Insider Threats: Trend Micro Employee Sold Consumer Data to Scammers; Feds Allege Saudi Spies Infiltrated Twitter | | While companies do much to protect themselves from external threats, insiders always pose the highest risk to a company's data. Cybersecurity firm Trend Micro has disclosed a security incident this week carried out by an employee who improperly accessed the personal data of thousands of its customers with a "clear criminal intent" and then sold it to a malicious third-party tech support scammers earlier this year. According to the security company, an estimated number of customers affected by the breach is 68,000, which is less than one percent of the company's 12 million customer base. The stolen database contained Trend Micro consumer customers' names, email addresses, Trend Micro support ticket numbers, and in some instances, phone numbers. | A separate data breach incident also caused due to an insider threat, where two former Twitter employees have been charged with accessing information on thousands of Twitter user accounts on behalf of the Saudi Arabian government. According to an indictment filed on November 5 and unsealed just yesterday, one of the charged Twitter employees, American citizen Ahmad Abouammo, left the company in May 2015 and the other, Saudi citizen Ali Alzabarah, left the company in December 2015. | The information Abouammo and Alzabarah illegally accessed about Twitter users include their email addresses, devices used, browser information, user-provided biographical information, birthdates, and other info that can be used to know a user's location, like IP addresses associated with the accounts and phone numbers. Alzabarah, who joined Twitter in August 2013 as a "site reliability engineer," worked with the Saudi officials between May 21 and November 18, 2015, and allegedly accessed the private data on more than 6,000 Twitter accounts. Twitter acknowledged that the company has cooperated in this investigation and that it limits access to sensitive account information "to a limited group of trained and vetted employees." | | |
|