Infosec Round-Up Oct 8th
Twitch Leak, A.I. Ban & Rogue IT Technician
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Twitch Data Leak
The game streaming platform Twitch has fallen victim to a breach in which a reported 125GB of confidential data has been leaked.
Shared via the imageboard 4chan, the leak contained not only large amounts of financial information relating to its users, but also allegedly the source code from around 6,000 internal Git repositories.
Along with the data, the anonymous user posted referring to Twitch as “a disgusting toxic cesspool” and cited ‘greater competition in the online video streaming space’ as the motivation for the leak.
With Twitch confirming that no login credentials or credit card numbers were contained within the leak, the company noted: “We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party”.
Adding, “Our teams are working with urgency to investigate the incident. As the investigation is ongoing, we are still in the process of understanding the impact in detail”.
School Insider Threat
A former IT technician for a Leicestershire school has admitted to causing serious disruption by breaking into the computer systems of former employers, deleting data and changing passwords.
Adam Georgeson, 29, who had at the beginning of this year been fired from his role at Welland Park Academy, and was subsequently employed at a Rutland IT firm, gained unauthorised access to the IT systems reportedly out of ‘boredom’.
Appearing in Leicester Crown Court this Monday, the insider threat admitted changing passwords and deleting data, resulting in school systems being no longer accessible and remote learning being negatively impacted.
Detective Constable Anthony Jones, has stated: “There was a great deal of resentment towards both his former employers – but that’s no excuse for his actions which caused significant problems for both and could’ve had more damaging consequences.”
Adding, “I hope this case will serve as an example that Leicestershire Police takes all reports of cyber crime seriously and will fully investigate them in order to bring the perpetrators to justice.”
EU A.I. Ban
The European Union Parliament has voted in favour of a resolution which effectively bans the use of artificial intelligence-powered biometric mass surveillance technologies.
In a resolution adopted by 377 in favour, 248 against and 62 abstentions, MEPs cited the risk of algorithmic bias, as well as asking for a permanent ban on the automated recognition of individuals in public spaces, noting that citizens should only be monitored when suspected of a crime.
Petar Vitanov, the lead MEP on the issue, stated on the matter, “Fundamental rights are unconditional. For the first time ever, we are calling for a moratorium on the deployment of facial recognition systems for law enforcement purposes, as the technology has proven to be ineffective and often leads to discriminatory results.”
Adding, “We are clearly opposed to predictive policing based on the use of A.I. as well as any processing of biometric data that leads to mass surveillance. This is a huge win for all European citizens.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.