Wednesday, September 26, 2018

Monitor Your Animoto?

In a disappointing turn of events, Animoto (link to their blog where I don't see anything mentioned about the data breach or email....hmm), the darling video maker of yesteryear, announced a data breach. It's not brand new information, but I had missed the news when it came out in August. An email from them appears further down below. Did you get one? How did it make you feel?
Image Source: Probability and Cost of a Data Breach
 Firefox Monitor
While data breaches continue to pop up, new tools also appear to let you know what's happening. One of them is Firefox Monitor, a new service from Mozilla that not only lets you check to see how you've been compromised, it also will send you a detailed report. Watch this short video.



As soon as you signup, you'll get a report that looks a bit like this (or not if you haven't been compromised but chances are, you have been!):


Here's the email Animoto was kind enough to send my way:

Notice of Data Breach
 
Dear Animoto Community,
 
I'm writing to notify you about an issue that may involve your Animoto account information. We value your privacy and, therefore, we want to provide you with details about the event, what data was involved, and the steps we’re taking to protect your information.
 
What Happened? On July 10, 2018, we received an alert of unusual activity on our system. We immediately stopped all suspicious activity and launched an investigation with the support of outside forensics experts. On August 6, 2018, we confirmed that the activity was unauthorized, and that user data may have been obtained. While we cannot confirm that data was removed from our systems or that your information was affected, we wanted to let you know about this incident out of an abundance of caution.
 
What Information Was Involved? We determined that, as a result of the activity, data was accessed on July 10, 2018. The data may have included first name, last name, username (your email address), hashed and salted passwords, geolocation, gender, and date of birth. While the passwords were hashed and salted (a method used to secure passwords with a key), it’s unclear whether or not the key was accessed. Complete payment card data was stored in a separate system and was not accessed. To date, Animoto has no evidence of any actual or attempted fraudulent misuse of information as a result of this incident.
 
What We Are Doing. We take this event, and the security of your information, very seriously. We are reviewing our policies and procedures to better protect against an event like this happening again in the future. In addition to working with third-party experts to conduct an investigation, we have notified law enforcement authorities and we continue to monitor for suspicious activity. We are examining ways to enhance overall network cyber threat detection at Animoto and continue to make enhancements to our systems to detect and prevent unauthorized access to user information, including rebuilding our infrastructure to make to it more secure.
 
What You Can Do. As an immediate precaution, we suggest you change your Animoto password. If you use the same or a similar password for other online accounts or email, we recommend you change your password or take other appropriate steps to protect those accounts or email addresses as well.
 
For More Information. If you would like additional information or would like to connect with our team, just reply to this email or contact us at help@animoto.com. We're always here to help.
 
Sincerely,
Brad Jefferson, CEO


Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

No comments:

Genuine Leadership #4: Gratitude