Cyber Hotel Business Hack
by Sarah Brown on
Random but Memorable is back with an episode full of a new Watchtower Weekly, customer questions, and even a chat with Charles Arthur, author of Cyber Wars: Hacks that Shocked the Business World.
Watchtower Weekly talked briefly about the Marriott breach, which potentially impacts nearly 500 million Marriott and Starwood customers. Data exposure can always leave you vulnerable, so it’s a good idea to take Marriott up on their offer for a free year of WebWatcher to monitor your information. They also brought up a rather embarrassing incident for Tesla in which a disgruntled customer complaining to their customer support forum got more than he bargained for. Instead of just an answer, a support agent ended up giving him administrative permissions for the entire forum! That's right, he was granted full access to the entire forum. There’s going above and beyond to help your users and then there’s giving them the ability to not only edit and delete any post but also gave him access to full profile information for every single user. Including Elon Musk.
And according to this week’s guest, that sort of thing isn’t as uncommon as you’d like to believe. Matt and Roo talked to Charles about the research he did for his book, which included studying a number of older hacks against large companies and organizations.
With how fast technology moves I would think studying older hacks wouldn’t be useful, so I was surprised to learn that’s not exactly the case. Older hacks have a lot to teach people, both in how to prevent hackers from accessing your information as well as what sort of information and organizations may be most vulnerable.
Charles covered the Sony Pictures hack from 2014 which I was familiar with and I remember the impact it had on Hollywood when that hack exposed pay gap information between lead actors and actresses. I was fascinated to hear Charles talk about these corporate hacks can expose how complacent companies can be with their security. As companies like Sony grow, new security requirements come into play that can be difficult to implement. And as they are primarily an entertainment company, it may come as no surprise that security was not their first instinct. But what was surprising to me is that they’d already been attacked at least once before on the PlayStation side of the business, but hadn’t learned their lesson.
The best part? It turns out that the November 2014 leak revealed a deep structural failure at Sony. There was a file with plain text passwords simply labeled “passwords”. Doesn’t take much digging to crack that code.
These stories really do feel like modern-day parables for businesses, showing how even companies that have been hacked can fool themselves into thinking everything is okay. When in reality they are just as vulnerable. And while those parables may be applicable to a larger scale business, I know that I often fall into that trap myself.
This week’s user question was a great one and one I’m ashamed I haven’t asked before: if you give a PDF app access to your cloud drive, would they be able to rifle through everything else stored there? The short, but scary answer is, yes. So it’s a good idea to be very careful about what applications you give permissions to and to do your research before blindly clicking “allow access”. Which means I have some research to do before de-authorizing some third-party applications.
As always, they ended the episode trying to see who could most accurately pronounce a place sent in by Twitter user @toonetown: Tooele. Who was closest? You’ll have to listen to find out!
If you haven’t been listening to the podcast, you don’t know what you’re missing! Check out the current episode here and subscribe in Overcast, Pocket Casts, or iTunes to make sure you don’t miss a single episode.