Did Maropost actually suffer from a data breach?
Maropost, a customer engagement platform, is reported to have suffered from a data breach during a testing stimulation of a new centralized logging system.
The data breach is said to have occurred while Maropost was testing ElasticStack as a new centralized logging system in June 2019. But...
Did Maropost actually suffer from a real security breach? Well no, not really.
According to a MediaPost report, during that time, Maropost had set up a Proof of Concept Virtual Machine and filled it with small local log files for testing. Once the simulation was complete, the virtual machine was shut down and the 'global rule' that had left the virtual machine open to the public was permanently deleted from Maropost's system.
In reality, the Maropost case was nothing but a small discrepancy caused by a simulated log file that didn't reveal any actual personally-identifying information on anyone.
Furthermore, the leak occurred from a virtual testing machine that was separate from Maropost's actual system. There was no real breach or security hole that needed to be patched.
Ross Andrew Paquette, CEO of Maropost, had this to say on the subject... "We take the security of all our clients' data seriously. We understand that consumer privacy is critical in today's environment and have always strived towards meeting and exceeding the expectations of the community at large."
He goes on to add, "We recognize the trust that our clients and indirectly their clients place with us and work hard every day to earn it."
Now, are real data breaches common? Unfortunately, yes.
But the Maropost "data breach" doesn't even begin to scratch the surface of the biggest data breaches of 2020...
In contrast, the Marriott's phishing breach, which occurred during the same time period, Tuesday, March 31st, to be exact, is actually considered to be one of the largest real data breaches of this year.
Learn more about the highest level of data breaches that occurred in the year so far...
Marriott: 5.2 Million Guests Exposed in March 2020
Marriott's second breach in the past three years puts 5.2 million of its guests at serious risk of identity theft and other cybernetic attacks by exposing contact information and other personally-identifying information like birthdays, gender, employer, and so on.
The detection and reporting of the data breach took Marriott an entire month, giving the hackers over six weeks to accumulate data of millions of guests.
This data breach is second only to their first data breach, which occurred on September 8, 2018, and affected over 327 million people and exposed passport numbers, email accounts, and even credit card information.
Zoom: 2,300 Uncovered Zoom Credentials in early 2020
The Zoom Video Communications app was forced to disable some of its user-related features for the next couple of months while the company fixed serious security flaws that resulted in over 2,300 compromised Zoom credentials being shared in an underground forum online.
The information breach included both usernames and passwords for Zoom corporate accounts that belonged to banks, healthcare providers, educational facilities, and more.
The researches who discovered the stolen database found that the credentials were being openly shared in the underground forum rather than sold. Which left the owners of the stolen Zoom credentials open to even more risk for a variety of cybernetic attacks.
Now, even the FBI is involved in tracking down the perpetrators of these 'Zoom Bombing Attacks' so that the leak is shut down once and for all.
ElasticSearch: 5 Billion Records Exposed, March 2020
ElasticSearch, a UK-based security firm, is now in the running for having suffered one of the biggest data breaches in recent history after having left a database unprotected that exposed more than 5 billion records of security-incident related reports from over the past 7 years.
This data breach was identified by researcher Bob Diachenko and was said to have exposed passwords, email addresses, and other forms of serious personally-identifying information.
Amazon S3 Database Leaks 425GB of Financial Records
A US loans company left 425GB of highly sensitive legal and financial documents, including social security information, driver's licenses, bank statements, and so on, unsecured in an Amazon S3 database earlier this year.
The leak was said to be linked to an app called MCA Wizard, developed by Advantage Capital Funding and Argus Capital Funding, which the researchers believe may be the owner of the database as well. Either way, the leak left many at serious risk of phishing attacks, identity theft, and financial fraud.
The owners of the database were unavailable and had nothing to say about the subject. Which forced the researchers that discovered the leak to reach out directly to Amazon Web Services to close the leak down for good on the 9th of January.