Hitsniffer haults trading because of a malicious-insider data leak

07 Sep
Industry, News

We’ve said it before, and we will say it again. Your organizations largest threat is your employees! Not only does user error jeopardize an organization, but also disgruntled former employees, who still have access to sensitive information!

We see this play out at Hitsniffer, a website analytics company, that has gone offline after an internal data breach which it claims was carried out by a former member of staff who helped set the company up.

A malicious insider, should all employees be considered guilty by default?

A malicious insider, should all employees be considered guilty by default?

According to the company, the member of staff stole a database of all of its clients and is now emailing them under a new company name. Hitsniffer has warned customers not to interact with the new company.

Hitsniffer has canceled all recurring PayPal payments from customers and is no longer functioning or responding to emails.

Matt Middleton-Leal, regional director for UK&I at CyberArk, told SCMagazineUK.com: “While disputed by the alleged ‘rogue insider’, if true, the revelations from Hitsniffer are a reminder – if it were needed – of the insider threat faced by all organizations. It is wise for enterprises to ensure that they are actively monitoring and controlling their networks in real-time, in order to spot any malicious activity immediately and intervene before damage can be done. The threat of losing operational control and exposing customers to fraudulent activity should provide a stark wake-up call to any complacent organizations.”

Hitsniffer has taken to its website to release the following statement:

“Hitsniffer was compromised by a programmer who had worked for the company since its inception. This programmer has stolen all databases. The customer database is now in his hands. You will probably have received an email from a company called Hitsteps, this company has no relationship with Hitsniffer, Hitsteps is now using our customer database to contact our customers.”

The company continued: “We have made allegations of theft and fraud regarding this matter and it is now being investigated by the police. We have canceled all recurring Paypal payments to our company as we certainly do not wish to receive any payments from our clients when we cannot provide service. We cannot apologize enough for your loss of service. Please be aware that a company called Hitsteps have been emailing our customers using our customer database without our permission.”

Unfortunately, data leaks of this type are very difficult to stop if they are carried out by programmers with broad access rights.  A malicious insider, should all employees be considered guilty by default?

Tools to manage privileged access remain expensive, meaning smaller organizations are unlikely to deploy them. This is a problem which a larger company could solve with processes and products. At Secure Sense, we sell best-of-breed technologies that can help combat these types of breaches and leaks. Reach out to us today to get additional information!

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

You can find Secure Sense on Facebook,  LinkedIn and Twitter. Follow us for current company and industry news.

Orginial Post.