IT Security Breach: How Can You Fight Back Against It?

As cybercriminals find new ways to infiltrate an organization’s private data stores, we are seeing an increasing number of breaches being reported in the news. When a breach has the potential to affect organizations, it must be ensured that the facts are communicated to the teams through the release of an emailed Security Brief. If the breach is critical, organizations must opt to send a Security Alert that will come in the form of an email as well as an SMS.

Two recent breaches have been announced by Zynga Inc. and DoorDash.

Zynga Breach: What Happened?

On September 12, 2019, Zynga Inc., an online interactive gaming company, announced they’d recently discovered that certain player account information may have been illegally accessed by outside hackers. Although Zynga has not yet addressed the scope, media reports indicate that the hacker claims to have breached the data of more than 200 million players of Zynga games, including Draw Something and Words with Friends accounts on both Android and iOS platforms.

Players who installed and signed up to play Words with Friends before September 3, 2019 may be affected. It has been reported that Words with Friends player data that has potentially been compromised includes:

  • Name
  • Email addresses
  • Login IDs
  • Hashed and salted passwords
  • Phone numbers, where provided
  • Password reset tokens if one had ever been requested
  • Facebook IDs, if connected to the social media platform
  • Zynga account IDs

Zynga has opened an investigation into the breach and has contacted law enforcement. A press release was sent out that states some of the details as well as the steps the company is taking to protect these users’ accounts from invalid logins.

DoorDash

On September 26, 2019, DoorDash, the food delivery company, confirmed an unauthorized third-party service gained access to user data on May 4, 2019.

Consumers, delivery drivers, and merchants who joined the DoorDash platform on or before April 5, 2018, are affected in this breach. The type of information potentially compromised could include:

Profile information including:

  • Name
  • Email address
  • Delivery address
  • Order history
  • Phone numbers
  • Hashed and salted passwords

For some consumers, the last 4 digits of consumer payment cards (the company stated this information was insufficient to make fraudulent charges). For some delivery drivers and merchants, the last 4 digits of bank account numbers (similarly, the company stated this information was insufficient to make fraudulent withdrawals). Approximately 100,000 delivery drivers also had their driver’s license numbers accessed.

In a statement on the DoorDash website, the company said it has taken appropriate measures to block the unauthorized third-party and further secure consumer’s data. It will notify those who have been affected directly

What should you do if you think you may have been affected?

  • Change your Passwords. You will especially want to change any passwords you have that may be associated with the breached organizations.
  • Set up Credit Monitoring and monitor for changes in your credit file. Added accounts you did not authorize. Collections for accounts you are unaware of. Etc. Credit Karma is a good freeware credit monitoring solution.
  • If you believe you have been affected, you can opt to freeze your credit. You can put a freeze on your credit report and prevent unauthorized individuals from opening an account in your name. Certain credit cards such as Discover will also allow you to lock and unlock an account.
  • Monitor your bank account and credit card activity.
  • Always remain alert. Keep an eye open for scammers that may be trying to contact you.
By |2020-02-11T00:00:32-06:00February 11, 2020|

Author

Ronnie Mize is the Chief Security Officer of Information Technology for Etech Technical Services. Ronnie has been in the technology sector for 20 years and has held technology leadership roles with Microtech America, The Berry Company (a subsidiary of Bellsouth) and Etech. His entrepreneurial background includes extensive experience in technology development and deployment as well as implementation of business processes and defined methodology.

Recent Blog

Why Company Culture Trumps Everything in 2021?

June 16, 2021

The COVID-19 pandemic has been tough. Businesses had to quickly opt for unconventional ways of operation and transform into new models almost overnight.

Read More

How to Keep Your People Motivated Using Servant Leadership?

June 9, 2021

Servant leadership methods are intrinsically motivating and can boost productivity, profitability, morale, and team member retention rates.

Read More

What are the 5 Major Cybersecurity Trends to Watch in 2021

May 31, 2021

With the buzzword digital transformation becoming more popular, during ongoing uncertain times of the pandemic and increasing use of computerized systems having a lack of appropriate cybersecurity infrastructure, there is a steep rise in the cyber-attacks.

Read More
Go to Top