We all see massive cyber breaches in the news. When industry giants are the victims of a security breach, we typically first think about the customers and their personal data. News stories covering cyberattacks look at how many passwords were leaked or the number of lost credit card numbers. Still, there’s something we tend to overlook when hackers find an opening in a big business’s digital armor: small businesses. Vulnerabilities that are discovered by picking away at a major player’s security measures are immediately redirected to companies with fewer resources. Let’s take a look at some massive breaches and their secondary effects on the small businesses that support our daily lives.
Verizon’s Employee Breach
In May of 2022, Verizon was the victim of a data breach. In this data breach, the full names, email addresses, and other identifying information such as corporate ID numbers and phone numbers of Verizon employees were plucked from Verizion’s internal databases by hackers. A report from Motherboard, as well as a statement from Verizon themselves, have confirmed the data breach in question did indeed take place. Verizon claims that it will refuse to engage with the hacker because Verizon does not believe the information is sensitive enough to warrant any sort of worry[1].
Motherboard reporters went the extra mile, however, and combed through the leaked database to confirm that the hackers were indeed genuine in their findings. Employees, both past and present, were contacted with phone numbers and other contact information found in the package shared with reporters. This alarming breach of privileged company data was executed by a surprisingly simple trick in the hacker’s toolbelt — they were welcomed in with open arms.
According to the hacker, they simply posed as an internal employee and asked for remote assess to a corporate terminal. From there, they were able to root around for any information they could find. Now that they have their hands on a much more robust set of identifying credentials, the next attempt may be much easier and more effective.
There were no lost social security or credit card numbers, and no passwords were leaked. Knowing that the hackers used a minimal amount of identifying credentials to gain access to Verizon’s corporate servers means that the information leaked could lead to a much more devastating breach next time. Even if the hackers don’t target Verizon headquarters again, they could very easily run a series of sophisticated scams now that they have internal names and ID numbers.
MGM’s Data Leak
On Telegram, the social messaging app, a rather hefty 8GB database stuffed to the brim with the personal information of around 30 million MGM Resort guests, was discovered by vpnMentor Research Team. vpnMentor Research Team can be thought of as digital volunteer firefighters. They tackle cybersecurity threats and spend their time teaching organizations how they can better protect their clients and their data.
According to reports from Hackread, the data had been obtained as early as July 2020. A group or perhaps an individual going by the name NightLion[2] claims to have plucked the personal information from a data-leak monitoring service called DataViper. Part of the delayed response to the news was due to DataViper’s insistence that the breach had, in fact, not occurred and further asserted they had no access to MGM’s internal storage. The package’s release on Telegram and the statements from vpnMentor prove otherwise.
The data leaked in the package, similar to Verizon’s leak, contain reams of identifying credentials. This data ranges from full names and dates of birth to postal addresses and over 24 million unique email addresses and accompanying phone numbers. This data is now in the hands of bad actors that can easily slot this database into one of their own. The names, numbers, and the mere fact that they have been proven customers of MGM Resorts[3] can now be used in rather sophisticated phishing schemes and a bevy of other petty scams. The data can be weaponized against MGM Resorts themselves. Hackers and scam experts can use this data to convincingly pose as past customers to give themselves approximately 20 million attempts at a thriving racket of their own design.
How Does This Affect Small Businesses?
It’s easy to see the consumer-related consequences of these data breaches. In two attacks, a population the size of the state of Florida[4] has been exposed to the whims of any hacker with access to the right Telegram channel. That data can easily be used for email scams, phishing calls, and anything else you can think of with a bit of creativity. What we often have a more challenging time seeing is how these breaches can be directed at small businesses.
As hackers land on breach methods that break through the sophisticated protection methods of large businesses and the resources they have available, they will use those methods to breach small businesses and their more limited defenses. Suppose a small business unwittingly allows remote access to one of its internal machines or their storage system is breached, and they lose their client data. In that case, their business could very easily buckle under a proposed ransom or a negligence claim.
What Can AXEL Do?
Our storage methods and our security solutions are built to be people-proof in some respects. Documents stored with AXEL Go are digitally fragmented and stored separately across a number of independent servers. To supplement this, actions taken within AXEL’s infrastructure are encrypted from end to end with military-grade AES-256 technology. Any prying eyes that have wormed their way into a small business’s systems would need to break through billions of layers of encryption, and following documents to their destination quickly becomes a fool’s errand with decentralized storage.
Best of all, AXEL Go never lays eyes on your data, meaning no stray unauthorized copies are floating around on the internet to be scraped by a clever bot, and AXEL Go doesn’t discriminate based on company size. Individuals getting their practice off the ground have the same protection as premium power users. Protection of small business with the zeal and professionalism normally reserved for big businesses creates a safer internet for all, and we intend to build it.
You can sign up for a 14-day trial of AXEL Go Premium with all of our features unlocked and see why AXEL Go is leading the future of file-storage
Citations
[1] Cantisano, Timi. 2022. . Xda-developers.com. https://www.xda-developers.com/verizon-data-breach-employees-data/.
[2] 2022. “Exclusive: What Happened? A dispute between NightLion Security and Astoria Company Escalates”. Databreaches.net. https://www.databreaches.net/exclusive-what-happened-a-dispute-between-nightlion-security-and-astoria-company-escalates/.
[3] Conneller, Philip. 2022. “MGM Resorts Data Hack: Customer Info Stolen in 2019 Now on Telegram”. Casino.org. https://www.casino.org/news/mgm-resorts-data-hack-customer-info-stolen-in-2019-now-on-telegram.
[4] WAQAS. 2022. “142 Million MGM Resorts Records Leaked on Telegram for Free Download”. HackRead | Latest Cyber Crime – InfoSec- Tech – Hacking News. https://www.hackread.com/142-million-mgm-resorts-records-leak-telegram-download/.