Cyber ​​experts warn: “Information revealed could be used for further attacks”

The publication of the personal details of the million users of the dating site “Atref”, along with the details of patients at the “Moore Institute” and other databases, raises great concern among Israelis this morning (Wednesday). These are files that include very personal and sensitive information – from the results of various tests, to the mention of being HIV-positive and exposing people who are still in the closet.

“The hackers claim to hold the records of about a million Atref users, but even if the actual number of records is smaller, this is one of the most significant breaches to date of personal information,” explained Dr. Ariel Shiftan, founder and chief technology officer at Piiano. “This is a difficult and complex privacy event, all the more so when it comes to members of the proud community, some of whom have not even come out of the closet.”

He added: “Unfortunately, we are only at the beginning of the road when it comes to effectively protecting online users’ information that is currently found in almost every shopping, collection, dating and more site.” According to him, the correct way to protect personal information is by splitting the information stored in a database into personal information that contains personal identifiers such as: name, address and telephone and other information, which is very sensitive, as in the case of Atref, without The connection to the personal identifiers does not pose any risk to the site owners and users.

“The personal information should be stored in a dedicated database, which contains several layers of protection, such as: access by appropriate permissions, skipping access to the data and identifying anomalies automatically,” he stressed.

Atraf website (Photo: screenshot)

Oded Vanunu, head of the Product Weakness Department at Check Point, noted that “the complete leak from the Atref website should light a red light at the national level, and at the level of companies that store personal information on the Internet. He added that “the information will probably be used for very accurate phishing attacks by other groups of hackers in the world.”

Elad Katz, director of information and cyber threats at Labyrinth, explained that “in today’s reality, every company must protect its sensitive information with the most professional tools. The equation is simple: life-threatening sensitive information. Recent attacks prove that hackers have ‘stepped up’, they are aware of the type “The sensitive sites from which they seek to attract the information and the type of information they steal, as well as the ability to reach different infrastructures in the infiltrated organization and attract different types of information that they eventually publish.”

Websites, companies and services that keep details about their users must create a number of mechanisms for protecting our personal data and beautiful one hour earlier – among other things to protect all data in encryption and key retention in the most secure place in the organization, choosing a host (web hosting) “Reliable and reputable, to monitor breaches or weaknesses and other protective measures that can be taken to prevent these intrusions into the organization,” he stressed.

Hacker, illustration (Photo: Ingeimage)Hacker, illustration (Photo: Ingeimage)

Ronen Moas, CEO of the information security company ESET Israel, stated that “at the end of the year we always see a significant increase in the number of attacks, this is true in the world and so it is right here in Israel. Today, a company that falls victim to an attack is by no means the main victim. “He emphasized:” We are beginning to see elements of terrorist activity in front of private individuals. The attacks are no longer against a particular company that was not responsible enough to protect its information, but also and especially for its users whose private information the attackers were able to obtain. ”

“Users can be completely private individuals and even populations that are characterized by a certain sensitivity like the LGBT community that the site they use to get to know, has also been hacked. “Some people in the media have argued that this is a real danger to life-threatening,” he explained. Or is there no choice and should we also start incorporating actions of enforcement and verification that indeed the issues are addressed? Who is the adult responsible for protecting the public? ”

He added: “Should the protection of our information be in the hands of the companies themselves or in the hands of the state? Either way, today security solutions are available in the market and can be easily implemented for maximum protection. Bottom line, when we talk about personal information “HIV, the next step must be taken, real responsibility must be taken for it and someone must be the responsible adult.”

By Editor

Leave a Reply