Security Newsletter
11 November 2019
Insider Threats: Trend Micro Employee Sold Consumer Data to Scammers; Feds Allege Saudi Spies Infiltrated Twitter
While companies do much to protect themselves from external threats, insiders always pose the highest risk to a company's data. Cybersecurity firm Trend Micro has disclosed a security incident this week carried out by an employee who improperly accessed the personal data of thousands of its customers with a "clear criminal intent" and then sold it to a malicious third-party tech support scammers earlier this year. According to the security company, an estimated number of customers affected by the breach is 68,000, which is less than one percent of the company's 12 million customer base. The stolen database contained Trend Micro consumer customers' names, email addresses, Trend Micro support ticket numbers, and in some instances, phone numbers.
A separate data breach incident also caused due to an insider threat, where two former Twitter employees have been charged with accessing information on thousands of Twitter user accounts on behalf of the Saudi Arabian government. According to an indictment filed on November 5 and unsealed just yesterday, one of the charged Twitter employees, American citizen Ahmad Abouammo, left the company in May 2015 and the other, Saudi citizen Ali Alzabarah, left the company in December 2015.
The information Abouammo and Alzabarah illegally accessed about Twitter users include their email addresses, devices used, browser information, user-provided biographical information, birthdates, and other info that can be used to know a user's location, like IP addresses associated with the accounts and phone numbers. Alzabarah, who joined Twitter in August 2013 as a "site reliability engineer," worked with the Saudi officials between May 21 and November 18, 2015, and allegedly accessed the private data on more than 6,000 Twitter accounts. Twitter acknowledged that the company has cooperated in this investigation and that it limits access to sensitive account information "to a limited group of trained and vetted employees."
Rogue TrendMicro Employee Sold Customer Data to Tech Support Scammers
Two Former Twitter Employees Caught Spying On Users For Saudi Arabia
 
More #News
 
#Patch Time!
 
#Tech and #Tools
Kingred Group is growing, so does the Group Security team! We're looking for new talented professionals to come join us. You can find all our open vacancies on our career page.
This content was created by Kindred Group Security. Please share if you enjoyed!
Kindred Group in brief
Kindred is one of the largest online gambling companies in the world with a diverse team of 1,600 people serving over 26 million customers across Europe, Australia and the US. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and is an innovation driven company that builds on trust.
You can access the previous newsletters at https://news.infosecgur.us
If you no longer wish to receive this newsletter, you can unsubscribe from this list.