Network Security Horror Stories

Halloween is typically ushered in by pop-up costume stores, haunted house advertisements, and an influx of horror movie trailers. Yes, it would seem that October is a time to embrace all things scary, however truly scary events—like network security breaches—aren’t reserved for the month of October. Looking for a good horror story? Get ready to scream, IT managers, here are some of the biggest network security horror stories from the past year.

1. Unauthorized Access
   Early this year, Twitter detected unusual patterns that lead the social media network to identify unauthorized attempt to access Twitter user data. According to Bob Lord, director of information security at Twitter, the company “discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information…This attack was not the work of amateurs, and we do not believe it was an isolated incident.”

As a precautionary security measure, Twitter had to reset passwords and revoke session tokens of every account impacted by the attempted attack. The company also rolled out support for two-factor authentication to bolster security later in the year, likely as a reaction to attempted attacks like these.
2. The Help Desk Hacked
   In February, a security breach exposed thousands of email addresses and support messages from users of Zendesk’s services. These email addresses were particularly valuable because they could be used in well-designed phishing attacks.
3. Bugs Expose Personal Data to the World

   Starting sometime in 2012, Facebook inadvertently exposed 6 million users’ phone number and email address to unauthorized viewers before the issue was discovered in June 2013. Facebook addressed this issue on its blog saying, “We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing.” However, not all network security nightmares have to do with stolen information, even the potential for information leakage can be enough to elicit fear in the heart of any IT security manager—not to mention the company’s legal team!
4. Cybercriminals Are Reading Your Email
   Early this year, cybercriminals used a spear phishing email laced with malware to target two New York Times employees working on a story about Chinese Prime Minister Wen Jiabao and his business dealings. According to security expert Richard Bejtlich, although hackers could have access hundreds of computers over the course of the 4-month long intrustion, they scoped only 53 with a focus on what appeared to be their task: “Find out what the two reporters were going to say; find out who their sources were; and find out who they were speaking with.”
5. Malware Costs 

   In March, malware was discovered on the computer system of Schnucks Markets exposing the credit card data of more than 2 million customers. Schnucks’ nightmare didn’t end in March. This month, the St. Louis area grocery store chain agreed to a proposed class-action settlement stemming from the breach. Under the proposed settlement, Schnucks would pay up to $10 to customers for each credit card that was compromised and had fraudulent charges, as well as pay customers for certain unreimbursed out-of-pocket expenses such as overdraft fees and documented time spent dealing with the breach.
6. Fallout from the Cloud
   In March, cloud-based data storage firm Evernote revealed a data security breach that affected its 50 million users. Following the breach, Evernote issued a software update that automatically promoted user to change their passwords. Although Evernote passwords are protected by one-way encryption, security experts cite this as a cautionary tale about the risks that exists when trusting the cloud to store personal information.

IT managers sometime assume that because data is stored in the cloud or on the company’s server, it’s secure without considering the end point. Others assume that the only way to secure data is to limit the devices an end-user can use. However, as these stories demonstrate, there are a lot of ways that network security can be compromised. With over 30 control policy options for mobile and over 130 security policies for laptops and mobile combined, Moka5 enables IT to configure data security the way that best meets their unique requirement. Learn more about how Moka5 can help your company avoid network security horror stories with secure data storage, anywhere, any time, on any device.

Comments are closed.