Over the weekend, pharmacy giant Walgreens fell victim to a computer criminal that stole its email marketing list from a third party. The hacker then sent out realistic looking spam that asked people to enter their personal information into a web page controlled by hackers. Even worse, those customers that had opted out of receiving marketing emails from the drug store had their information stolen as well.
McDonald’s also experienced a data breach via a third party attack. Arc Worldwide is a company hired by McDonald’s to manage its promotional email campaigns. Arc Worldwide hired another company to actually send these promotional emails. It is that company, the name of which remains anonymous, that was the target of hackers. Though the stolen data did not contain sensitive information such as Social Security numbers or credit card information, it did contain names, phone numbers and physical addresses.
And lastly, Gawker media sites were targeted this weekend with hackers going after their more than one million commenters’ usernames and passwords. Those responsible for the attack, a group of hackers known as Gnosis, had a few words for Gawker.
“We went after Gawker because of their outright arrogance”—possibly towards the hacker community—”It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database. We have had access to all of their emails for a long time as well as most of their infrastructure powering the site. Gawkmedia has possibly the worst security I have ever seen. It is scary how poor it is. Their servers run horribly outdated kernel versions, their site is filled with numerous exploitable code and their database is publicly accessible.”
It’s hard to believe that in 2010 we are still seeing major corporations and media outlets continuously, though unintentionally for the most part, exposing sensitive information. Yes, many blame hackers for disrupting business, stealing personal information and even shutting down websites entirely. But one thing these hackers are not credited with is how they force these companies to adopt stricter web security. It would be tough to find a well-known company whose system was hacked and yet they did nothing to prevent such incidents in the future.
There’s a good and a bad to everything.Risk Management Magazine and Risk Management Monitor. Copyright 2013 Risk and Insurance Management Society, Inc. All rights reserved.