It's been very often lately that we hear big name companies suffer serious data breach. The latest breach is reported to be on a smaller scale, but no less serious. Ashampoo, a German software company known for its Windows utilities is warning customers to be on the alert for malicious e-mail messages after its servers were hacked.
Apparently hackers managed to break into one of Ashampoo's servers that held customer data. Rolf Hilchner, CEO of Ashampoo, has posted on the company's website explaining exactly what has happened. There was a hole in their security and by using it Ashampoo customer names and e-mail addresses have been taken, but no payment and billing information was accessed. The company said, billing information such as credit card numbers was not stolen, because that data is stored on another server, operated by a contractor. The company has nearly 14 million customers, but it's not immediately clear how many have had their names and e-mail addresses stolen.
Ashampoo, which also makes multimedia programs and security software, warned customers that it had been hacked and that customers could now be sent infected emails that give criminals a way into their computers. "If you for example receive a confirmation of an order from PurelyGadgets or another company without having made an appropriate purchase there, please do not open the attachment and delete the e-mail immediately," Ashampoo wrote. PurelyGadgets is a U.K.-based online retailer that said recently that scammers had been sending out fake orders, pretending that they were from the company.
On March 30th, an incident that has been described as one of the largest breaches in US history was detected.
Considering the scale of the breach, it is unsurprising that a number of lawmakers are requesting more information about the incident. The U.S. Secret Service is reportedly investigating the breach, as is the Australian Federal Privacy Commissioner. The Epsilon breach came shortly after the RSA hack, a division of yet another major player in IT. RSA was subject to an Advanced Persistent Threat also known as APT, which obtained data related to RSA's SecurID security tool rather than the unit's corporate and governmental clients. This data may be used for a wider scale attack in the future.
Facebook is also victim of online security attack. Last year Facebook apps are sending user IDs to third parties, such as advertising networks, with the knowledge of the users themselves, and Facebook still continues to raise some eyebrows concerning certain privacy issues. The number of cyber attacks is only going to increase if organizations fail to pay attention on the vulnerabilities of their network security. Organizations need to implement robust Internet security initiatives to protect their network and their customer's information, including hiring highly trained information security experts in order to avoid security breaches.
Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of highly technically skilled information security professionals.
CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics training, Application Security, Advanced Network Defense, and Cryptography. These highly technical and advanced information security training will be offered at all EC-Council hosted conferences and events, and through specially selected EC-Council Authorized Training Centers.