shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: StoreHub

      Jun 16, 2022 11:44:26 AM

      The Target: StoreHub, a Malaysian point-of-sale software vendor.

       The Take: Exposure of 1 million customers accounts with 1.7 billion records of Personally Identifiable Information including: full names, phone numbers, physical addresses, email address, device types, order information, partially masked credit card numbers, and access tokens. 

      The Vector: A completely unsecured AWS Elasticsearch database server with no authentication, or data encryption, was left open and accessible to anyone with an internet connection.

      This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. The personal information, along with the event logs and sensitive company information, can lead to highly effective phishing attacks. Furthermore, the use of encryption on user data can help secure sensitive information in the event of a breach and its use is widely considered a key pillar of a robust cybersecurity posture.

      Read more...

      Topics:Know Your Breach

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates