Monthly Cloud Security Roundup: Exposed Facebook Passwords, the Top Cybersecurity Threat to the U.S., and More

Each month, we’ll bring you some of the most compelling cloud and Salesforce security-related stories from the last four weeks. In this post, we discuss Facebook’s exposed passwords, the new contender for the role of top cybersecurity threat to the U.S., and more.

Facebook employees had access to millions of unencrypted passwords

Stored in plain, readable text in company data storage, hundreds of millions of Facebook and Instagram user passwords were openly accessible by Facebook employees for up to seven years. The company currently has more than 20,000 employees worldwide, and while Facebook has stated that they haven’t found any evidence of abuse, they will begin alerting users about the matter.

“There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” said Pedro Canahuati, Facebook’s VP of Security and Privacy Engineering.

This password exposure comes shortly after other Facebook-related security scandals, including a network attack that exposed the personal information of millions of users and a political consulting firm that obtained improper access to millions of people’s data.

More than 800,000 blood donors in Singapore were affected by a data breach

Nearly 1 million blood donors in Singapore had personal information exposed in a recent data leak. The breach, caused by a contractor performing maintenance on the database containing personal information from donor registrations, left data exposed on the internet for nine weeks. The exposed donor information includes names, genders, blood types, heights, weights, number of donations, and dates of the last three donations, though Singapore’s Health Sciences Authority (HSA) has reported that no other sensitive medical information was included. The organization has promised to step up its third-party vendor monitoring to ensure that no further lapses occur.

U.S. government eyeing China – not Russia – as the top cybersecurity threat

At the 2019 RSA Conference in San Francisco, officials named China as the prime culprit for keeping U.S. government agencies on their toes. The digital security threat coming from China was described as “more complex and damaging than any posed by other digital adversaries.” Though former White House Cybersecurity Coordinator Rob Joyce did comment that Russia is still a major player in the threat landscape, it’s China that’s playing the long game, slowly and steadily conducting cybersecurity attacks on the U.S. Over the next 18 months, the Cybersecurity and Infrastructure Security Agency will be focused on combatting these attacks.

26 million user records were placed for sale on the dark web

A Pakistan-based hacker stole and posted almost 26.42 million online records from six companies for sale on the dark web. This is not the hacker’s first batch of stolen data – they previously nabbed millions of records and stole hundreds of millions of accounts. Affected companies include shopping sites, online learning platforms, bookstores, online appointment scheduling applications, and more. Most of the organizations this hacker infiltrated in the past have acknowledged the breaches, meaning it’s likely that this latest data dump is also legit.

8 advantages of Salesforce as a CRM

Is your organization among the 90 percent of companies with 11 or more employees that use a CRM? Adding to Salesforce’s market-leading innovations in CRM software, Business Matters magazine listed the top eight advantages of using Salesforce as a CRM, including customer success, an open ecosystem, and more.

12 tips for making a case for cybersecurity to the board

To avoid missing the mark during your board presentation and to clearly communicate the cybersecurity risks that your organization faces, keep these 12 tips in mind. Transparency and honesty are two key factors in establishing the situation and capturing the board’s trust, but you also need to present your case in a way that is powerful, but not fear-mongering. Find out how to establish the perfect balance and make an impactful impression with CSO Online’s top tips.

CrowdStrike, FireEye, and IBM Security released their annual threat reports

Industry leaders recently published annual threat reports that highlight the recent trends in cybersecurity attacks, along with recommendations for strengthening your own organization’s security posture through preventive measures. Hackers are adapting and becoming craftier with every breach, so these reports touch on new tactics, techniques, and methods that attackers use to break through an organization’s defenses. Stay up-to-date and find out the recommended actions for reducing your technological attack surface.