Following in the wake of the Yahoo Security breach we have yet another large scale leak, this time aimed squarely at businesses. Modern Business Solutions (MBS), a data management and monetization services provider, has been hit by a security breach that has exposed at least 58 million accounts. Information leaked in the breach includes names, IP addresses, birth dates, e-mail addresses, occupations and more.
The MBS leak is the result of a poorly secured database. The extracted data was released to the public twice on a major file sharing website, each time resulting in the data being taken down quickly. The data was finally released for a third time to a smaller file sharing website where it gained the attention of security researchers at Risk Based Security. Around this time a second table of data was discovered that showed that as many as 258 million rows of personal information had been compromised in the attack. While evidence of this much larger leak was evident, the database had been secured before it could be confirmed, so it is unclear how much of this additional data has been released.
Unlike this year’s Yahoo security breach, which contained personal user accounts, the MBS breach could have further reaching implications. Modern Business Solutions provide services to both automotive and employment industries, which may have put any individual’s data stored with them, business or consumer, at risk.
While Yahoo and now Modern Business Solutions have garnered the most attention this year, they are far from the only business to be hit with a security breach. As of the start of October, there have been nearly 3,000 publically disclosed data breaches in 2016. These breaches have exposed more than 2.2 billion records. With so many companies hit by security breaches it becomes less of a question of, “if you’ve had your data breached” and instead becomes, “to what extent”. For users, this should encourage caution; while it is unrealistic to avoid an online presence entirely, you are in control of how much you share. The omission of unessential information can mean the difference between a nuisance and a full on personal attack in the event of a data breach.
– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer