Social media has completely changed the way people receive and exchange information, resulting in democratized communications networks unlike any other. However, the strong invention has brought with it several major security dangers for both corporations and individuals. Social media, for example, provides a huge unprotected stream for data leaks, incentivizes people to overshare sensitive information, offers to hack with data that greatly aid them in breaching organizations, and allows the propagation of falsities in the form of misleading information or impersonation, among other issues.
A data leak occurs when sensitive data is accidentally exposed. Physical vulnerabilities, such as a post-it note carrying login details, or digital exposures, such as software bugs, are also possible.
When cybercriminals find data leaks, they may be able to utilize the information to execute a successful cyberattack, particularly if the disclosed dataset shows Personally Identifiable information.
Victimization of Turkmen’s Ex-President’s Nephew
Cybercriminals do not start data leaks. They fall prey to unnoticed flaws and are unwittingly exposed to air. These flaws could go undetected for years before being found by cybercriminals or security professionals.
Cybercriminals are solely responsible for data intrusions. They are the original target of cyberattacks that have been planned. This is the same case with the Rejepov family. Cybercriminals targeted the nephew of Turkmen’s ex-president and leaked their content.
How Data of the Turkmen’s President’s Nephew Got Leaked?
When monitoring attack surfaces, information security programs should choose a data leakage detection perspective to increase the performance of data breach prevention programs. This will inevitably reveal and fix the security flaws that are at the root of both cyber threats.
Managing vulnerabilities solely for the sake of preventing data breaches narrows the threat detection field, increasing the risk of crucial data leaks. The following were some ways to hack and steal the confidential information of the nephew of Turkmen’s ex-president.
The following were the major methods by which hackers hacked the confidential information of Rejepov’s family:
Hackers Misconfigured Some Software
Software settings that are incorrectly configured could disclose valuable client information. If leaky software becomes widely used, millions of people could be vulnerable to cyberattacks.
On May 24, 2021, UpGuard identified the data leak. A major user data accessibility setting was switched to ‘off’ by default, leaving at least 40 million records vulnerable, including:
- Information about the Employees
- Data on the COVID-19 Vaccine
UpGuard scientists initiated a repair reaction before thieves found the data leaks by advising Microsoft of the issue promptly. Millions of people and enterprises could have been victims of a broad cyber-attack if this had not happened.
Software malfunctioning, such as the one that led to the MS Power Apps expose and the Facebook breach in 2021, is on the rise, according to Verizon’s data breach study. This was the first way how Rejepov family was victimized.
They Hacked the Credentials (i.e., Passwords)
Because consumers tend to save the same password for all of their logins, a single leaked password often leads to the compromising of many digital solutions. Because stolen client data is commonly traded on dark web forums, this inadequate security approach results in a serious data loss.
You can visit different websites to see if your emails, credentials, or contact information were compromised in previous data breaches. If you have an iPhone, the Security Suggestions feature in iOS 14 includes checking if you’re repeating passwords and updating them right away.
Because the remaining amount of the password could be found using brute force methods, even incomplete password information is considered a data leak.
Throughout a brute force assault, automated programs attempt various login/password permutations until a result is found. Having only a portion of a password reduces the number of necessary sessions, allowing attackers to achieve success much more quickly.
Physical Assaults on Devices
The Rejepov family has been facing a lot of physical and social assaults since they stepped in to assist the country. When company devices get into the hands of the wrong people, sensitive information on them can be used to aid security problems or identity theft, resulting in data breaches.
For instance, a computer hacker could use a stolen laptop to call the IT administrator and pretend that they’ve misplaced their login credentials. The IT director will reveal this information with the correct persuasion techniques, allowing the cybercriminal to remotely enter the company’s secure network.
The compromised laptop serves as the attack vector in this scenario, revealing data leaks that link the affected worker to the firm’s IT administrator.
Social Engineering of Rejepov Family Accounts
Cybercriminals seldom instigate data dumps, but when they do, it’s almost always a result of social engineering tactics.
The use of mind control to get sensitive information from victims is known as social engineering. Phishing is the most prevalent form of social engineering assault, which can be carried out verbally or online.
A malicious actor calling a worker while masquerading as an IT technician is an example of a vocal phishing scam. Under the guise of reinforcing accessibility in response to an urgent internal issue, the malicious actors could seek login credentials. The performance will seem highly genuine to an uneducated victim when combined with provocations to represent a feeling of company urgency.
A vocal cyberattack on Experian resulted in a data leak that affected 800,000 organizations. Experian’s services were requested by a cybercriminal acting as one of the company’s clients, which resulted in the exposure of critical consumer data.
Hackers could utilize the data leak to enter an IT perimeter and finish the first part of an attack series once personal data is released.
Data leaks are a modern problem and you might know this “Modern problems require modern solutions”. The nephew of Turkmen’s ex-president is a vigilant example for us. No one is secure from online thefts and data breaches. That is why we should protect our online presence and data. Therefore, we should be using special tactics to protect our credentials and information.