Alipay reminds Apple that its user ID has been stolen, and the privacy and security of technology giants ring alarm bells frequently
Our reporter Yang Qingqing reports from Beijing
Introduction
According to a recent Sophos survey, two-thirds of IT executives do not understand anti exploit technology, which puts the company at risk of data leakage.
The user privacy of technology giants has not changed.
On October 10, Alipay issued a security alert on the official microblog, saying that it had detected that some Apple users' IDs had been stolen, resulting in a loss of funds related to ID bound payment tools. In the statement, Alipay said that it had contacted Apple to locate the reason for the theft as soon as possible, and suggested that users reduce the amount of secret free payment to maximize the security of Alipay accounts.
In addition to the suspected theft of Apple's user ID, other technology giants are also frequently exposed to the theft of user data. Recently, Facebook data was hacked again, and 50 million account information was leaked. Hackers can see all personal information of the account, including the identity information of family members and friends, as well as personal privacy photos.
And technology companies are still facing scandals due to related problems. On October 8, Eastern Time, the Wall Street Journal reported that Google's internal investigation this spring found a software vulnerability that could lead to hundreds of thousands of users' private data, and then concealed it from the public. Alphabet, the parent company of Google, announced a series of user privacy protection policies, including gradually closing the consumer version of Google+within ten months.
"Threats in the network environment are constantly escalating and evolving. The threat situation is developing rapidly, and the scope of influence is constantly expanding, showing different characteristics." Xu Kaiyong, general manager of NETSCOUT Arbor in mainland China and Hong Kong, told 21st Century Business Herald, "In the first half of 2018, we observed about 2.8 billion attacks. From 2017 to 2018, the scale and scope of attacks expanded dramatically. ”
Frequent safety problems
On October 10, Alipay publicly announced that Apple users' IDs had been stolen. "At present, Apple has contacted Apple for many times and urged it to locate the cause of the theft as soon as possible, improve the level of security, and thoroughly solve the problem of user rights and interests loss. Apple has replied that it is actively solving the problem."
The reporter of 21st Century Business Herald learned from Alipay that the theft was caused by the theft of Apple's user ID, but it is unclear why it was stolen and whether it is related to Alipay. "No more replies for the time being, subject to our official WeChat reply," Alipay related people told the 21st Century Business Herald reporter, "but one thing needs to be clear is that the ID account of Apple users has been stolen, which means that any payment method may cause asset loss."
Therefore, Alipay suggests that users reduce the amount of secret free payment of Apple Pay on the premise of ensuring convenience, so as to protect the capital security of Alipay account to the maximum extent. If the user finds a problem with Apple's payment account, Alipay suggests that the user contact Apple's official customer service.
This is not the only case of user data leakage of technology giants recently. Recently, Facebook data was hacked and 50 million account information was leaked. Hackers can see all the personal information of these accounts, including the identity information of their family members and friends, and personal privacy photos are also at a glance.
In addition, hackers can also use the Facebook synchronous login function to log in to users' other social software, such as Instagram, Airbnb, and so on. It is understood that the main reason for this information disclosure is that the hacker used several bugs in the website code to trick the website to send the account digital key to the personal account.
It is unclear where the hacker attack came from and how much damage these data will cause to the parties involved. However, according to the new General Data Protection Regulations (GDPR), which came into effect in May this year, once Facebook is confirmed to have found problems and failed to take measures, it will be deemed to have violated the privacy law and be fined a huge amount. Facebook may be fined $1.63 billion based on its sales of $40.65 billion last year.
The consumer version of Google+will also be closed recently. On October 8, Eastern Time, the Wall Street Journal reported that Google found in its internal investigation this spring that a software vulnerability might lead external developers to gain private data from hundreds of thousands of Google+users. Although Google later fixed this loophole, it chose to hide it from the public because it feared that data leakage would trigger strict regulatory review and affect the company's reputation.
"In the current society, leakage events are often caused by coordinated attacks, which can cost enterprises up to 100 million dollars. After the leakage event, the stock price drops by 1.8% on average." Shi Qin, president of Veeam China, told 21st Century Business Herald, "Since 2013, seven stock exchanges around the world have publicly disclosed more than 200 leakage events, 65 of which are considered catastrophic. The leaked information is usually the information of enterprise users. This may lead to fraud and more complex attacks, all of which will make consumers have a negative view of the leaked enterprise brand."
Coping with difficulties
The recent user data leakage is just a microcosm of the long history of user privacy violations. In March this year, Facebook was questioned by the public about its involvement in Cambridge Analytics' improper access to users' personal information. For this reason, Facebook CEO Zuckerberg had to accept the hearing investigation of the US Congress and the collective inquiry of the European Parliament.
Xu Kaiyong introduced to the 21st Century Business Herald reporter that in the first half of 2018, DDoS (distributed denial of service attack) has entered the TB era, and in February this year, the largest DDoS attack (1.7TB DDoS attack) so far occurred. In addition, the scale and scope of attacks have increased dramatically. In the first half of 2018, the scale of the largest DDoS attack increased by 174% compared with the same period in 2017.
At the same time, the APT (Advanced Persistent Threat) organization has expanded beyond the traditional field, and criminal software developers have also diversified their attack methods. "Inspired by WannaCry and other worm attacks in 2017, major criminal software groups added worm modules to other malware with clear targets, such as certificate theft or traditional loaders."
According to a recent Sophos survey, two-thirds of IT executives do not understand anti vulnerability technology, which puts the company at risk of data leakage. Once the network criminals enter the enterprise network, they will lock and take over the server through continuous horizontal activities to obtain important data inside, such as personal identification information (PII), bank, tax, salary and other financial records, and even patent intellectual property and shared applications.
Xu Kaiyong revealed that the above information can be sold on the dark network, or used for other types of attacks and profit ways. Servers can also be damaged by ransomware and general cyber attacks. Because the server has key data, server attacks are more destructive than endpoint attacks.
In May, GDPR came into effect, which sounded an alarm for many enterprises. "According to the requirements of GDPR's notification of data leakage, enterprises must notify relevant departments within 72 hours of discovering data leakage. However, after data leakage occurs, enterprises often struggle to cooperate with various investigations and take remedial measures. Therefore, 72 hours is likely to pass in a flash," Shi Qin said.
Therefore, Shi Qin suggested that the enterprise should formulate a reasonable plan in advance. In this way, once data leakage occurs in the future, enterprises can quickly detect, report and take relevant measures. If necessary, various software tools need to be used as assistance.
"Many enterprises' endpoint policies ignore the point that servers are key infrastructure facilities. It is not enough for enterprises to only install traditional endpoint protection schemes for servers, because server protection requires more tools and functions, such as cloud load detection for public clouds such as Microsoft Azure and Amazon Web Services, and reducing the risk of idle or forgotten IT assets. ”Dan Schiappa, Senior Vice President and General Manager of Sophos Product Department, pointed out to the 21st Century Business Herald that "the exclusive server protection scheme is an important part of reducing the risk of data leakage and establishing a successful multi-layer security strategy."
Editor in charge: Li Feng
