The biggest Rickroll | Akasa Air Breached in 21 days
CyberInsights #59
If you haven’t heard of the biggest graduation prank that successfully rickrolled 500 screens across a school district in the US, then you are not alone. Read this article on the the Wired to understand the magnitude of this prank.
The prank itself was not technologically sophisticated, but it did require superior planning skills (and a bit of luck).
And of course, IOT systems where default passwords are, you know, expected.
Take Action:
Nothing really. Just read the article and have a hearty laugh. Oh, and change the default passwords of your IoT systems.
TTB - Time to Breach 😉
How much time does it take for a company to start operations and suffer a data breach?
Akasa Air - a new airline company that started operations on the 7th of August, reported their first breach on the 28th of August. That’s a TTB of 21 days, 3 weeks.
They say it was a ‘configuration error’. Read the official press release here. It exposed PII of individuals who had registered. Now, configuration errors are not uncommon in the software development world, but that is why you have testing, right?
A simple case of rush-to-prod without adequate time for running the app through a security test? Or a case of a security professional not understanding the business logic and checking only for injections and XSS?
We will wait for more details to emerge, which never might…
Take Action:
Ahem. Test, test and more tests.
Share this widely within your organisation and showcase this as an example of what happens when the infosec team gets an app to test at 9 pm today with a release of 8 am tomorrow.
Enjoyed reading? Receive this in your email every week.