The Week in Breach: Wyzant
Exploit: Database infiltration
Wyzant: Online education marketplace that matches tutors with students
Risk to Small Business: Severe: Hackers took advantage of a database anomaly to steal personally identifiable information (PII) from an undisclosed number of users on April 27, 2019. The tutoring company issued a patch to the database, and a more in-depth investigation is underway.
Individual Risk: Severe Although it’s unclear how many users were impacted by the breach, PII was definitely made available to hackers. This data includes names, email addresses, zip codes, and more. The company’s platform lets users sign in using their Facebook credentials, enabling hackers to siphon off .jpegs of Facebook profile pictures, which can be leveraged to facilitate phishing scams.
Customers Impacted: Unknown
How it Could Affect Your Business: Failing to understand the security vulnerabilities that impact your IT infrastructure can have significant consequences for your users. Especially for companies handling PII for minors, protecting customer information has to remain a top priority. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee data.
In Other News: Card Data Stolen From 201 Online Campus Stores
201 online campus stores for universities based in the U.S. and Canada were victimized by the popular Magecart attack, where hackers plant malicious JavaScript code on a website. This code collects payment information from customers using an affected platform. Once the financial data is collected, it is remotely stored by hacking groups who subsequently sell that information on the Dark Web.
The Magecart skimming code has been identified on at least ten other platforms and has spread to e-commerce sites as well.
Interestingly, cybersecurity researchers noticed that Magecart groups often don’t pursue e-commerce sites directly. Instead, they target components that often accompany their online store, such as chat and support widgets.
The weight of this incident serves as a reminder: companies need to invest in a holistic suite of cybersecurity solutions that accounts for today’s entire evolving threat landscape.