New Delhi: A hacker identifying himself as John Wick has claimed to have accessed the network of popular streaming service ZEE5, allegedly stealing over 150GB of user data along with the source code of the website.
According to a report in cybersecurity news portal Quickcyber, the hacker who appeared to be from a Korean hacking group is now planning to dump the data in the public domain for open sale.
The hacker told the publication that the stolen database of Zee5.com contains private details of the subscribers including their recent transactions, passwords, emails, mobile numbers, messages, etc.
ZEE5 was yet to comment on the report.
The breach may have occurred between February end or March.
Ralph Wagner, CEO of software development firm Axinom that provides ZEE5 "software to manage content," told Quickcyber that they "do not manage Zee5 database" and "nor do Axinom system uses the mentioned MySQL database" which is part of the hacking.
"Additionally, we will investigate this case, and will release a statement as soon as our investigations are complete," Wagnerwas quoted as saying.
ZEE5 has over 150 million subscribers worldwide.
Amid the hacking-related breaches leverage, SecureLink, a third-party remote access platform, in its report stated, most firms not aware about their risky password behaviour.
Nearly 80 per cent of hacking-related breaches leverage compromised credentials and neglecting the process of secure access management can create vulnerabilities in the case of vendors and former employees, according to a new report.
In many organizations, these credentials permit access to all corners of the network.
According to SecureLink, enterprises must take note that how network credentials are managed directly reflects overall security.
"Whether it's internal employees or third-party vendors that need access, comprehensive authentication and access control should always be in place," SecureLink said in a statement on Friday.
Passwords, and especially passwords with privileged access, are a target for hackers since they're able to get so information from just one singular password.
"Not only is this an easy way for hackers to get into one account, but if your administrator doesn't use unique passwords across different platforms (both professionally and personally), then there is a whole wealth of information that is available to take," warned the report.
When managing third-party remote access, the only way to ensure a vendor doesn't compromise your network credentials is to never give them out.
"Remote support solutions should hide your network credentials and provide single sign-on (SSO) for vendors. Without this, vendors could share or store privileged credentials insecurely," suggested the report.
The feature also helps to prevent "leapfrogging", or the process of a technician launching additional connections from within the initial target host.
If the technician is never aware of their password, they are prevented from trying to log into other systems with the same account.
One common way for hackers to get to these credentials is to use phishing.
According to a Symantec Internet Security Threat Report, 71 per cent of successful targeted attacks involved a spear-phishing attack.
"With attackers more likely than ever to be able to establish a foothold on your network via phishing methods, defenders will want to strengthen their endpoint defenses to knock down the malware when it tries to infect off a click and also secure higher privilege credentials with technologies," said SecureLink.
Sharing passwords among colleagues, both on purpose and on accident, can inadvertently lead to your credentials getting into the wrong hands.
"The deeper issue of password habits is that far too many users continue to rely on outdated practices that place their security at risk (writing down a password on a sticky note, or using easily guessed passwords). Keep in mind many people do not assume responsibility for having a weak, or crackable password," said the report.
One of the most alarming aspects is that many people aren't even aware of how risky their password behaviours are, or if they are, they accept the risks and simply take the easier, less secure route.
"Create strong passwords. Implement two-factor or multi-factor authentication. If breached, all passwords must be reset. Merely suggesting this as a plan of action lets many consumers to just ignore it," the report noted.
Never have the same password for all accounts/logins.
"So, if one of your passwords is stolen or misused, at least the access given to the bad actor is to one platform instead of all," it added.
(With Agency Inputs)
More Related Stories On Hacking: