Trusted Internet Blog

Thoughts, Guidance, Musings

What is Breach Data used for?

Posted by Jeff Stutzman, Founder | Dec 22, 2018 1:07:30 PM

Christmas is one of the business scammer times during the year. Data breaches seem to be a daily occurrence. So what. Who cares if they steal my account information from <name your favorite retailer or website> during your last minute Christmas shopping? It's not like I do anything with that account anyway right?

Wrong. 

About a week ago I received a sextortion email from a person calling themselves Zyra Neil Nicdao (zyza_neil[@]yahoo.com). 

Here is the email that I received:

You can complain to the police but they cant help you. I am foreigner. It means nobody can track my location even for 3 months. We upload a malware on your devise. I turned on your web-camera, at the moment you went to the porn web-page. Now we have a video of you …

I’m sure you can guess what they claim to have a video of. 

The email continues with a demand for $560 in Bitcoin tethered to a 24 hour countdown whereby if I don’t pay the ransom, the video will be released to all my phone contacts. It ends with “Don’t forget about the shame

I had one of our interns do some surface analysis on the email which yielded that the sender's email was leaked in October 2017 in the JobStreet breach in Malaysia and the Philippines.

Jobstreet-data-breach

The victim of this breach, Zyra, turned out to be a Registered Nurse working at the National Kidney Foundation of Singapore. Does that mean she can't be the actual perpetrator? No, but nothing in the way of our analysis suggests she is. Most likely, her information was grabbed from the Jobstreet Breach data. Sure, the guy pretending to be Zyra probably won't be caught.

But, her breach data is being used to perpetrate crimes.

This, is how your stolen account information is being used. 

Information stolen from retailers large and small create havoc in the lives like this Singaporean RN but the information doesn't have to be leaked. I have no idea how good (or bad) the security was on this job board, but there are things that can be done to keep your company from being on the hook for the next breach target. In the US, we're beginning to see law suits resulting from data breaches. 

We can help. Call or us today for a consultation!

Contact us today!

Happy Holidays!

Jeff

 

Topics: Case Studies, home security

Written by Jeff Stutzman, Founder

Mr. Stutzman is the Founder and senior information security expert operating as, and supervising virtual CISOs and Managed Security Services to companies as small as three and as large as 7500. Mr. Stutzman is a former Information Warfare focused Navy Intelligence Officer, Project Manager at Cisco working Mergers and Acquisitions, Investigations, and Global Cyber Risk Management. He was the CISO for Northrop Grumman Electronics Sector, a $16 billion global Electronics business; Principal Engineer at Carnegie Mellon’s Software Engineering Institute, and a GS-15 with the US Government serving as Director of the DoD/DIB Collaborative Information Sharing Environment at the DoD Cyber Crime Center. He has performed risk management, cyber investigations and M&A in more than two dozen high-risk cyber threat areas including China, Brazil, the Middle East, and South America. He has been cited in the Wall Street Journal, Wired Magazine, NH Public Radio, and numerous trade publications. He holds a BS from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow.