It’s not just bad luck when companies are hit by cybercrime. These are pre-meditated attacks by malicious yet clever criminals. Since October is cybersecurity awareness month, let’s look at four “unlucky” companies that were attacked.
Driving Away with Grand Theft Auto
A mid-September hack of Rockstar Games, known for Grand Theft Auto, caused chaos when a hacker known as “Teapotuberhacker” used social engineering and password theft to steel 90 gameplay videos of works-in-progress and source code for GTA 5 & 6. The hacker widely shared the videos and code online. Not only did this hack generate bad press for one of the biggest names in video games, but it may have impeded the production of the latest game.
Uber Gets Taken for a Ride
Teapotuberhacker also hacked another auto-related company. Again, they used social engineering and password theft to obtain full access to Uber systems, including email, internal communications, cloud storage, code repositories, and more. The hacker posed as an IT employee to steal password info that allowed them into the Uber Slack channel and the overall system, wreaking havoc internally.
Update: Officials in London arrested Teapotuberhacker, a 17-year-old associate of a cybercrime gang
U-Haul Appalled
U-Haul, the moving and storage rental company, revealed that they, too, suffered a cyberattack. The data breach allowed unauthorized access and exposure of personally identifiable information (PII) of more than 2 million clients. The hacker used password theft to access rental contracts, including the customer names, driver’s licenses, and state identification numbers.
Slow Down Fast Company
The widely read business publication; Fast Company was victimized by a hacker named “Thrax.” Thrax openly bragged about how ridiculously easy it was to crack Fast Company’s default password. He created turmoil by posting and sending obscene and racist messages on the company’s website and to subscribers. The hacker claimed to have gained administrative access to many Fast Company assets, including authorization tokens, Apple News API keys, AWS email information, personally identifiable employee information, and more. The Fast Company website was offline for several days.
Take Away the Car Keys
Even though we’re having fun with the theme, cyber security is serious. The common trait shared across these four recent breaches is the ease with which the criminals could crack into what should have been highly protected areas of high-profile businesses.
We cannot overemphasize password strength as a safeguard against cybercrime. This comparison rings true: “You wouldn’t invest in a state-of-the-art home security system and then leave your front door unlocked.” That logic needs to carry through to your online activities as well.
The big lesson is to strengthen your passwords and be aware that cybercrime is a career and a sport for some bad actors. Don’t let your organization be the next to fall victim to a criminal with a taste for cruelty. Investing in security operations and systems that head off intruders before they can sow chaos is the surest way to keep your business out of unwanted trouble.