Not everyone is aware of this, but today information is the most valuable value. There are even criminal groups that specialize in trading of user data. Of course, it is not about the browser’s history, but also about credit card data, website passwords, or just the personal data. Unfortunately, it is sometimes the case that a trusted seller is involved in the precedent.

Well, not everyone is honest, and some want to make their own side even in the wrong way. Fortunately, this group did operate only in China. The Zhejiang province police detained as many as 22 people suspected of stealing user data from the Apple database. Quietly, no one broke the security of any iPhone or Apple server. According to information that can be found on the web, data has been stolen by employees of a local Apple distributor. Unfortunately, they had access to information such as phone numbers or Apple IDs, which they then sold on the black market.

The price for single user data ranged from $1.5 to $26.

The precedent lasted for some time, as dishonest employees managed to raise as much as $7.3 million. Unfortunately, it is unknown how many Apple customers have fallen victim to criminals and how many of them are outside of China. This case perfectly illustrates the principle of the weakest link. Today IT systems are quite well protected> Therefore, their weakest point is people. Kevin Mitnick, the famous social engineer, described this principle in the book The Art of Deception.

What can Apple do to protect itself from similar problems in the future? Apparently, Apple will have to rethink its security policy and put restrictions on distributors. It is not entirely clear whether employees in a local Chinese distributor should have the authority to check Apple customer data. Taking this type of privilege may also negatively affect the final customer service, as only selected employees will have access to confidential data. But security never went hand in hand with convenience. Unfortunately, the well-thought-out security policy will not cope with a bribed employee who simply steals data that he or she has access to. Any Apple initiative can at the very least minimize the risk of such an event.

Source: Engadget

Share This:

Comments

comments