Trakt: Media service for “scrobbling,” or tracking movies and shows watched online
Risk to Small Business: Severe: The California-based media platform emailed its customers notifying them of a breach that took place over 4 years ago, in December of 2014. In their statement, they claimed that they only recently discovered the breach, and took steps to mitigate it since. Payment information was not disclosed, but usernames, emails, passwords, names, and locations were. The investigation is ongoing, but the only risk at this point seems to be that of customer attrition.
Individual Risk: Moderate: The company seems to have inadvertently mitigated the breach, migrating to a more secure version of its website in January 2015. However, users that have recycled passwords between accounts should be wary.
How it Could Affect Your Customers’ Business: Even without involving payment data, breaches that trace back multiple years can unnerve end-users into deleting their accounts forever. When they receive an email notifying them that a breach from 2014 was just now discovered, they are likely to weigh other options or stop using the service entirely. In a world where competition is cutthroat and the customer has more information and choices at their fingertips than ever before, businesses must do everything in their power to retain and build trust.
————————————————————————————————————
In Other News:
How to save your IT system from its own users: Zero Trust Browsing
2017: The Year of Cryptojacking. 2018: The Year of Ransomware. 2019? It’s shaping up to be the Year of Phishing.
Historically, we’ve labeled phishing as a nuisance that only a select few fall for. However, the increasing sophistication of social engineering, along with a gradual evolution of phishing techniques, have leveled the game. For example, hackers have realized the importance we place on SSL certification, and have found ways to exploit it in order to give us a false sense of reassurance. Browsers such as Edge, Chrome, and Firefox have created advanced filtering techniques, but they are still unable to identify 10-25% of phishing sites…