Recently, multi-platform media and entertainment company Mashable reported it suffered a data breach; leaked readers’ information was discovered in a leaked database posted online. The information appears to have been stolen from social media sign-in features.
The leaked information contains full names, locations, email addresses, genders, IP addresses, and links to social media profiles. While the company appears to have some idea of the identity of its attacker, it did not disclose their suspicions in a public statement. According to Mashable, no password information nor financial information was stolen, and all affected accounts were disabled as a precaution.
The Mashable Data Breach can teach enterprises quite a bit. Here’s what the experts had to say.
What the Mashable Data Breach Can Teach Us
Saryu Nayyar is the CEO of Gurucul.
“The Mashable breach represents another case where potentially important data has fallen into the attacker’s hands. While there were apparently no passwords or financial information revealed, the personal information such as email address, names, locations, etc., could be very useful for an attacker looking to do targeted phishing emails or social engineering attacks.
“There is always a lot of attention on breaches that reveal passwords or financial information, but there is a lot of other personal information an attacker can leverage, especially when they take the time and effort to engage in social engineering attacks. That’s why even organizations that don’t hold confidential PII need to keep their cybersecurity stack up to date, including behavioral analytics, to identify novel attacks before they turn into major data breaches.”
Dan Piazza is the Technical Product Manager of Stealthbits.
“Although it took Mashable a few days to confirm the breach, their straightforward response is commendable. They confirmed the breach, outlined what data was stolen, stressed that Mashable doesn’t store financial data, and offered comfort that they don’t believe any password data was breached. If these details remain the extent of the breach, and additional concerns don’t come to light later, then this is a good example of how organizations should handle PR in the event of a data breach.”
Thanks to the experts for their time and expertise. Learn more about securing your own business in our SIEM Buyer’s Guide.
Latest posts by Ben Canner (see all)
- Proofpoint Releases 2021 Voice of the CISO Report - May 14, 2021
- The 10 Best Open Source SIEM Tools for Businesses - May 13, 2021
- What Shape Will Phishing Attacks Take in The Future? - May 12, 2021