Weekly Email Security News Recap #1 [November 2022]
The cyberworld is constantly evolving, along with new ways for bad actors to exploit unsuspecting individuals and organizations. High-profile cyberattacks continue to make headlines, reinforcing the need for robust online security.
Thus far, November has seen some major cybersecurity news stories, highlighted below in this week’s recap.
On Monday, the Federal Trade Commission (FTC) announced it had taken action to ensure Chegg Inc. fixes its data security issues, which have led to four serious data breaches since 2017.
Chegg, Inc. is an American multi-billion dollar online education technology giant that employs about 2,500 people and provides services like:
- Homework help
- Online tutoring
- Digital and physical textbook rentals
- Other student services
The FTC said that Chegg’s “flexible data security practices” exposed the private data of millions of customers and employees, such as email addresses, passwords, and dates of birth.
Personal Records Revealed Since 2017
On October 31, FTC released a press statement indicating that the ed tech company’s repeated negligent approach to data security stems from 2017 and has exposed:
- Email addresses
- Social Security numbers
- Names and surnames
In 2018, a former Chegg Inc. contractor stored the personal data of approximately 40 million customers by accessing the company’s cloud database on an Amazon Web Services server.
The contractor, who owned the administrator login details, had stolen the information, resulting in employees’ and customers’ data being sold on the dark web.
The Federal Trade Commission states that Chegg Inc. continuously failed to resolve issues with its data security while collecting specific user information such as:
- Religious background
- Sexual orientation
- Dates of birth
Following FTC’s complaint order voted 4-0 by the Commission, Chegg Inc. has agreed to upgrade its cybersecurity practices.
Updating security measures includes documenting and following a schedule regarding which personal data is collected, why, and when it will be deleted. The Commission also requires Chegg Inc. to provide its customers access to data about them and allow them to request the deletion of that data.
Chegg Inc. also must provide multifactor authentication methods to its customers and employees to secure their accounts.
And finally, the company has to implement a cybersecurity program that encrypts customer data and provides employee training.
On October 29th, a vast cyberattack caused the Atacama Large Millimeter Array (ALMA) Observatory to suspend all astronomical observation operations and shutdown its public website.
Observatory’s email services are currently limited, and IT specialists are working on restoring the systems.
ALMA, located in Chile, announced the security incident on Twitter. According to the nature of the incident, there’s no estimated date when operations will be restored.
It’s worth noting that according to the observatory, no scientific data was compromised in the attack.
ALMA Observatory’s spokesperson indicated that they can’t discuss the details of an ongoing investigation, that their IT team is ready to face the situation, and that they’re working on recovering normal operations.
The ALMA observatory has 66 high-precision radio telescopes 12 meters in diameter and 5,000 meters high, at the Chajnantor plateau. It’s home to the world’s most expensive ground telescope, costing $1.4 billion.
The project was developed thanks to a multinational effort involving:
- The United States
- South Korea
Any halt in observatory operations will affect multiple science teams and ongoing projects worldwide.
Users can now follow the status updates on NRAO’s website or ALMA Observatory’s social media channels.
Skyward finance, an initial DEX offering (IDO) platform, has reportedly been exploited for 1.1 million NEAR Protocol tokens (worth an estimated $3 million).
The Aurora Lab’s community moderator Sanket Naikwadi shared the news on Twitter, stating that a member of the Near Protocol community noticed the exploit first.
Ref finance (the DeFi platform built on the Near Protocol) and the Skyward team have been notified of the leak.
The cybercriminal reportedly purchased many skyward tokens on Ref Finance and redeemed them through Treasury on Skyward Finance.
SKYWARD Token holders were warned to save or swap their tokens and no longer interact with Skyward Finance because the hacker has already withdrawn NEAR to many different wallets.
Blockchain analytics firm Chainalysis recently marked October 2022 as “the biggest month in the biggest year ever for hacking activity.”
Cyberthreats challenge small and big organizations worldwide, leaving the worst consequences, which causes millions of dollars worth of damage.
Cybersecurity has become extremely important for organizations, which must have the ability to recover data and ensure that operations can continue in case of a cyberattack.
Ways to reduce the risk of cyberattacks are plentiful, and one of them is to have reliable email security measures.
You can quickly secure your email domain with EasyDMARC by signing up today!