350,000+ Personal Data Exposed After Preen.Me Attack

350000 personal data exposed after preenme attack

It’s the rare business that can survive without marketing and social media efforts, so when a social media marketing company like Preen.Me comes under a cyber attack, it invariably adversely affects many, many interested parties. And with Preen.Me’s recent hack, that’s exactly what happened. Over 100,000 social media influencers have had their personal data stolen because of their connection to Preen.Me. In addition, over 250,000 social media users have had their personal data exposed on a deep web hacking forum from their use of ByteSizedBeauty, a Preen.Me application.

While Preen.Me primarily focuses their marketing efforts on beauty-related content, meaning many other types of businesses were spared, that does not provide any comfort to those whose primary business is related to personal care. Preen.Me boasts big-name customers such as Unilever, Revlon, St. Ives, and Neutrogena, who in turn interact with large customer bases. 

In this post, we will outline how the attack was discovered, the data involved, and discuss the level of sophistication that hackers and data thieves can employ in their efforts to exploit, steal from, and harass innocent parties.

The Discovery  

RBS, a world-renowned leader in cyber security, first discovered the Preen.Me leak on June 6, 2020 after they noted a known threat actor posting a message on a deep web forum about their recent hacking efforts. The attack was confirmed by the actor on the same day when they shared stolen information from 250 beauty influencers on PasteBin. PasteBin is a content hosting website service that allows users to store text on their site for set periods of time. The hacker also threatened to release the personal information of 100,000 records he/she acquired. However, as of this date those records do not seem to have been released.

The Data at Risk 

The affected clients of Preen.Me are social media influencers involved in the beauty industry. Of course, their social media efforts lead them to collect information about their followers as well. Information from both side of the equation were affected, with the threat actor exposing personal information of the media influencers such as home addresses, phone numbers, email addresses, names, and social media links. In addition, some of these social media influencers have over a half million followers, potentially exposing their information as well.  

Further Exploitation

It wasn’t enough to steal such a large amount of data to potentially hold Preen.Me for a ransom amount. On June 8th, the hacker released detailed information of the over 250,000 users of Preen.Me’s application, ByteSizedBeauty. The details include their Facebook name, ID, URL, and friend’s list, along with their Twitter ID and name. Personal information was also leaked, including their email address(es), date of birth, home address, eye color, and skin tone. 

Also found in the stolen database dump, were 100,000 user authentication tokens for social media, along with a small number of possible password hashes, and a data table consisting of over 250,000 records containing user names, email addresses, customer names, and auto-generated passwords. 

Doxing so many users of Preen.Me’s marketing tools and applications leaves all of them exposed to significant issues with spam, harassment, and especially identity theft. It remains to be seen if the hacker has accomplished their entire “mission” or if they are planning to further exploit Preen.Me and/or their clients. 

A Cautionary Tale 

Preen.Me’s recent attack is a cautionary tale for every other entity that uses the world wide web. Hackers can take very personal information and hold it for ransom, or they can release it on the dark web and allow others to commit further criminal acts against innocent affected parties. Organizations must take technology security seriously and understand their security efforts are not just protecting their own data, but the private data of clients who entrust them oftentimes with very personal information.

If you would like to know more about how to protect your business and the sensitive data of your clients from cyber hackers, please contact us.

Why Your Business Should Undergo a Digital Transformation

it service management

While most companies recognize they should at least have a web presence online, there is so much more technology available to help them become more efficient and provide improved customer service, as well as offering something they may not have even realized, this being better decision-making. With companies getting more and more competitive, it’s becoming more important than ever to go through a digital transformation and take advantage of any and all opportunities to remain in the forefront of the pack.

Why a Digital Transformation? 

In order to determine why a company would want to undergo a digital transformation, it must be defined. A digital transformation involves the integration of technology into all aspects of running a business, developing a new digital foundation that influences every facet of operation, as well as how a business delivers value to their customers. The reason why many companies decide to take on this type of transformation is because the results typically show measurable and impressive improvements in key areas of business operations.

Improved Employee Efficiency

Digitizing manual processes and tasks that employees routinely perform make take some time up front to develop but once manual tasks become automated, it frees up employees to focus their time and effort elsewhere. Traditional functions involving payroll, accounting, and finance often center around repetitive tasks that are fairly easily automated. Once employees can break away from manual processing, they can focus on other projects that require a more hands-on focus.

Improving the Customer Experience

Customers always appreciate streamlined, thoughtful improvements in their experience with a business. Automating customer interaction processes reduces wait times, and providing a 24/7 customer outreach mechanism allows customers to reach out with questions or comments when it’s most convenient for them. By using a CRM (customer relationship management) application, employees can view a customer’s question, find out all the necessary information, and provide an immediate full response, as well as additional information they think is helpful. By going the extra mile, customers feel appreciated and customer representatives have an opportunity to expand a sale and/or provide extra goodwill.

Improved Security

Digitizing corporate data is one of the foundational ways in which a company can protect such a vital asset. Manually stored data is vulnerable to theft, loss, and natural disasters such as a flood or fire. By automating all data including pertinent information such as customer and vendor contacts, payroll information, employee profile data, sales orders, etc., companies have protected their most vital resource — corporate data that allows them to function on a daily basis. By developing a comprehensive backup and restoration plan, companies can easily restore their data in the event they experience a catastrophic failure.

Better Decision-Making

Not only is it a good idea to digitally transform corporate data for security reasons, it is also helpful to have detailed information in order to facilitate better decision-making. By digitizing corporate data, companies can capture, store, and analyze large volumes of data that can almost effortlessly be pulled together by specific applications. A variety of software applications are available that can incorporate and formulate large amounts of complex data, giving business owners key insights into how well their business is functioning (or not), and suggestions on where to focus their efforts in order to make improvements.

It Takes Some Time

As with any other project, digitally transforming a company’s operations does take some initial time and effort. However, once transformed most businesses begin to reap the benefits of their transformation right away. Improved data security, an improved customer experience, and greater insight into the overall functions of the business, even down to a very fine level, are all typical gains that business owners enjoy after undergoing their transformation.

If you would like more information on how to digitally transform your business, please contact us!

Also, check out our cabling services!

Secure Email Solutions for Your Business

secure email solutions

We certainly live and work in challenging times these days. With an acceleration in hacking attempts, data thieves, etc. since the beginning of the pandemic, it’s more important than ever for companies to ensure they are doing everything they can to protect themselves from potential security issues. Of course, one of the ways that users are communicating with each other and their clients even more, is by way of email. Whereas before an employee may simply have walked over to a co-worker’s desk for a work-related conversation, now many employees are working remotely, thus increasing the likelihood they may be exposed to a security threat. If they haven’t already done so, now is the time for companies to review the options for secure email solutions.  

Layered Solutions  

As the title of the article implies, it’s not enough anymore to have one security solution. Companies must think in terms of multiple security solutions, and that means layering their security coverage. In terms of email security, it’s not enough anymore to rely only on the security tools provided by the email giants such as Google or Microsoft. While these companies do offer basic types of coverage that provide some protection, smart organizations are wise to consider adding another layer of protection for their email correspondence, by way of a third party vendor that specializes in cloud-based email security.

What to Look For

When looking for third party security packages, a good solution will encompass several key components in order to address several email-specific security vulnerabilities.

Ransomware Attacks

Ransomware is a type of malware that takes over and encrypts a victim’s device or information, and it is becoming an increasingly popular type of email attack. A good email security solution will outline how it stops these types of attacks before the hacker can follow through.

Internal Threat

With more and more employees working from home, it does become more of a challenge for companies to track their employees and their actions. Whether by accident or a deliberate attempt by a malicious employee to expose sensitive corporate data, a third party email solution can block outbound email-based connections before they occur.

Spear Phishing

Hackers often use tactics such as spear phishing in an attempt to confuse an employee into clicking on a malicious link. Many hackers will take a substantial amount of time to study a company. They then attempt to impersonate someone either high up in the company they want to exploit, or someone from another other business or vendor with which they work closely. Employees not used to working remotely may feel someone isolated and alone, and just enough out of their routine to click on a link that seems legitimately sent by someone in management, when it’s not.

A good third party email solution will employ custom security controls based on correspondence patterns, location and normal activity, thus preventing employees from trying to follow through on an unusual request.

Benefits 

Third party software security applications can save both regular employees and IT team members from having to manually fend off spam, malicious attachments, dangerous file types and suspicious impersonation attacks. In addition to reducing the amount of time that employees spend on these types of threats, they also have other benefits. Cloud-based email security solution packages can provide email backup and recovery, in addition to streamlining the management, availability, and retrieval of emails through cloud-based archiving. Some companies also find great benefit in the ability of a security package to handle e-discovery and compliance issues by offering specialized tools to meet their regulatory requirements.

We’re Here to Help

If you need assistance in reviewing the current level of email security protection in your organization, we can help.

Contact us today for more information on how security layering can provide the protection and peace of mind your company is looking for. 

3 Critical Services Your Current IT Support Is Missing

3 critical services your current it support is missing

It’s always fun for IT guys to see people in the financial industry marvel at Bitcoins and their fluctuations. Here in IT, fluctuation and change are the norms.  A significant service can be a lifesaver now but give it a few years, and it will be completely null. Herein lies the problem. In IT, things change fast, and businesses that don’t adapt to these changes are flushed down the toilet. This is why choosing IT Support is a daunting task. The service spectrum is broad, needs are always changing, and it’s always difficult to tell if your IT service provider is providing you with the best services, or leaving some vital things out of their checklist.

Your IT service provider may be missing the following boxes on their service provision checklist:

Cloud Cost Optimization

The internet always seems free for everyone except for IT firms. Your internet provider may be intentionally or unintentionally, making you pay way more to the Cloud Service Providers than you should. Statistics show that most companies spend about 36% more than they should pay to their Cloud Service Providers such as AWS.

Most IT businesses lose out on massive savings by outsourcing their Cloud Management to IT Service Providers who overlook cost optimization. To these providers, getting you to the cloud is an accomplishment, even if your business has to spend fortunes to use it.

There are a plethora of actions your MSP should be undertaking to cut your cloud costs significantly. Your IT service provider should be:

  • Using or being heavily invested in Cloud analytics
  • Integration of Auto Scaling To reduce costs
  • Using AWS cost optimization tools
  • Power Utilization Practices such as Power schedules
  • Right-Sizing Of Computing Services
  • Use of Spot instances when necessary

Contingency Plans and Security

Once you have outsourced most of your IT service requirements to an IT firm, the security and safety of your data and the customer’s data become a priority. The two most essential things in security are contingency plans and constant improvement. Though most MSPs invest heavily in security, very few offer “Plan Bs” when the ceiling caves. Failure to plan, in IT more than in any other industry, is planning to fail.

  • Your MSP should have:
  • Clearly laid out Disaster Recovery Plans
  • Insurance in case of a Cyber Attack
  • Extensive and Secure Backups for your data

In terms of constant improvement, your IT service Provider’s security plan should always be evolving. Security in IT is not a destination but a journey. Malware is continuously changing and improving, and so should your IT providers Security Plans. Your IT provider should be keeping up with the following cybersecurity and malware trends:

  • Increase in instances of Ransomware
  • Third-party Cryptomining
  • State-sponsored cyber attacks
  • Artificial intelligence in cyber terrorism

Regulatory Compliance

For years now, it was assumed that the web and IT were beyond regulation. Well, the amount of regulation in IT has significantly increased for two fundamental reasons. Governments and regulators have spent the past few years catching up. Also, the rise of IT and its growth has seen IT expand into uncharted territory and industries increasing its influence. This has called for more regulation.

Navigating the regulatory landscape is an essential service your MSP needs to offer. Some of the past, present and future regulations that have been lorded over the IT industry include:

  • The General Data Protection Regulation (GDPR) in the European Union
  • Consumer Privacy Act in California (CCAP)
  • The Biometric Data Law in Illinois
  • Consumer Online Privacy Right Act(proposed Bill)
  • Children’s Online Privacy Protection Act (COPPA)
  • To show how a lack of regulatory compliance can cost a business and how fast the regulatory climate is changing, YouTube was recently fined $170 million for violating the COPPA regulations.

Regulation in itself is a noble idea, but it may lead to massive losses in money and time if neglected. Your IT provider has the responsibility of preparing you for future regulations and how they will affect your business. Your IT provider should be able to

  • Extrapolate your current investments and plans to see if they will be legally viable in the next ten years or so.
  • Align the services they offer to ensure that they comply with present and possibly future regulation.
  • Assure the privacy of your IT firm and the data of your customers and staff.

Though it’s true that the IT climate is always changing, we here at 4 Corner IT have always been changing with it. For any inquiries about IT and Custom solutions on your IT needs, contact us and let us be part of your story.

Also, check out our cabling services!

Why Patch Management is Important in 2019 and Beyond

why patch management is important in 2019 and beyond

It might seem plausible for IT managers to believe 2019 was a particularly bad year for patch management issues, thinking perhaps they’ll finally be able to focus on other “more important” security issues in 2020 and beyond, but that is not at all realistic.

In fact, as both employers and employees alike find new ways to harness technologies that help to increase productivity and grow their business, the expansion of new hardware and software options will continue to explode. Of course, along with each new application and device there are invariably imperfections that must be patched. The sooner a business comes to terms with the fact that having a comprehensive patch management system is the price they’ll have to pay to take advantage of new technologies, the sooner their corporate data will become safer and more secure.

Is Patch Management Really That Important?

Many people think the majority of security issues arise from a cyber criminal stealthily creeping through their personal information looking for passwords or social security numbers. In reality, the majority of data breaches (57%) occur from vulnerabilities due to poor patch management practices. Considering the explosion in applications, smart devices, operating system versions, etc., it’s no wonder companies feel overwhelmed and unable to patch security holes fast enough to keep up with all the threats.

A recent survey of 3,000 cyber professionals across the globe, reported 48% experienced a security breach within the past 2 years, with poor patching processes as one of the main reasons for the attacks.  

Things to Look For in a Strategic PM Solution

With these sobering statistics, it becomes much easier to see that poor patch management is a serious issue within the business community. The fact that poor patching procedures often leads to cyber breaches should be a wake up call for those following little or no protocol. Companies who want to reduce their risk of encountering a costly and devastating security breach need to gain the upper hand on this often neglected area by developing a sound plan. Of course, larger companies can afford to hire a complete staff to develop and manage a PM solution, however smaller companies often need to look to an external vendor for help.

When researching vendors who have such solutions, it’s important to consider whether their plan incorporates the entire patch management lifecycle. The basic structure of the life cycle is as follows:

  1. Discovery – assess all technology use
  2. Categorize and prioritize – people, devices, processes, etc.
  3. Create a patch policy – (and keep it updated)
  4. Institute monitoring processes for new patches
  5. Patch test in non-production environment
  6. Manage associated configurations
  7. Patch rollout
  8. Audit results of patch rollouts
  9. Reporting and analysis of results
  10. Repeated review of life cycle for optimization 

Getting Started 

Companies who are beginning to realize they need to take a more serious approach to focusing on and organizing their patch rollouts, can also benefit by taking these additional steps that will help them get on the right track. Start by applying patches for those risks labeled as critical. Develop and implement a data backup and recovery plan. Decide to make a proactive patch management philosophy (and practice) a core component of your technology security strategy.

Centralize and automate the patch application process by employing automated patch software. Evaluate employee end-user rights and only give admin rights to those deemed absolutely necessary. Regularly patch and update the preconfigured computer template used when onboarding new employees. That way new employees will automatically have all the latest operating system patches, along with those for business applications, software, privileges, and other important settings.

If you would like more information on developing and implementing a solid patch management solution for your business, please contact us!