Trusted Internet Blog

Thoughts, Guidance, Musings

What is Breach Data used for?

Posted by Jeff Stutzman, Founder | Dec 22, 2018 1:07:30 PM

Christmas is one of the business scammer times during the year. Data breaches seem to be a daily occurrence. So what. Who cares if they steal my account information from <name your favorite retailer or website> during your last minute Christmas shopping? It's not like I do anything with that account anyway right?

Wrong. 

About a week ago I received a sextortion email from a person calling themselves Zyra Neil Nicdao (zyza_neil[@]yahoo.com). 

Here is the email that I received:

You can complain to the police but they cant help you. I am foreigner. It means nobody can track my location even for 3 months. We upload a malware on your devise. I turned on your web-camera, at the moment you went to the porn web-page. Now we have a video of you …

I’m sure you can guess what they claim to have a video of. 

The email continues with a demand for $560 in Bitcoin tethered to a 24 hour countdown whereby if I don’t pay the ransom, the video will be released to all my phone contacts. It ends with “Don’t forget about the shame

I had one of our interns do some surface analysis on the email which yielded that the sender's email was leaked in October 2017 in the JobStreet breach in Malaysia and the Philippines.

Jobstreet-data-breach

The victim of this breach, Zyra, turned out to be a Registered Nurse working at the National Kidney Foundation of Singapore. Does that mean she can't be the actual perpetrator? No, but nothing in the way of our analysis suggests she is. Most likely, her information was grabbed from the Jobstreet Breach data. Sure, the guy pretending to be Zyra probably won't be caught.

But, her breach data is being used to perpetrate crimes.

This, is how your stolen account information is being used. 

Information stolen from retailers large and small create havoc in the lives like this Singaporean RN but the information doesn't have to be leaked. I have no idea how good (or bad) the security was on this job board, but there are things that can be done to keep your company from being on the hook for the next breach target. In the US, we're beginning to see law suits resulting from data breaches. 

We can help. Call or us today for a consultation!

Contact us today!

Happy Holidays!

Jeff

 

Topics: Case Studies, home security

Written by Jeff Stutzman, Founder

Mr. Stutzman personally operates as the CISO to the head coach of an NBA team, a $3.5 billion Houston oil and gas engineering and services company, a northern Virginia physical security company, and Wall Street CEO while supervising Virtual CISOs responsible for protecting executive homes and their companies around the world. He has been cited in the Wall Street Journal, Wired Magazine, NH Public Radio, and numerous trade publications. He holds a BS from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow.