So you are telling me that I can’t do a hard shut down on my PS4 and this will all go away?
Welcome back to the cyber attack of the week series! I think this marks the third or fourth Friday of quarantine? Regardless, the cyber criminals of the world are apparently still in office, hacking away.
This week, we are taking a look at a gaming controller manufacturer who faced an enormous data breach.
When you want to End, but not Save – Server Edition
Earlier this month, the gaming controller manufacturer, SFU Gaming announced that the company endured a major security and data breach. This breach led to over 1.1 million customer records receiving exposure online.
After an investigation, the discovery of an unprotected, internet facing company server appeared. This included not needing a username and password combination to access the server.
Once the company became aware of the situation, the investigation continued on in search of any other easily accessible endpoints.
In this pursuit, the company discovered a note from the cyber criminals stating that if they received the ransom payment if the form of Bitcoin, there would be hope for data recovery.
Aftermath for Customers
Continuing, no statement appeared as to whether or not the company will pay the ransom. SFU gaming released a statement saying that the breach appeared to be contained to one server. Further, the information on that server included customer information spanning three years back.
SFU continued to contact those possibly affected and assured the parties that the company would conduct security auditing to ensure something like this will not happen again.
Takeaway Advice, Secure your Servers!
All in all, if this article proves anything, it’s the importance of regular security testing. An unsecured server without a password would be easily identified by a pen testing or security auditing firm.
Further, if companies take the time to consult with cyber security analysts to create security plans and protocols, incidents like this can be avoided.