{"id":5010,"date":"2020-07-29T15:51:52","date_gmt":"2020-07-29T19:51:52","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=5010"},"modified":"2020-08-03T16:10:11","modified_gmt":"2020-08-03T20:10:11","slug":"what-can-businesses-learn-from-the-drizly-data-breach","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/","title":{"rendered":"What Can Businesses Learn From the Drizly Data Breach?"},"content":{"rendered":"

\"What<\/p>\n

Drizly, a prominent online alcohol delivery startup, suffered from an attack from an external cyber-attack leading to a data breach. According to a company email to customers, an unidentified hacker took customer email addresses, dates-of-birth, passwords, and delivery addresses in some cases. As many as 2.5 million customers may have been affected, and data exposed may also include phone numbers and IP addresses.\u00a0<\/span><\/p>\n

While Drizly claims that the hacker did not steal financial data, a report from <\/span>TechCrunch<\/span><\/a> disputes that. The article alleges a \u201cdark web marketplace from a well-known seller of stolen data\u201d offered Drizly account information including credit card information; however, TechCrunch could not confirm the veracity of the dark web seller\u2019s claims.\u00a0<\/span><\/p>\n

Despite the size of the breach seeming comparatively small, the prominence of the business affected has garnered significant attention from <\/span>cybersecurity<\/span><\/a> experts. Here\u2019s what they had to say.\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n

What Can Businesses Learn From the Drizly Data Breach?\u00a0<\/b><\/h2>\n

Saryu Nayyar<\/b><\/h3>\n

Saryu Nayyar is CEO of<\/b> Gurucul<\/b><\/a>.<\/b><\/p>\n

\u201cThe reported Drizly data breach is interesting for what it shows about attacker dwell time\u2014the time between an initial breach and the victim noticing it. The stolen data has been available on the dark web since mid-February 2020, but the breach was only identified by Drizly on July 13th, 2020, and reported to customers on July 28<\/span>th<\/span>, 2020.<\/span><\/p>\n

That is a 2-week delay between identifying the breach and informing affected customers. More importantly, indications are that the threat actor had access to Drizly’s systems for roughly 6 months, at least, before they were identified.<\/span><\/p>\n

Dwell time has been going down for the last several years but, as this shows, it is still far too high. Tools exist that can reduce dwell time substantially, but organizations need to be proactive about adding them to their security suites.\u201d<\/span><\/p>\n

Ben Goodman<\/b><\/h3>\n

Ben Goodman is CISSP and Senior Vice President of Global Business and Corporate Development at ForgeRock<\/a>.\u00a0<\/b><\/p>\n

\u201cIn today\u2019s evolving fraud landscape, usernames and passwords are ineffective and insecure forms of authentication. Many times, passwords and usernames contribute to major security risks if they are compromised in data breaches since many users reuse login credentials across multiple accounts. In fact, <\/span>51 percent of people use the same passwords for work and personal accounts<\/b>, which makes it easy for threat actors to reuse stolen login credentials to obtain access to additional profiles via credential stuffing.\u00a0\u00a0<\/span><\/p>\n

Attackers are constantly on the prowl for<\/span> consumers\u2019 sensitive data. In fact, personally identifiable information (PII) was exposed in 98 percent of 2019 data breaches alone. Attackers will always take the path of least resistance to achieve their goal, and password reuse just makes it that much easier to attain unauthorized access to consumer data.\u00a0<\/span><\/p>\n

To reduce the risks of future data breaches caused by username and password insecurity, organizations must remove usernames and passwords. Fortunately, the technology needed to make this a reality is available today. Organizations can opt for users to use biometrics instead of passwords, and pin-protected keys instead of usernames during the authentication journey.\u201d<\/span><\/p>\n

Robert Prigge<\/b><\/h3>\n

Robert Prigge is CEO of <\/b>Jumio<\/b><\/a>.<\/b><\/p>\n

\u201cDrizly\u2019s exposed email addresses, delivery addresses, credit card details, hashed passwords, birth dates and order history selling for $14 speaks to the abundance of personal data available for sale and just how inexpensive it is for fraudsters to commit account takeover and fraud. With this information, cybercriminals can decode passwords and log-in as the user allowing them to steal credit card information to make fraudulent purchases both on the site and elsewhere.\u00a0<\/span><\/p>\n

As most use the same password across accounts, fraudsters can use this same password to access the user\u2019s banking accounts, social media profiles, unemployment benefit sites and more to steal benefits and change the password to lock the real user out. Drizly\u2019s recommendation for customers to change passwords is not enough to keep user data protected. Online retailers (and any organization with a digital presence) have a responsibility to keep accounts protected to maintain customer trust. Biometric authentication (leveraging unique human traits to confirm identity) is far more secure and ensures only the legitimate user can access their account.\u201d<\/span><\/p>\n

Thanks to our cybersecurity experts for their time and expertise. Learn more in our <\/span>Identity Management Buyer\u2019s Guide<\/span><\/a>.<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Drizly, a prominent online alcohol delivery startup, suffered from an attack from an external cyber-attack leading to a data breach. According to a company email to customers, an unidentified hacker took customer email addresses, dates-of-birth, passwords, and delivery addresses in some cases. As many as 2.5 million customers may have been affected, and data exposed […]<\/p>\n","protected":false},"author":41,"featured_media":4578,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,125,16,112,1520,1521,132,1522,1204,76,425,70,1169],"acf":[],"yoast_head":"\nWhat Can Businesses Learn From the Drizly Data Breach?<\/title>\n<meta name=\"description\" content=\"Drizly, a prominent online alcohol delivery startup, suffered from an attack from an external cyber-attack leading to a data breach.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/\",\"name\":\"What Can Businesses Learn From the Drizly Data Breach?\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\",\"datePublished\":\"2020-07-29T19:51:52+00:00\",\"dateModified\":\"2020-08-03T20:10:11+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Drizly, a prominent online alcohol delivery startup, suffered from an attack from an external cyber-attack leading to a data breach.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\",\"width\":800,\"height\":400,\"caption\":\"UN Data Breach: Expert Commentary on a High-Profile Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Can Businesses Learn From the Drizly Data Breach?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer's Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Can Businesses Learn From the Drizly Data Breach?","description":"Drizly, a prominent online alcohol delivery startup, suffered from an attack from an external cyber-attack leading to a data breach.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/","url":"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/","name":"What Can Businesses Learn From the Drizly Data Breach?","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg","datePublished":"2020-07-29T19:51:52+00:00","dateModified":"2020-08-03T20:10:11+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Drizly, a prominent online alcohol delivery startup, suffered from an attack from an external cyber-attack leading to a data breach.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg","width":800,"height":400,"caption":"UN Data Breach: Expert Commentary on a High-Profile Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/what-can-businesses-learn-from-the-drizly-data-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"What Can Businesses Learn From the Drizly Data Breach?"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer's Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5010"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=5010"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5010\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4578"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=5010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=5010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=5010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}