We have been observing an evolution in hackers’ tactics from going after data that could be directly monetized, such as payment card data, to going after data that can be monetized indirectly through extortion, such as the Ashley Madison data. The hack of Brazzers porn site is similar to the Ashley Madison hack in that the real opportunity for monetization lies not in the intrinsic value of the data itself, but in the opportunity to use the data to embarrass and extort others into paying money to keep it secret.
The data dump from the hackers includes email addresses, user names and passwords spelled out in plain text, which can certainly lead to embarrassment for those who would not want their spouses, significant others, co-workers, employers, employees, parents, children, pastors, congregation, or constituents to know they are members of such a site. But, it gets worse. This wasn’t just a porn site, it was a forum that porn fans used for discussing their favorite porn scenes, favorite performers, and their own fantasies. (Brazzers porn account holders exposed by hackers – BBC News)
As I have said before (The Art of Data Security: How Sun Tzu Masterminded the Home Depot Data Breach), hackers are constantly changing their tactics and always working to stay one step ahead of companies and their cybersecurity efforts. This should be expected. What does this mean for your business?
In the old days, like mid-2014 before hackers hit Sony and exposed its executives’ embarrassing emails, many companies believed that all they really needed to protect was their data that could be directly monetized.
#SonyHack: Will Executives’ Embarrassing Emails Better Motivate Cybersecurity Change?
#SonyHack shows there are no “safe secrets” in the corporate world – what do you do?
Learning From the Sony Hack: Where Do We Die First?
That has all changed. Of course, hackers will still gladly accept any data that your company has that can be directly monetized. They will also gladly take data that can be indirectly monetized in any way they can think of using it.
Looking at the techniques used in the Sony, Ashley Madison, and Brazzers hacks, the most obvious thing to think about is data that could lead to embarrassment and extortion. But that is just the beginning. While you are reading this, some hacker, somewhere, is thinking of how he will take it to the next level and use something against you that you have never even considered.
He’s thinking about it 24/7 — are you?
Let’s talk.
Leave a comment