Will Unsafe Cloud Storage Rain On Your Parade?
Another data breach was recently reported involving Ticketmaster, Santander Bank as well as an impressive list of nationally known brands. Are we numb to this? Should we accept the loss of privacy and cost to companies as just the way things are?No. There’s a way to end this pandemic of data breaches.
What happened this time?
This data breach has potentially affected 560 million Ticketmaster accounts and a confirmed breach at Santander Bank may have originated from attacks on the cloud storage accounts of Snowflake. (a claim they have subsequently denied) The details of these reports have a way of shifting over time.
These breeches were reported to be the result of the stolen credentials of a Snowflake employee. A single point of failure. However, the hacker bypassed security measures and accessed substantial amounts of data. The hacking group ShinyHunters is believed to be responsible and attempted to sell the stolen data.
What data was accessed? As with many of these data breach stories, the details and extent of compromised data are only revealed over time. So far we know that the Ticketmaster Data included full names, emails, addresses, phone numbers, hashed credit card numbers This information dates back to the mid-2000s
The Santander Bank Data included data from customers in Chile, Spain, and Uruguay. Additional Potentially Affected Companies: (reported to number in the hundreds)
- AT&T
- HP
- Instacart
- DoorDash
- NBCUniversal
- Mastercard
An investigation of this data breach reported the breach involved bypassing the Okta authentication service and generating session tokens. And they observed increased threat activity from mid-April 2024. Hudson Rock and malware tracker vx-underground validated the legitimacy of the leaked data.
IronWeave Offers Better Data Protection
In IronWeave's private shared block data model, each unit of data is stored in a separate block that functions like an individual bank vault. This means that even if a hacker were to gain access to one block, they would not be able to access the data in other blocks. In a typical data hack that accesses an entire database, the hacker would be able to see all of the data in the database.
What makes IronWeave's private shared block data model more secure?
- Independently encrypted blocks: Each block of data is encrypted with its own unique key, so even if a hacker were to decrypt one block, they would not be able to decrypt the others.
- Granular access control: Users can control who has access to each block of data. This means that only authorized users can see the data in a particular block.
- No central store of data: There is no central location where all of the data is stored. This makes it more difficult for hackers to find and attack a single point of failure.
- Data is not on a scannable blockchain: No one can see transactions as you can on the Ethereum and Bitcoin chains.
In contrast, a typical database stores all of the data in a single location. This makes it easier for hackers to gain access to all of the data if they can breach the database's security.
What now?
IronWeave will be partnering with enterprise players to validate that the IronWeave data primitive is secure, private, and scalable for the needs of traditional, regulated industries. Whether in finance, healthcare, or essential infrastructure, we believe IronWeave can move us into the future of data security.