Two major user platforms fell victim to data breaches in the last thirty days: streaming service Twitch and investment tool Robinhood.
Apps and user platforms come with special considerations when it comes to cybersecurity; research shows that, worldwide, over 11 million mobile devices may contain malicious code at any given time.
Taking a look at these two major attacks will bring clarity as to how human attacks, as well as misconfigured data, can lead to breaches.
Robinhood Investment Platform Hacked Through Social Engineering Attack
Robinhood confirmed that they had experienced a data breach near the beginning of November. The company states that they were hacked through a social engineering breach carried out on one of their phone employees. The unauthorized party was able to gain access to over five million email addresses and over two million full names. They were also able to access more specific information, like addresses, zip codes, and full names, for a much smaller group of users. The platform, however, assures that no users’ social security numbers, credit card information or bank information were leaked. Experts warn that, although no information was leaked that could cause immediate financial loss, access to information could lead to further phishing and social engineering attacks.
The unauthorized party demanded an extortion, and the platform has informed the appropriate authorities. Robinhood implores users to keep their account secure by updating their security settings regularly.
Streaming Platform, Twitch, Suffers Major Data Breach Due to Configuration Error
Twitch confirmed, near the beginning of October, that it had suffered a data breach. The unauthorized party accessed the platform’s source code after it was unwittingly exposed to the internet because of an error during a server configuration change. While no login credentials or credit card information were exposed, creator payouts were exposed and subsequently posted anonymously to the message board platform, 4chan.
Although the unauthorized party made a statement indicating foul intent, and claimed that this leak was only the beginning, Twitch is unsure as to what information the party was able to gain access. The attack seemed to have focused more on the platform’s tools, rather than personal account information. In an update, Twitch announced that streaming keys, the code which allows content creators to import the platform information through their broadcasting software, would be reset out of an abundance of caution.
Protect Your Platforms from Data Breaches and Attacks
Platform breaches bring swarms of negative attention and loss of trust among users. It is important to protect your users’ data with cybersecurity. Excedeo offers cybersecurity solutions to keep your platform safe from the many angles through which unauthorized parties hunt your information.
Sign up for a free cybersecurity assessment and test the strength of your cybersecurity. Consider consulting with Excedeo to get the best offer for your company. Take control of the safety of your technology.
As a Microsoft Partner and Cloud Solution Provider (CSP), Excedeo’s suite of scalable solutions covers everything from servers and network infrastructure to computers, workstations, and mobile devices—providing adaptable, stress-free end-to-end solutions regardless of your business model. Our smart design and passion for helping growth-stage organizations allows us to offer enterprise-level solutions at prices that work for small to medium-sized businesses.