Executives at Fortune 500 companies and other prominent businesses are leaving a trail of breadcrumbs across the Web that could lead hackers to all sorts of sensitive information, according to a report in ITworld.
As the article explains, Chief Technology Officer Cesar Cerrudo of IOActive Labs, conducted a study to determine how vulnerable top level professionals are leaving themselves to cyber threats. The results were eye-opening to say the least.
By using simple automated login attempts and password recovery features on 30 popular websites in the business world – including The Wall Street Journal, The New York Times and Bloomberg – Cerrudo gathered private data with relative ease. He managed to find 840 email addresses for C-level executives that were linked to 930 online accounts spread across the internet.
Linking online accounts makes it possible for a breach of just one to affect a string of others. Cerrudo's research showed that several CEOs use their business email addresses to log in to Facebook, Twitter, LinkedIn, Netflix and other popular online destinations.
"Clever (and even not-so-clever) attackers could use knowledge of the link between the executives’ email accounts and the online service to assemble a profile of an executive, then craft a convincing phishing attack containing a malicious attachment," writes Paul F. Roberts, author of the article. "Attackers could also use the websites' password recovery features and knowledge gleaned from publicly accessible sources to gain access to – and control of the executives' accounts."
The damage done by such an attack on small and midsize businesses (SMBs), who have fewer resources to deal with the potential fallout, could be catastrophic. IT support firms can help by advising employees on security best practices so individuals do not leave digital trails that can be used to the detriment of the company.