Timehop Security Incident
In Summary : Once we recognized that there had been a data security incident, Timehop's CEO and COO contacted the Board of Directors ...
https://updatesinfosec.blogspot.com/2018/07/timehop-security-incident.html
In Summary :
Once we recognized that there had been a data security incident, Timehop's CEO and COO contacted the Board of Directors and company technical advisors; informed federal law enforcement officials; and retained the services of a cyber security incident response company, a cyber security threat intelligence company; and a crisis communications company.
The beginning of the formal incident response, which began July 5th, was to examine the voluminous logs of all activities. This takes some time, and is iterative, even with data visualization tools. This preliminary understanding of the timeline and activities of the attackers brought home that we needed to immediately conduct a user audit and permissions inventory; change all passwords and keys; add multifactor authentication to all accounts that did not already have them for all cloud-based services (not just in our Cloud Computing Provider); revoke inappropriate permissions; increase alarming and monitoring; and perform various other technical tasks related to authentication and access management and the introduction of more pervasive encryption throughout our environment. We immediately began actions to deauthorize compromised access tokens, and as we describe below, working with our partners to determine whether any of the keys had been used. [...]
kindly refer the following link as follow up :
https://ift.tt/2uiJOyY
Once we recognized that there had been a data security incident, Timehop's CEO and COO contacted the Board of Directors and company technical advisors; informed federal law enforcement officials; and retained the services of a cyber security incident response company, a cyber security threat intelligence company; and a crisis communications company.
The beginning of the formal incident response, which began July 5th, was to examine the voluminous logs of all activities. This takes some time, and is iterative, even with data visualization tools. This preliminary understanding of the timeline and activities of the attackers brought home that we needed to immediately conduct a user audit and permissions inventory; change all passwords and keys; add multifactor authentication to all accounts that did not already have them for all cloud-based services (not just in our Cloud Computing Provider); revoke inappropriate permissions; increase alarming and monitoring; and perform various other technical tasks related to authentication and access management and the introduction of more pervasive encryption throughout our environment. We immediately began actions to deauthorize compromised access tokens, and as we describe below, working with our partners to determine whether any of the keys had been used. [...]
kindly refer the following link as follow up :
https://ift.tt/2uiJOyY
