have been compromised.
Ilia Sotnikov, VP of Product Management at Netwrix has made the following comments:
“We are so used to ransomware attacks or other incidents committed for political or financial gain, that a data breach at Chowbus is very unusual. This scenario hasn’t been popular before and can be a result of criminal mischief, or a desire to harm company’s reputation. By undermining trust in company’s ability to protect customer data, hackers may encourage victims to turn to competitors. Although there is no information on the root cause of the incident, we may assume that such attack could have been initiated by an insider, such as a disgruntled employee.
“As the darknet offers more and more crime-as-a-service options, and more companies rely on customer data as their core asset, I expect that similar breaches will be more common in the near future. Being focused on protection against ransomware, many organisations turn a blind eye on their own employees, who have legitimate access to sensitive data and one day might abuse their privileges, voluntary or involuntary.
“To protect against such attacks and mitigate insider threats, organisations need to ensure that their security basics such as least privilege principle and alerts on unauthorised data access are covered in their security strategy. Organisations need to be aware of who has access to sensitive data and where it resides, as well as monitor user behaviour to spot malicious activity on time.”