Exploit: Unsecured Database
CouchSurfing: Crowdsourced Hospitality
Risk to Small Business: 2.177 = Severe
The San Francisco based housing and hospitality service is investigating a security breach that was recently discovered when hackers began selling the details of 17 million users on Telegram channels and hacking forums, with some priced at $700 USD. User details such as user IDs, real names, email addresses, and CouchSurfing account settings, were for sale, although no passwords or financial data were reported as available. The pilfered information is now available on RAID Forum, the go-to place for buying and selling stolen databases on the public internet.
Individual Risk: 2.509 = Moderate
According to CouchSurfing’s release, no financial data was compromised in the incident. Users who think their accounts may have been compromised should consider this ammunition for possible spear phishing attacks.
Customers Impacted: 17 million
How it Could Affect Your Customers’ Business: Unprotected databases are always trouble. Although no passwords were listed as compromised in this attack, these incidents often raise a company’s risk of credential compromise if a staffer has recycled their password or signed up for a service using their business email.