Connect with us

Hi, what are you looking for?

Entertainment

Artwork Archives leaves sensitive data exposed without authentication

A leading website for music artists has been hit by a cyberattack. Who has been affected?

Image: © AFP
Image: © AFP

WizCase’s team of ethical hackers identified a major breach in online art retail platform Artwork Archive. The data impacted was said to contain users’ names, surnames, email addresses, physical addresses, and other sensitive information. Thousands of artists, collectors and their customers were left vulnerable.

In response to Artwork Archive’s exposed cloud storage server, security expert Robert Prigge, CEO of Jumio tells Digital Journal why companies need to strengthen their online identity verification and user authentication packages.

At the heart of the issue, according to Prigge, is the setting up and operation of cloud computing. Here Prigge states: “Artwork Archive’s unsecure cloud storage bucket that exposed over 200,000 files containing users’ full names, phone numbers, email addresses and physical addresses confirms that organizations need stronger authentication to secure sensitive data.”

Weak authentication systems make it easier for criminals to take advantage of these unsecured doorways in and gather data. As Prigge notes: “Fraudsters can easily cross-reference the exposed data with other available information on the dark web to access countless user accounts that were set up with this information, including social media profiles, health insurance portals and banking applications”

Prigge adds that: “While exposing sensitive data due to a lack of password protection is a serious lapse in security, passwords in general can no longer be trusted to keep data safe in today’s evolving threat landscape, as anyone with the account password can log in and pose as the user.”

With the password increasingly recognized as a weak security measure, Prigge outlines his recommendations. He notes: “Instead, organizations can implement a more secure alternative like biometric authentication (leveraging a person’s unique human traits to verify identity), which allows organizations to confirm the authorized user is the one logging in and ensures their sensitive data is safe from fraudsters.”

There is guidance out their as well. Prigge points to: “Security certification such as ISO/IEC 27001:2013 [sic] can help companies successfully operate a systematic approach to securing customer and corporate information.”

ISO/IEC 27001:2017 is an international standard, titled “Information technology. Security techniques. Information security management systems. Requirements.” The standard provides specific recommendations to help an organization to establish a secure system, monitor its performance and implement improvements when necessary. The standard also enables external assessment and certification of an organization’s information security.

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

For nearly 90 years, anyone in France needing to know what time it is down-to-the-second could ring up the Paris Observatory.

World

Russia's invasion of Ukraine has exacerbated concerns about oil supplies, sending prices to record highs this year.

Business

Salmonella bacteria have been discovered in the world's biggest chocolate plant, run by Swiss giant Barry Callebaut in the Belgian town of Wieze.

World

The Czech Republic will take over the rotating six-month presidency of the European Union on Friday with all eyes on Ukraine.