Open Exchange Rates, announced that hackers got hold of their data and systems for an entire month as they sent notifications about the data breach to its clients. So, how did the breach happen? Sylvia Van Os, who is a Linux and Open Source consultant, reported that it happens at one of their third-party IT service providers and that a secure access key for the Amazon Web Services (AWS) infrastructure was intruded.
The hacker proceeded to use the compromised credentials to access the entire network, including user data contained in the database. It was on March 2, 2020, that Open Exchange Rates started receiving reports their API was delaying to receive a response, which saw many users experience timeouts.
Upon further analysis, it was ascertained; it was as a result of network misconfiguration. When the issue was being corrected, they noted that there had been some changes to their AWS by an unauthorized account. The company subsequently followed to deactivate that user account and immediately worked on restoring operations on their platform and also worked on establishing the exact cause and level of the extent the intruder got.
It was determined that S/he gained initial access on February 9, 2020, with some of the information likely to have been extracted including:
- Name and email address
- Encrypted/hashed password used for accessing platform connected accounts
- IP addresses
- App IDs (32-character strings used for making service requests)
- Personal and/or business name and address
- Country of residence
- Website address
Key Takeaways From The Breach
Here are a few things to be aware of:
- Each employee should safeguard their password(s)
- IT should make sure that passwords are altered as per company policy like every 30, 60, or 90 days.
- IT should make sure passwords follow complexity rules; requiring numbers, letters, and other characters.
Just in the way, there’s an onboarding process for users joining the company; it’s just as essential having an offboarding process as well when users leave the organization. IT should ensure that all user accounts leaving are removed from the system, and any laptop or company device wiped clean given how credentials may be cached and still available to them
Visitors must be granted a separate guest network for them not to access corporate information. When features like Captive Portal are set up, authentication to access the corporate network will be required making sure that only authorized personnel gets in.
Taking a more preventative approach, like basic education and training, can prove to be the most effective. Many a time, employees are persuaded to give out credentials or other sensitive information via phishing emails. We can teach new and existing employees on how to spot these kinds of messages and shut out this particular route for gaining access.
At Hook Security’s Phishing Testing & Cyber Security Awareness Training, are conversant with all the cyber tricks, which is why we have some of the most sophisticated encryption software and firewall that is monitored and updated regularly. We guarantee to keep your API together with user data secure and enable systems to run efficiently. Call us today!
SOURCE ARTICLE: https://www.securitymagazine.com/articles/91931-open-exchange-rates-data-breach-leaks-passwords-and-user-information