Security Awareness Training by Abhay Verma

After the massive Facebook Data Leak, here is another data leak, this time we have LinkedIn. A report by CyberNews, an archive containing data of about 500 million LinkedIn users has been scraped and put on sale on popular hacker forum.  Source: CyberNews Another 2 million records are leaked as a sample proof that make certain the possession of real data. The user’s data contained: LinkedIn IDs Full names Email addresses Phone numbers Gender Links to LinkedIn profiles Links to other social media profiles Workplace information Job Titles, and might be something more… The sample data can be viewed for about $2 worth of forum credits, and the threat actor appears to be selling the much-larger 500 million users database for the price in 4-digit sum ($$$$), in bitcoin. Leaked Sample (Source: CyberNews) Possible Outcomes? Users whose data is leaked might face some phishing attacks which are specifically targeted and could trick them into the fraud. The email-ids & phone n...

A cybersecurity expert, Alon Gal, discovered the massive Facebook data leak of 2021, that includes that data of about 533 million users from 106 countries, including over 32 million records from USA, 11 million records from UK, and about 6 million user records from India, in which not only included phone numbers, but also: Facebook Account ID Location Full Name Gender Relationship status Home address and birth location Workplace   Source: m.facebook.com Read More: PII and Identity Theft An interesting thing to note is that, the phone number of Facebook CEO, Mark Zuckerberg is among the personal information leaked online . Multiple outlets reported the claims that Zuckerberg’s leaked information includes his name, location, marriage details, birth date, ID, according to The Sun . Cybersecurity researcher Dave Walker said Zuckerberg, as well as Facebook cofounders Chris Hughes and Dustin Moskovitz, were among the 533 million users who had personal data posted on ...

MobiKwik , an Indian company that provides mobile phone based payment system and digital wallet, has recently underwent one of the biggest data breach. Data of about 3.5 million users (8.2 TB) were put on sale in Dark Web, which consists of user’s name, phone number, bank account details, e-mail IDs and the credit card information . Source: Google           The data dump is said to contain 350GB of MySQL dumps or 500 databases, 99 million email, phone, passwords, physical addresses, IP address, GPS location and device related data, as well as 40 million records of card numbers, expiry dates, card hashes (SHA256 encrypted). It has been regarded as the “BIGGEST KYC DATA LEAK EVER” .      One of the independent security researcher, Rajshekhar Rajaharia tweeted about the leak, “ 11 crore Indian cardholder’s card data including personal details & KYC soft copy has been leaked ” which was then confirmed by French researcher (Source). Source: ...

Identity theft is the act of unlawfully obtaining someone’s personal information without the permission. The Personally Identifiable Information (PII) includes name, phone number, address, bank account details, Aadhaar and other document numbers, card details and every other information that helps to identify a person is considered as PII. Identity theft is simply stealing these information and using them for illegal activities. Also Read: Social Media Exposing our Personal Data. As per the report on The Economic Times , 4 in 10 Indians have experienced identity theft, and after knowing this we must not overlook the fact that how much dangerous could it be? Identity theft can lead to a number of effects as the stolen information by the criminal can help him/her to personify him/herself as you and can: Gain access to your bank account Apply for loans on your cards or open insurance account File a tax refund in your name and get your refund Obtain a driver’s license, pa...

On January 04, 2021 WhatsApp has released new updated privacy policy which has been a talk among the mass, as their chats now are not private anymore . Also Read: Is Your WhatsApp Really Secure? While opening WhatsApp, you might have noticed that it shows a pop-up which states the WhatsApp new policies and ask you to agree. If you agree to the policies before Feb 08, 2021 you will be able to use WhatsApp, else it states that you can also delete your account. It’s a clear set of options WhatsApp provided, either to accept policies or to stop using the service. Basically, the users are left with no choice. The new policies as stated focus majorly on three points: “WhatsApp’s service and how we process your data” “How businesses can use Facebook hosted services to store and manage their WhatsApp chat” “How we partner with Facebook to offer integration across Facebook Company Products” Overall of these policies, WhatsApp will officially collect data to provide better experience...

Following the previous two blogs, this blog is now addressing the content settings of the browsers which includes Cookies, JavaScript, Flash, Sound, Pop-Ups, etc. I’ll cover each topic in depth and will let you know the potential vulnerable source from each of the setting.  If you haven't read my previous blog of the series, you can read them here:  Browser Security Part 1 Browser Security Part 2 So, let’s start…