ChatGPT data breach & Ferrari refuses to pay ransom demands
Luigi Tiano
Data Protection & Data Privacy | Podcast Host of 10 Questions to Cyber Resilience | Speaker | Co-Founder of Assurance IT ??
In this week's Cyber Weekly:
Thanks to all 13,996 subscribers. It really takes a community to fight against cyberattacks. By sharing and commenting on these newsletters, we can reach more people and help others from becoming a statistic. Share your comments below or simply like the post. Also, follow me on LinkedIn for daily cyber security discussions >>?Luigi Tiano .
1.ChatGPT suffers breach
?
On March 20, ChatGPT experienced an outage and exposed data of 1.2% of ChatGPT Plus subscribers who were active during a 9-hour window.
?
"In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time," OpenAI officials wrote.
?
Parent company of ChatGPT, OpenAI, took ChatGPT offline when they found a bug in an open-source library. As they were patching the bug, they realized the same bug could have caused a breach of more personal data. OpenAI contacted those affected. (cmswire )
?
My thoughts: People are so ready to rain down the ChatGPT “parade”. In reality ChatGPT deserves some recognition for noticing and acting as soon as they did. They identified a flaw in their system before a third-party could take advantage.
?
2.Ferrari gets hacked and refuses to pay ransom
?
Supercar manufacturer Ferrari warned their customers that personal data may be at risk after an unauthorized threat actor compromised their systems. The car manufacturers were contacted by the cybercriminals for a ransom demand.
?
One of their spokespersons came out to say “As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks. Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”
?
领英推荐
The hack did not impact their daily operations nor did it affect their involvement in Formula One. Ferrari is working is security experts to help their clients – some of the wealthiest people in the world. At this time, it doesn’t seem like financial information or information about cars were stolen. (computerweekly )
?
My thoughts: Imagine being wealthy and thinking that you are dealing with a world class organization. What could go wrong? You pay for everything to go smoothly, right? But you just bought a Ferrari. You just find out that your credit card and other personal information might have been compromised. How do you react? On another note, notice how they excluded how they got hacked. I would bet it wasn’t “sophisticated.”
?
3.A win for the FBI
?
The FBI announced they accessed the cybercrime forum database called “BreachForums.” They also arrested the owner – a 20-year-old, Conor Brian Fitzpatrick. He was known online as Pompompurin. From Peekskill, New York, Fitzpatrick appeared in court in the Eastern District of Virginia.
?
As he was getting arrested, he waived his constitutional rights and admitted that he was behind the BreachForums and was making about $1000 a day that he would reinvest in the forum.?(bleepingcomputer )
?
My thought: Definitely a win for the good guys. I hope this scares other hackers.
?
?
4. Third-Party Breach….AGAIN
?
Crown Resorts were allegedly the latest victim of a data breach. Hackers contacted them claiming they accessed a large number of files illegally. The company is currently investigating if this is true. They are the latest victim of GoAnywhere file transfer service. Last week, Hitachi Energy?admitted to being affected as well. Now, other companies like Procter & Gamble confirmed that they were also affected by the incident. (news.com.au )
?
My thoughts: This is a reminder that you are only as strong as your weakest business partner. Do your due diligence before choosing a vendor. Include IT.
5. In case you didn't know...
I started?Assurance IT ?with my childhood friend?Ernesto Pellegrino ?in 2011. Our mission is to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include:?endpoint management ,?cloud backup ,?DRaaS , and?Microsoft 365 backup .