Security Behaviour Database
/

Privacy Violation

A privacy violation occurs when an unintended person learns about someone elses private information.


Behaviours

Adding security extensions to browsers

Adding security extensions to browsers

Security/Privacy extensions can increase the security and privacy of a web browser. Extensions such as uBlock ...

Using a webcam cover

Using a webcam cover

Devices that have been compromised can have their webcams accessed. To limit further breaches to privacy and data, ...

Clearing cookies regularly

Clearing cookies regularly

Cookies store data. Some cookies may also be malicious. Regularly clearing cookies prevents risks such as data ...

Reviewing privacy settings and permissions for apps and online services

Reviewing privacy settings and permissions for apps and online services

Some apps and online services will request information from devices for use. Reviewing privacy settings and ...

Reviewing social media privacy settings

Reviewing social media privacy settings

Privacy settings on social media accounts should be reviewed regularly to make sure personal data is not exposed ...

Removing personal details from the open voters register

Removing personal details from the open voters register

Unless removed, a UK voter’s information is listed on the public electoral register, increasing digital footprint ...

Using private browsing windows

Using private browsing windows

If workplace devices are shared between colleagues, private browsing should be enabled by default. This means ...

Requesting personal photos or information are removed

Requesting personal photos or information are removed

Photos posted online without consent can increase digital exposure. Taking steps to remove sensitive photos posted ...

Case study

Grubman Shire Meiselas & Sacks

In 2020, a high-profile law firm suffered a major cyber attack that exposed private information relating to clients including Madonna and Lady Gaga.

A group of hackers stole 756 gigabytes of files from Grubman Shire Meiselas & Sacks. The files included legal paperwork such as project contracts, confidentiality agreements, promotional materials and reimbursements.

The hackers demanded a $21 million ransom, which the firm refused to pay. As a result, the hackers leaked some of the stolen information. When news of the hack became public, the group demanded a fresh $42 million ransom while threatening to reveal further sensitive information relating to the US president Donald Trump.

Grubman Shire Meiselas & Sacks worked with law enforcement agencies and security experts, and announced that it would not be paying the attackers. It also said it would consult with cyber security specialists to improve the security of its company records and track future unauthorised asset access.

NordVPN1 2019

In 2019, NordVPN, a virtual private network provider that promised to “protect your privacy online”, suffered a data breach.

Despite their “zero logs” policy that stated NordVPN did not track, collect, or share private data, the breach left NordVPN’s customer records exposed.

The hack fully compromised NordVPN’s remote management system. In theory, criminals could have used the data they accessed to create a fake NordVPN website and monitor user traffic, violating the “private” browsing NordVPN promised its customers.

When informed about the hack, NordVPN immediately shut down the insecure server and disabled resulting compromised security keys. It also partnered with cyber security specialists to strengthen penetration testing, intrusion handling and source code analysis.

Yahoo, 2019

In 2019, a disgruntled ex-Yahoo employee hacked into his colleagues’ accounts and accessed their personal information.

Soon after Reyes Daniel Ruiz lost his job at Yahoo, he took advantage of the privileged access he still had and hacked into 6,000 Yahoo accounts, including those of his colleagues and friends. He further took advantage of people’s tendency to reuse passwords, hacking into accounts on Apple iCloud, Dropbox, Facebook and Gmail. After searching these accounts for sensitive images and videos, Reyes copied the stolen information to his personal computer.

Yahoo quickly noticed the suspicious account activity and traced the breaches to Reyes, who then destroyed his computer and drives, thus erasing the evidence of the stolen data. He pled guilty for his crimes and was sentenced to probation and home confinement.

Speaking about the incident, Yahoo representatives urged users to reset their passwords, avoid using the same password across multiple accounts, and enable multi-factor authentication on their devices.

SebDB is brought to you byCybSafe| © 2020 CybSafe Ltd