Equifax breach is a boon for Symantec’s LifeLock service

Updated 6 hours ago

Shortly before Equifax revealed last week that it had been hacked, Fran Rosch got a call. The Symantec executive was vacationing in Maine, visiting his parents, when an Equifax representative telephoned to say sensitive information about 143 million Americans had been put at risk.

Armed with information only a handful of people had at the time, Rosch mobilized the rapid response team at LifeLock, the identity-theft protection service owned by Symantec. This included member services, legal counsel, product development, marketing and public-relations staff, he said.

Rosch knew the company would receive an onslaught of calls and sign-ups in the coming days — far greater than anything it had experienced before. And he was right.

“It was crazy,” said Rosch, the executive vice president and general manager of consumer business at Symantec. “It has been like an earthquake.”

Since news of the breach, LifeLock has seen six times its usual web traffic and the company is enrolling 10 times as many new customers every hour than before the attack was disclosed. “We’re over 100,000 new members and counting since the breach,” Rosch said. “Most are paying the full price, rather than discounts. It’s a really incredible response from the market.”

The stock price reflects Wall Street’s enthusiasm: Symantec shares are up about 10 percent since the Equifax hack was brought to light.

While much of the traffic to LifeLock’s site is organic, Rosch did say that the company purchased search terms associated with Equifax and the breach. A Google search for “Equifax hack” yields an advertisement for LifeLock at the top of the page.

“When we look back at the biggest breach, that was Anthem,” Rosch said. In the four days after Equifax’s penetration became public, LifeLock’s new sign-ups surpassed by several times its typical numbers. “This is an unprecedented event,” Rosch said. “It’s a whole different scale.”

New customers signing up as a result of the breach are, on average, 10 years younger than the service’s typical user, he said. They also tend to purchase the premium plan, which runs $29.99 per month, compared with the standard $9.99 monthly plan.

In addition to new customers calling to sign up, existing LifeLock customers are taking to the phones to find out what they should do in the aftermath of the hack. LifeLock updated its website to provide general information on the breach, but has had to triple the number of phone representatives it usually has to deal with the influx. Customer service representatives who work on other Symantec products, such as Norton AntiVirus, were trained to handle LifeLock calls to provide overflow support, and a third-party customer service partner is also fielding calls.

Though the number of inquiries and sign-ups is skyrocketing, Rosch said LifeLock hasn’t seen a notable increase in users calling to report identity theft and seek identity restoration services. “They know we’re all now watching, vigilant,” Rosch said of the hackers. “They’re going to keep a low profile for a little bit, maybe even for a year, while people have free credit monitoring in place. They’ll strike when we’re not looking.”

In the coming weeks, LifeLock plans to launch a television ad campaign discussing the Equifax breach. “This is a challenge we’ll live with for a long time to come,” Rosch said. “It’s also a great business opportunity for Symantec.”

Equifax Breach to Lift Three Stocks

Sept. 12, 2017 3:41 p.m. ET

Piper Jaffray

After the market close Thursday,


Equifax



EFX 2.510608203677511%



Equifax Inc.


U.S.: NYSE


USD115.96


2.84
2.510608203677511%



/Date(1505250035941-0500)/


Volume (Delayed 15m)
:
6896287



AFTER HOURS



USD116.15


0.190000000000012
0.1638496033114867%


Volume (Delayed 15m)
:
41949




P/E Ratio
24.56779661016949

Market Cap
13616594214.8917


Dividend Yield
1.345291479820628%

Rev. per Employee
346747









More quote details and news »


announced a cybersecurity breach that could impact 143 million U.S. consumers, which equates to roughly 44% of the U.S. population.

The market is responding positively for cyber-security names, including


Symantec



SYMC 2.9923664122137406%



Symantec Corp.


U.S.: Nasdaq


USD33.73


0.98
2.9923664122137406%



/Date(1505250000269-0500)/


Volume (Delayed 15m)
:
9529386



AFTER HOURS



USD33.95


0.220000000000006
0.6522383634746517%


Volume (Delayed 15m)
:
410000




P/E Ratio
N/A

Market Cap
20126184280.3955


Dividend Yield
0.8894159501927068%

Rev. per Employee
331538









More quote details and news »


(ticker: SYMC), which should see a benefit to its LifeLock business.


FireEye’s



FEYE 0.6093845216331505%



FireEye Inc.


U.S.: Nasdaq


USD16.51


0.1
0.6093845216331505%



/Date(1505250000428-0500)/


Volume (Delayed 15m)
:
5352706



AFTER HOURS



USD16.5


-0.0100000000000016
-0.06056935190793458%


Volume (Delayed 15m)
:
54791




P/E Ratio
N/A

Market Cap
2989376840.18433


Dividend Yield
N/A

Rev. per Employee
251833









More quote details and news »


(FEYE) Mandiant has also been reported to have been contracted to investigate the breach. We believe mega-breaches like Equifax (EFX) not only create awareness for the security space, but typically result in an increase in spending by enterprises. Our top picks remain


Proofpoint



PFPT -1.2501370764338195%



Proofpoint Inc.


U.S.: Nasdaq


USD90.05


-1.14
-1.2501370764338195%



/Date(1505250000212-0500)/


Volume (Delayed 15m)
:
543758



AFTER HOURS



USD90.05



%


Volume (Delayed 15m)
:
1801




P/E Ratio
N/A

Market Cap
4051115788.88702


Dividend Yield
N/A

Rev. per Employee
281099









More quote details and news »


(PFPT) and Symantec.

Equifax’s breach occurred between mid-May and July. Customers’ names, Social Security numbers, birth dates, addresses and driver’s license numbers were stolen from the database, with an estimated 209,000 stolen credit-card numbers as well.

This breach is different than many of the other megabreaches we have seen. According to Mark Lanterman, a cyber-security expert and chief executive of Computer Forensic Services, the data stolen in this breach has no shelf life. Unlike credit-card numbers which can be easily cancelled, personal information such as SSN, birth dates, etc. do not change and can be sold and exploited for years. Mr. Lanterman said the data stolen in this breach are already being sold on the dark web for upwards of $1,000, whereas credit-card data typically only fetches $5-$25 per card number.

We believe the Equifax breach brings into question the credibility of using the Equifax credit-monitoring services over other competing services such as LifeLock. With pricing that is largely in line with LifeLock, we believe the breach will result in significant market-share losses going forward for Equifax.

Equifax offers a number of credit monitoring and identity-theft protection services, similar to Symantec’s LifeLock. Equifax’s solutions were launched in 2008, which include ID Patrol for $16.95 a month and ID Patrol Premier for $19.95 a month. The two services are similarly priced to LifeLock, which currently sells the Standard plan for $9.99 a month, Advantage for $19.99 a month and Ultimate Plus for $29.99 a month. The LifeLock plans not only include real-time credit monitoring, but also provide liability compensation and other services.

As is the case with most major breaches, it is being reported that FireEye’s Mandiant incident response team has been contracted to investigate and clean up the breach (according to ZDNET). This should be a positive for FireEye, as incident-response engagement typically results in product sales afterward.

According to Mark Lanterman, he believes the Equifax breach likely started via an email containing a malicious link or attachment. This is consistent with what Proofpoint said last week at their Analyst Day, where 90%-plus of sophisticated attacks target people, largely via email. Proofpoint is one of the only email-security solutions that can detect malicious links and attachments.

— Andrew J. Nowinski
— James E. Fish

The opinions contained in Investors’ Soapbox in no way represent those of Barrons.com or Dow Jones & Company, Inc. The opinions expressed are those of the newsletter’s writer(s) or analysts at research firms. Some of the research firms have provided, or hope to provide, investment-banking or other services to the companies being analyzed.

Comments? E-mail us at online.editors@barrons.com

3 Hot Cybersecurity Stocks in Focus Post Equifax Inc. (EFX) Data Breach

Cybersecurity stocks were seen soaring last Friday, after Equifax Inc. (NYSE:EFX) reported a massive data breach. Per the company, highly sensitive personal data of approximately 143 million consumers has been stolen from its database. Reportedly, nearly two-third of the adult U.S. population has been affected due to this cyber attack.

3 Hot Cybersecurity Stocks in Focus Post Equifax Inc. (EFX) Data Breach

The company late last Thursday announced that a data breach occurred between mid-May and July this year, which was discovered on Jul 29. Apart from some sensitive personal information, hackers have stolen credit card numbers of about 209,000 U.S. consumers and “certain dispute documents with personal identifying information” of nearly 182,000 U.S. consumers.

This is not the first instance when consumer data has been stolen from a company’s data base. However, sensitivity of the information exposed in Equifax’s data breach case makes it one of the worst in recent times. The latest data breach at the company will likely have a lasting impact as criminals can use the stolen resources for opening new accounts, applying for credit cards or loans, buying insurance, renting an apartment or even for tax frauds.

Shares of Equifax plunged nearly 14% last Friday after news of the cyber attack surfaced.

Cybersecurity Stocks Soar

The recent cyber attack at Equifax proved that most organizations across the world lack proper security measures.

Nonetheless, believe it or not, there is a positive side to this episode.  A cyber attack is good news for cybersecurity companies because it increases the chances of security-related purchases by the companies and governments. Hence, investors flock to these shares, shooting up share prices.

Equifax’s Thursday’s announcement gave a sharp boost to cybersecurity stocks, particularly identity protection security providers.

Symantec Corporation (NASDAQ:SYMC), which has been enhancing its identity-theft protection capabilities through acquisitions like LifeLock, gained the most with its shares witnessing a 3.4% rise.

This was followed by FireEye Inc (NASDAQ:FEYE), which is specialized in providing web security, email security, file security and malware analysis. The stock gained 1.5% last Friday.

Another cybersecurity company, Proofpoint Inc (NASDAQ:PFPT), went up 5.8% during trading hours. But it lost its momentum later to close at just 0.3% higher. The company is one of the leading security-as-a-service providers and focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications.

Fresh Boost for Security Stocks

So far, the year 2017 has witnessed massive cyber attacks, including the two ransomware attacks — WannaCrypt or WannaCry in May and Petya in June — which created global havoc. However, the silver lining to this entire episode will be the further rise in demand for security-related products among enterprises and governments across the world. This is anticipated to drive share prices to new highs in the rest of 2017.

Furthermore, with rapid technological advancement, organizations are increasingly adopting the “bring your own device” (BYOD) policy to enhance employee productivity with anytime/anywhere access. This trend, in turn, calls for stricter data security measures.

We believe the urgency for stricter security measures will compel enterprises, as well as governments to increase spending on cyber security software. According to a Markets and Markets report, worldwide cybersecurity spending will likely reach $101 billion in 2018 and $170 billion by 2020.

Next Page

Equifax’s Massive Data Breach Focuses Attention on Symantec’s LifeLock

The breach at Equifax (EFX) that’s jeopardized Social Security numbers and other sensitive data for 143 million people in the U.S. looks to be good news for cybersecurity firm Symantec Corp.  (SYMC) .

Consumers have been frantically Googling for information on Symantec’s LifeLock consumer identity theft protection unit, according to Credit Suisse analyst Brad Zelnick, who analyzed search trends from Alphabet Inc. (GOOGL) .

“Google trends data for ‘LifeLock’ suggest a surge in demand following the Equifax breach, exceeding the previous peak in 2015 associated with the Anthem (ANTM) Breach,” Zelnick wrote. People are actually searching more for “LifeLock” than for “identity theft,” he noted. “Since 2012 this inversion has only occurred eight times,” Zelnick added. 

Customers provide LifeLock with their Social Security number, birthdate and other data, and the company scans for credit applications, mortgage loan applications, address changes and other signs of identity theft. Plans range in cost from $9.99 per month for coverage of up to $25,000 for stolen funds and monitoring one bureau, to $29.99 a month for coverage up to $1 million, beefed-up alerts and monitoring of the three big credit bureaus.

Shares of LiefLock parent Symantec Corp. gained 1% to $31.96 on Monday, after rising 3.4% on Friday. Symantec purchased LifeLock for $2.3 billion in February to boost its consumer business.

Meanwhile, Equifax Inc. dropped 3.4% to $119.20 on Monday morning, following a nearly 14% plunge as news of the massive data breach sparked widespread concerns about the security of customers’ sensitive data.

You get a stolen identity! And you get a stolen identity! Everybody gets a stolen identity!#Equifax #equifaxbreach pic.twitter.com/hIj5IaDu3M

— [JiggleBillyHobo] (@beta2070) September 8, 2017

Equifax itself provides identity theft protection, and offered 12 months of that service for free to U.S. customers, albeit with the condition that not sue the company and instead agree to one-to-one arbitration.

Trends associated with previous breaches suggest that LifeLock will benefit from the breach. The identity theft protection company’s strongest customer gains ever came in the first quarter of 2015, following news of a massive data theft from insurer Anthem. 

Equifax’s breach could produce similar results. Zelnick expects LifeLock to add 450,000 net customers in the third quarter, lifting its total to more than five million customers for the first time.

Alphabet is a holding in Jim Cramer’s Action Alerts PLUS Charitable Trust Portfolio. Want to be alerted before Cramer buys or sells GOOGL? Learn more now.

More of What’s Trending on TheStreet:

Symantec, Proofpoint Shares Rise On Equifax Data Breach | Stock News & Stock Market Analysis

Computer security stocks rose after credit score service Equifax (EFX) late Thursday announced a major cybersecurity breach exposed up to 143 million U.S. consumers.

Proofpoint (PFPT) broke out of a flat base and surged into buy territory by rising 4% to 95.65. FireEye (FEYE) was up 2.4% to 16.15 in early trading in the stock market today. And Symantec (SYMC) climbed 3% to 31.55.

“We view FireEye and Proofpoint as most positively exposed to breach-related spend,” said Walter Pritchard, a Citigroup analyst in a report. “Also, Symantec’s Lifelock business sells identity protection services and with a credit bureau breached, they could be a beneficiary. Equifax competes with Symantec in this market with its ID Patrol offering and Equifax’s ability to compete could be impacted by this news.”

FireEye provides web, email and malware security software to businesses and government agencies. Sunnyvale, Calif.-based Proofpoint specializes in email and data loss protection for corporate networks and cloud-computing infrastructure.


IBD’S TAKE: If you want to understand the state of the market, pay attention to the major averages and leading stocks. Read IBD’s Stock Market Today columns throughout the market day, and the end-of-day The Big Picture (take a free trial) for timely market analysis and highlighted growth stocks breaking out of proper bases.


Equifax said the breach occurred from mid-May to July 2017.

Equifax said it found no evidence of unauthorized use of its core consumer or commercial credit reporting databases. The data hackers accessed names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

Credit card numbers for about 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were also exposed.

RELATED:

Where Are The Early Investing Hot Spots In Artificial Intelligence?

FireEye’s Helix Platform Could Ignite Its Stock, Says Analyst

Palo Alto Networks Soars On Earnings As Analysts Raise Price Targets

Has Cisco Systems Got Its Groove Back Through Cybersecurity?

Reliance Jio data breach, Motorola Moto E4 launch, Asus ZenFone AR launch, and more

As the week draws to a close, here we take a look at what rocked the world of technology the past few days. It was an interesting week for India in terms of technology. We saw a few launches and then came the Amazon Prime Day Sale, a first for the country. The sale saw some great numbers and also maximum Indians opting for Prime membership as compared to any other month in the past. As always, this week too was peppered with leaks of Samsung Galaxy Note 8 and Apple iPhone 8, with Google Pixel XL 2 joining the party. And while we got a glimpse at the upcoming Jio feature phone in a leak, Reliance Jio made headlines for all the wrong reasons.

The week started with news of the Reliance Jio data hack filtering in. Many Twitter users began to talk of a site called Magicapk, which had reportedly hacked into Reliance data servers and made all information public. On entering the mobile number, all data connected to the Jio number would be revealed. Some users could even see their Aadhaar numbers, but for the majority, the leak was restricted to the phone number, full name, circle. While Reliance Jio staunchly denied all claims of a hack and maintained that the data presented was not authentic, a police complaint filed to that effect proved otherwise.

Motorola announced the Moto E4 and Moto E4 Plus smartphones in the country. Both the devices are budget smartphones and take on competition from the Chinese manufacturers. The smartphones, exclusive to Flipkart India, have already seen over one million sales within 24 hours of launch. In terms of specifications, both the smartphones are powered by MediaTek processors and come with large battery life. The Motorola Moto E4 is priced at Rs 8,999 and the Motorola Moto E4 Plus is priced at Rs 9,999 in India.

Apart from the budget Motorola devices, the premium Asus ZenFone AR also debuted in the country. The smartphone is the first Tango-based phone in the country and also supports Daydream VR. The smartphone is priced at Rs 49,999 and will take on some of the top flagship smartphones in India. Asus ZenFone AR is the first smartphone with three rear cameras to create the 3D effect. Asus first announced the ZenFone AR at CES 2017 and the device has come to India pretty late. Apart from the camera, the phone has no outstanding features.

India has surpassed USA when it comes to Facebook user base. it is a significant news for Indians as, despite a high population, data penetration and internet literacy still remain restricted to only specific regions. India is ahead of the US by nearly 1 million – a massive number. Out of the total 2 billion active user base the social media giant has, nearly 184 million are Indians. And even as Indians are taking more and more to digital platforms, Paytm, India’s largest waller service is looking at expanding. After entering the ticketing space Paytm is now reportedly acquired Insider.in and is in talks with BigBasket to acquire their services and expand further.

Reliance Jio data breach

Motorola Moto E4 and Moto E4 Plus

Asus ZenFone AR

Indian users surpass USA on Facebook

Paytm: Big Basket and Insider.in tie-up

How Worried Should You Be About That 198 Million Voter Data Breach?

The recent news that a conservative data analytics firm left 198 million voter records unsecured online for nearly two weeks should give every American pause, particularly at a time when intelligence officials say the Russian government actively seeks to undermine American elections.

This particular breach, discovered by researcher Chris Vickery, exposed 1.1 terabytes of personal information compiled by Deep Root Analytics, a company that analyzes not just basic data like names and addresses, but also scores how particular voters feel about a range of political issues, from gun control to offshoring in the auto industry. Vickery’s discovery illustrates how poorly organizations safeguard sensitive information. But it also shows just how much information those groups have access to–and raises serious questions about what a nefarious actor could do with it. Perhaps the scariest part though is how much of this information already exists in the public domain.

Public Data

Since November, suspicion has mounted about whether the Trump campaign somehow colluded with Russian actors to influence American voters. More recently, members of the House and Senate have wondered aloud and in secret whether the Trump data operation, run by the firm Cambridge Analytica, somehow fed information on which voters were most persuadable to the Russians. CNN reported just last week, in fact, that the House’s Russia investigators want to call Trump’s former digital director Brad Parscale to testify. (Parscale told the Wall Street Journal he has received no such invitation).

These questions have not amounted to anything beyond speculation. And yet, Vickery’s discovery serves as a sober reminder that deeply personal information on the American electorate is already all too easy to find. In this particular case, Deep Root Analytics says a change in its security settings made the database publicly accessible for 12 days, beginning June 1.

It sounds scary, and it’s certainly not ideal. But surprisingly enough, much of that data already lives in the public domain, making it relatively simple for anyone with bad intentions to weaponize it, exposed database or not.

“For an outside actor, with a big list of names and addresses and political scores? You could act like a super PAC and target their voters with messaging and misinformation,” says Michael Slaby, former chief innovation officer for President Obama’s 2012 campaign. “But you could pretty much do that without all this.”

It’s true. In some states, like Ohio, you can, right at this very moment, download the names and addresses of every voter at the state, county, and congressional-district level. Social media platforms like Facebook and Twitter make it easy to target ads to people within that voter file, and to create audiences based on how Facebook understands their preferences.

Of course, advertising on Facebook creates the kind of paper trail that bad actors would probably like to avoid, which makes the likelihood of Russians buying targeted ads to spread misinformation on Facebook seem even less plausible. “Even if Russia had the data, I’ve never heard of a way where you can target voters without a paid political ad,” said one Republican digital strategist.

Data Spill

That’s not to say you shouldn’t find Deep Root’s breach deeply troubling. Several Republican data operatives who agreed to speak on the condition of anonymity described the breach as alternatively “baffling,” “bullshit,” and “everybody’s worst nightmare.” Yes, the treasure trove of information Vickery unearthed included the most basic details, compiled by the Republican vendor Data Trust. But it also revealed what data experts consider their special sauce: the scores they assign each voter based on that person’s feelings about a given political issue. In this case, those scores were generated by another vendor working with the Republican National Committee called TargetPoint.

Data companies base those scores on so-called “hard identifications,” political lingo for the information campaigns gleaned from door knocks, phone calls, surveys, and other voter contacts. That can include anything from emails to a person’s candidate preference to their thoughts on a battery of political issues. Data firms then take those tidy details and use them to build models that predict how similar voters might feel about a given candidate or issue. Though Vickery didn’t access the models themselves, he did find a mass of voter scores that were relatively easy to understand, and free for the taking.

“The purpose of modeling is to figure out who to talk to and what to say to them,” one Republican data operative said. “This kind of takes the work out of it.”

Given that Deep Root’s data only sat exposed after the election, and for a temporary period at that, it wouldn’t have been used to improperly impact the 2016 campaign. Still, it’s unclear who besides Vickery may have accessed the information for future use. In response to a question about whether Deep Root had enabled Amazon CloudTrail, which would have tracked any APIs that accessed the database during that period, a Deep Root spokesperson said the company had hired the cybersecurity firm Stroz Friedburg to investigate the breach.

For technologists who have worked in politics, this lapse on Deep Root’s part is troubling, but not altogether surprising, given the hasty nature of so many campaigns. “People come at it with a need for speed,” said one GOP operative. “In some cases, without having the background in security, they cut corners.”

That’s true for both Republicans and Democrats, who, of course, had their fair share of security nightmares to deal with over the last year. All of it amounts to a political system that needs to devote at least as much energy into securing its systems as it does into securing votes. At this point, there’s no saying they weren’t warned.

87% CISOs say CEOs breach protocol: Study

Eighty seven per cent of chief information security officers (CISOs) surveyed in India believe their chief executive officers (CEOs) have breached information security protocols, says a new Symantec study. On a brighter note, more Indian companies are encrypting their cloud data than the global average, said the report.
 
The survey covered 100 across India and 1,100 globally. Tarun Kaura, director, product management, Asia-Pacific, Symantec, says, “Tracking unsanctioned applications and the visibility of data within the cloud is a major challenge for enterprises.”


 
Kaura added that definitely wasn’t the biggest attack in the recent past, ranking the Dyn network attack that crippled Netflix and Twitter as well as the cyber heist of Bangladesh’s central bank last year much higher on the scale. “came at a time when people were a lot more aware and it affected people in multiple industries, which is why it received so much focus,” he said.
 
A study by Cloud Security Alliance (November 2016) mentioned lack of industry standards and ineffective costing as major deterrents to cloud adoption across industries in India. However, experts say that with Reserve Bank of India and Insurance Regulatory and Development Authority already announcing compliance requirements with respect to cloud data, one can expect more regulations to follow.
 
“The advent of smartphones has changed the way we consume data. It has also made it difficult to keep track of it as internal information teams cannot track what employees do with confidential data on their devices,” added Kaura.
 
With an increasing number of organisations moving to adopt Internet of Things across their businesses, the number of vulnerable devices at risk will also increase.
 
Cloud-based enterprise resource planning service provider Deskera has been focusing on small-size to medium-size businesses as its target market. Deskera CEO Shashank Dixit said that the company has seen 100 per cent revenue growth over the past three years as smaller companies break free from the constraints of on-premises setups.
 
Dixit sees hacking as a major threat. “Hackers use social media sites such as Twitter and Facebook to break into computer networks and extract sensitive information. One reason people are particularly vulnerable to social hacking is because on social media sites their guard is down,” said Dixit.
 
“While security is an important factor when considering cloud technology, more common concerns are around the general enterprise adoption and training. Companies want to make sure the they select is well-integrated into their overall systems and that their teams are well-trained to use the new technology,” said Dixit.
 
Symantec’s report also states that the biggest threat to cloud security in 2017 will be staff’s non-compliance with security measures.
 
IBM integrated security leader Kartik Shahani says, “Security as a practice takes some experience. Teaching people to identify threats is the need of the day.” IBM predicts a requirement of three million cyber security professionals across India in coming years. The company is looking at providing programmes that will start teaching security at schools and has already flagged off a similar initiative in the United States.
 
IBM has also partnered networking giant Cisco and aims to eliminate compatibility issues between security and networking applications through the collaboration.

OneLogin Breach Shows Alarming Potential For Hackers To Decrypt Customer Data

Sometimes it feels as though nothing is safe from the prying eyes (and digital crowbars) of dedicated hackers. Single sign-on provider OneLogin has found this out the hard way, as its systems were breached this week, potentially exposing customer data.

“We detected unauthorized access to OneLogin data in our US data region,” OneLogin disclosed in a blog posting this week. “We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident.”

hacker

This initial notice was frustratingly lacking in detail, and customers were left to assume the worst with regards to the severity of the attack. However, OneLogin has since updated its blog posting with more details, including the unfortunate news that hackers were able to gain access to the company’s AWS keys.

The hackers were then able to use those keys to “access the AWS API from an intermediate host with another, smaller service provider in the US.” The company reports that the intrusion began at 2AM on May 31st, but it wasn’t until seven hours later that OneLogin staff detected any anomalies and was able to cut off access. That is a rather lengthy period of time for the “threat actors” to have access to the company’s database tables.

OneLogin also provided this rather dour warning:

While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data. We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers.

Those actions of course include resetting passwords, generating new API keys and creating new security certificates.

It is reported that OneLogin provides services to over 2,000 companies (including Yelp, Midas, Pinterest, Pacific Life, The Carlyle Group, Conde Nast, and Pandora) and has millions of individual users. OneLogin allows users to integrate with services like Amazon Web Services, Office 365 and Google ecosystem.

‘).insertAfter(jQuery(‘#initdisqus’));
}
loadDisqus(jQuery(‘#initdisqus’), disqus_identifier, url);

}
else {
setTimeout(function () { disqusDefer(); }, 50);
}
}

disqusDefer();

function loadDisqus(source, identifier, url) {

if (jQuery(“#disqus_thread”).length) {
jQuery(“#disqus_thread”).remove();
}
jQuery(‘

‘).insertAfter(source);

if (window.DISQUS) {

DISQUS.reset({
reload: true,
config: function () {
this.page.identifier = identifier;
this.page.url = url;
}
});

} else {

//insert a wrapper in HTML after the relevant “show comments” link

disqus_identifier = identifier; //set the identifier argument
disqus_url = url; //set the permalink argument

//append the Disqus embed script to HTML
var dsq = document.createElement(‘script’); dsq.type = ‘text/javascript’; dsq.async = true;
dsq.src = ‘https://’ + disqus_shortname + ‘.disqus.com/embed.js’;
jQuery(‘head’).append(dsq);

}

jQuery(‘.show-disqus’).show();
source.hide();
};

function disqusEvent()
{
idleTime = 0;
}

Security News This Week: OneLogin Had One Very Bad Breach

For the first time in too long, a week went by without any major international security incidents (unless you count the US withdraw from the Paris Climate Agreement, which you probably should). Perhaps unsurprisingly, that meant there was also time to look at defensive measures for a change.

For instance! The US successfully tested its very expensive, not entirely reliable missile defense system, but that doesn’t mean we’d be safe from a real-world attack. Pokémon Go switched its tactics to defend against cheaters, sending them to a Pidgey purgatory rather than outright banning them. And we got an inside look at how Google’s worldwide security teams keep the web safe from phishing. Well, safer, anyway. And a group of researchers have found a novel way to figure out where cellphone-snooping stingray devices hide, with an assist from rideshare service drivers.

The first official day of summer is June 21, meaning you’ve still got time to do some digital spring cleaning that should make you more secure. There’s also still time to ignore anything Vladimir Putin says about election hacking, since it’s all just misdirection anyway. And time ran out for Silk Road creator Ross Ulbricht, whose life sentence an appellate court upheld this week.

And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.

OneLogin Customers Had a Very Bad, No Good Week

Many, many mega-corporations use OneLogin for password and single sign-on management. Many, many of them might wish they hadn’t right about now. In a blog post, the company acknowledged that not only had hackers breached its US data center, getting access to “database tables that contain information about users, apps, and various types of keys.” Not good! And worse still, OneLogin added that the intruders could maybe possibly have decrypted sensitive data during the seven hours they were in OneLogin’s systems. The company has detailed some steps affected customers can take to mitigate the damage, but time will tell how much has already been done.

Security Firms Used Counterterrorism Tactics Against Standing Rock Protestors

Documents obtained by The Intercept detail how a private security group called TigerSwan treated Dakota Access Pipeline protestors as an “insurgency” group. Coordinating with government authorities across five states, the organization surveilled the group in depth, even infiltrating activist camps using false identities. It’s an in-depth look at how a private security group viewed lawful domestic protestors as “terrorists,” and how public agencies relied on that group for intel.

The US Will Officially Demand Your Social Media Handles at the Border

Want to visit the US? Get ready to hand over all of your social media handles and accounts from the last five years. It’s not a new policy, per se; the Obama administration had been combing people’s social media histories already. But the Trump administration has codified the search process for “flagged” visa applicants. It’s unclear how effective the screening would be, given that many social media accounts offer anonymity, but the enhanced measures are nonetheless in place.

WikiLeaks Continues to Clear Out Vault 7

As promised, WikiLeaks continues to trot out Vault 7 CIA hacking methods. This week the group detailed Pandemic, a tool that leverages Windows file servers to infect other computers in the same network. Despite a killer name, Pandemic has some serious limitations, indicating it may have existed for very specific use cases only. And as Ars Technica notes, the documentation in the release was incomplete; a hacker wouldn’t be able to pull off the attack based on what WikiLeaks provided.

Go Back to Top. Skip To: Start of Article.