The Gupta Leaks story is playing out in the media now, featuring as many as 200 000 e-mails leaked e-mails.
A question that’s not being asked is how a leak of this magnitude could have happened.
While it’s likely this particular event was the result of whistle-blower action, organisations of all sizes have been reminded that e-mail communications are not always secure, and can be subject to leaks.
In 2016, the US Democratic National Committee experienced a similar event, when a collection of emails was leaked to and subsequently published by WikiLeaks.
At that time, security experts from Avast outlined how a leak like this could have happened.
Avast’s Manager of Mobile Threat Intelligence, Filip Chytry, outlined seven potential methods that the team of hackers could have used to carry out these significant breaches:
* Duplicate passwords: If people use the same password on multiple accounts, hackers could access email accounts after previously uncovering the passwords elsewhere.
* Spearphishing: Hackers could craft a tailor-made phishing campaign, having monitored users’ online behaviour and identifying potential vulnerabilities.
* System vulnerabilities: It’s a given that different types of operating systems contain a variety of various vulnerabilities.
* Unsecure mobile apps: It’s possible that sensitive data was leaked on to an unsecured server. This can happen when installing a large number of permission-hungry apps that collect (and potentially distribute) personal information.
* Compromised email server: There is a chance that the server could have been compromised to access email content.
* WiFi spying: If it’s used in close proximity to a hacker, the WiFi connection could be intercepted a payload targeted into users’ devices to gain access.
* DDoS password attack: This attack method would consist of repeatedly guessing the password to the email server.