.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: Firebase, a Backend-as-a-Service offering from Google that is marketed towards mobile app developers .
The take: Over 100 million records from thousands of mobile apps, including plaintext user id & password combinations, GPS location records, financial records, health records and session tokens.
The attack vector: Security researchers discovered that the default configuration for Firebase databases does not secure data or require authentication, allowing unauthorized third parties to view and exfiltrate application data.
The target: Investment Management firm BlackRock.
The take: Three separate spreadsheets, containing names, e-mail addresses, and assets invested in iShares ETFs for about 20,000 financial advisers.
The attack vector: The spreadsheets were accidentally made publicly available on the firm’s website for more than a month, prompting concerns that if harvested, the data could be a goldmine for phishing campaigns and targeted attacks.
The target: The SEC's EDGAR filing system.
The take: Nonpublic 'test filings' containing earning results and other material data were obtained and used to make profitable securities trades before the information was publicized. Seven individuals and two organizations were recently charged by the SEC in connection with the hack and are reported to have profited to the tune of $4.1M from the scheme.
The attack vector: An undisclosed software vulnerability reportedly allowed attackers to bypass the system's authentication controls.
The target: The German Government.
The take: The personal data of hundreds of politicians in Germany were exposed. The hacked data includes contacts’ email addresses, private chats, mobile numbers, photographs and credit card details, which were all published on Twitter.
The attack vector: The prime suspect in the case indicated that he had acted alone, and it is believed he would not have been able to obtain the personal data had it not been for his target's use of weak passwords on their personal accounts.
The target: The reservation database for Marriott hotel chain’s recently acquired Starwood subsidiary was compromised from 2014 until September of 2018.
The take: 170 million customers had only names, addresses & e-mail addresses stolen, while 327 million more lost some combination of name, home address, e-mail, date of birth, gender, and passport numbers. Marriott have confirmed that over 5 million unencrypted passport numbers were accessed by attackers.
The attack vector: It is suspected that the merging of information systems after the Starwood acquisition created the vulnerabilities that were exploited by suspected state actors. Marriott hotels are often the preferred hotel of US government and military officials.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy