Compromised Database Credentials Lead to UK Mobile Network Provider Breach
One of the largest mobile network providers in the U.K. has confirmed that information about more than 100k customers were compromised following a data breach due to stolen employee credentials.
While no financial information was accessed, contract and device information was leaked. Others had their personal information compromised, including name, address, date of birth, etc. In a statement released by the company, criminals fraudulently upgraded customers in an attempt to intercept and steal their devices.
TechCrunch reports that the company sent a Q&A to reports stating that the criminals gained access to its database of customers eligible for upgrade by using legitimate employee credentials, meaning somehow attackers gained access to their database administrative logins. This suggests that their customer database was protected only by a password.
Most data breaches involve stolen passwords, as the 2016 Verizon Data Breach Report (DBIR) found. The latest data shows that 63 percent of confirmed breaches involved weak, default or stolen passwords.
One of the largest U.S. health insurance providers, Anthem, reported a breach early last year with a very similar story. The company first detected suspicious activity when a systems administrator noticed a database query running on his account that he hadn’t initiated. Malicious hackers stole the credentials of five different technical Anthem employees, giving them legitimate access to their systems - and the personal information of 80 million customers.
Another 83 million were affected by the JPMorgan Chase breach in 2014 that was caused by a misconfigured server that lacked two-factor authentication, an extra layer of security for your logins that requires another way to verify your identity in addition to your password.
All of these breaches involved compromised or unprotected logins, letting attackers into systems housing millions of individuals’ personal records with just a stolen password. While passwords can be used remotely by anyone, located anywhere with just a web browser, using two-factor authentication makes it so only the legitimate user in possession of their device can verify their identity.
For example, with push-based two-factor authentication, a user logs in with their username and password. Then, via an authentication app on their phone, they receive a push notification that they must physically approve within a limited amount of time in order to gain access to an application.
This is a simple, easy and secure way to verify your users’ identities, regardless of the device or network they use to log into your applications. At Duo, we call this Trusted Users, part of a Trusted Access solution. We verify the identities of your users and security health of their devices before they connect to the applications you want them to access.
Learn more about Trusted Access and the current state of device security health by downloading the 2016 Duo Trusted Access Report.