Exploit: Unauthorized Database Access (Malicious Insider)
DataViper: Information Security
Risk to Small Business: 1.239 = Extreme
A malicious insider is the culprit in a data breach at information security firm DataViper. 8,200 databases containing the personal information of millions of users were snatched from the company’s data leak monitoring service. The hacker, purportedly a former employee of Night Lion who is using that name for Dark Web activity, claims to have spent three months inside DataViper servers while exfiltrating databases indexed for the DataViper data leak monitoring service. The hacker also posted ads on the Empire Dark Web marketplace where they put up for sale 50 of the biggest databases that they found inside DataViper’s backend.
Individual Risk: 2.117 = Severe
While these databases contained the information of billions of people worldwide, much of the information was from old breaches. Some new information was included, but researchers have not ascertained how much and what kind. This kind of information is often used in phishing and credential stuffing attacks.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Insider threats are a menace to every business. Our insider threats eBook helps companies spot and stop insider threats. While most insider incidents at organizations are caused by unintentional threats like human error, malicious insider attacks count for more than 20% of insider incidents. Some malicious insiders sell company secrets or even their own credentials on the Dark Web.
Source:
https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/?&web_view=true