Brian Krebs reported that the company mSpy was hacked. mSpy builds a software product that runs in the cloud and allows parents to spy on their kids and adults to spy on their (cheating) significant others. That data is stored in the cloud, and now, hundreds of gigs of their customer’s photos, appointments, corporate emails and other very private documents are up for grabs.
The hackers claim that they have hundreds of gigs of information on 400,000 of mSpy’s customers and credit card information on 145,000 transactions. For sale. On the dark web.
As a side note, mSpy says that, unlike some other spy software, their software works on un-jailbroken iPhones.
While this breach could reveal the personal information of 400,000 customers of mSpy, likely, many of those children, this breach is like a canary in a coal mine. When the miners watched the canaries and then took action, the miners lived.
You might not be an mSpy customer, but do you store any of your data in the cloud? Besides the obvious – Microsoft, Google, Facebook, Apple.
Do your kids store any data in the cloud? Selfies, for example.
Are there pictures from a family member’s phone that, how do I say this delicately, you would prefer not be made public?
What about your company? Any trade secrets, proposals or customer lists in the cloud?
You may want to reconsider how you protect that data. Google or Facebook (and a thousand other sites) may encrypt your data, but they have the key, so if a hacker compromises one of those sites, the fact that it is encrypted is likely totally irrelevant. The only encryption that stands a chance is one where you control the key.
A few sites (notably some of the biggies such as Box and Amazon) allow companies to control the encryption keys AS AN OPTION.
Ponder that. Then call me if you need assistance 🙂