Think Twice Before Tweeting About a Data Breach
Rushing to let the world know about a data breach that where your info may have been compromised can make things much worse for you. Many people learned this the hard way recently. Here’s the scenario…
NetGalley, a website that provides advanced e-copies of books to reviewers, emailed users just before Christmas that the company had suffered a “data security incident”. It was a fairly serious one, too. The compromised database included such sensitive info as usernames and passwords, names, email addresses, mailing addresses, birthdays and company names.
Hackers love it when their victims make it worse
What happened next, though, is where things get truly interesting. NetGalley’s users tend to be a very online crowd. Eager to be the first to share breaking news, many of them quickly took to social media and started discussing the incident without first considering the information they were putting up for all the world to see.
These folks actually made themselves even more vulnerable!
One user Tweeted a complaint in which he griped about having to change all his passwords, since he re-used his NetGalley password all over the place. Hint: If you’re going to commit the security sin of password reuse, don’t tell the world about it.
Another user Tweeted an image of the email she received from NetGalley—complete with her full name, which had previously been masked. NetGalley allows users to create usernames so they can communicate anonymously. Not anymore for this user!
Several others made a similar error, revealing their NetGalley usernames in a Twitter account under their actual names. Hackers love this type of information, as many people reuse usernames across several accounts.
© National Security Institute, Inc. www.nsi.org
Recent SecuritySense Posts
- 5 Things Crooks Love to See In Your Social Media Profile
- FAQ: Security and the Cloud
- The Ransomware Perfect Storm
- Children More at Risk Online During Pandemic
- Going Back to the Office? You’re a Perfect Target for Phishers
- 5 New Social Engineering Tactics Criminals Are Using Right Now
- Frequency Strategy in Security Awareness Campaigns
- Security Awareness Email Is Not Spam
- April Scam Watch
- Top 4 Emotions Used in Social Engineering
Protect Yourself & Your Company From Cybercrime
Unique Content Strategy
People pay attention to content they find personally relevant. SecuritySense doesn’t feel like you’re being given extra work to do. It’s a blend of personal and work-relevant cybersecurity tips, warnings, human interest stories, instructions, news and insights that everyone looks forward to receiving. More about our content strategy
The Secret to Creating Awareness
Brand marketers know if you want to create awareness you have to do two things. Steadily promote your message and make sure that message offers content that personally resonates with your audience. SecuritySense makes it easy for you to do both.
Compare Our Per Employee Cost
Compare our per employee annual cost with the $8.00 – $20.00 seat licenses you might pay for training platforms. It’s a no-brainer to add SecuritySense to your overall program.