How Employees’ Private Activities Endanger Their Own Companies
The mixing of private and business activities leads to risks of which employees, but also often their own organization, are not aware. This is becoming increasingly clear, especially when using social media platforms. On the one hand, employees sometimes unknowingly publish information that is harmful to business. A sentence such as “we are currently laying off a lot of people for budget reasons” could fuel the rumor mill at a listed company and have an impact on the company’s valuation. Even more problematic, however, is the fact that many employees publish private details about themselves, which hackers gratefully use as a template for targeted attacks such as phishing. In recent years, however, completely new dimensions have been added to the known risks: A steadily growing number of social media accounts are being hacked. The data then ends up on the darknet and is offered for sale. Data on users is a coveted commodity. It is therefore not surprising that the number of attacks is constantly increasing. But individual users are not the only targets of attacks. Entire social media platforms also come under fire and are often successfully hacked. Millions of data records then end up on the darknet at once. So it’s not a question of whether your own social media account will fall victim to a hacker attack, but when.
Yippie is a Recent Victim of Leaked Credentials on the Dark Web
A recent example was Yippi (https://www.yippiweb.com). Southeast Asia’s first social media and messaging super app that connects people around the world with multiple functions, including social communication, was hacked. The data is distributed on the darknet and later on the surface web. According to the Kaduu research team (https://www.kaduu.io), the database was leaked as early as April 16, 2022, according to initial analysis. A SQL file with a total size of 524 MB reveals user information, such as email and hashed passwords. The problem is that many users use the same or similar passwords for different platforms. Often also for their own company. Thus, the password of a social media account often becomes the gateway for hackers to enter the user’s company. The hackers try to cover up the hack for as long as possible. The longer they can work with the stolen data, the more attacks, and thus added value can be generated. So if the data sets are found so easily on the darknet, it often means that they have already been extensively exploited.
User Awareness and Dark Web Monitoring to Mitigate the Risk
Employees should be sensitized to the problem through continuous awareness activities. However, the company can also use dark web monitoring services – also known as threat intelligence – to be informed about such attacks. If a hacked social media account is discovered, the employee can be notified immediately and have passwords reset as a precaution. Kaduu (https://www.kaduu.io) offers cost-effective insight into the darknet, social media, and deep web with its Cyber Threat Intelligence service.
