In May 2018, The sales intelligence firm Apollo sent a notice to its customers disclosing a data breach that was taken place over the summer and when that was discovered, they confirmed taken immediate necessary steps so this unauthorized access to their system won’t happen anytime in the future.
Apollo is a data aggregation and analytics service aimed at helping sales teams know who to contact, when, and with what message to make the most deals.
This data breach exposed 200 million contacts and information from over 10 million companies in its huge stored data, according to Apollo.
Night Lion Security founder Vinny Troia, who routinely scans the internet for unprotected, freely accessible databases, discovered that Apollo stored data contains 212 million contact listings as well as nine billion data related to companies and organizations. All of which was readily available online, for anyone to access.
Apollo noted in its letter to customers, that this breach exposed a lot of its information from public sources around the web, including names, email addresses, and companies contacts information, employees, personal data, social media accounts and LinkedIn.
Apollo stressed that the exposed data did not include sensitive information such as passwords, social security numbers or financial data. But if any passwords were leaked, these were very old passwords and probably were not used currently.
For further information please refer to: https://www.wired.com/story/apollo-breach-linkedin-salesforce-data/
This breach has made a lot of people seriously concerned as we are talking here about billions of data points exposed publicly and became an easy target to cyber criminals and scammers.
As a consequences, many internet users whose personal data were exposed, have been receiving threatens and blackmailing emails from scammers and cyber criminals, and the main content of these standards threatens email messages, is that your device and email was hacked by a group of hackers that the sender claim is one of them, and that your device is infected with a RAT software while you were visiting some websites, including porn sites. They also claim that they have videos of you masturbating, and that they have collected from your own device some other information, images and videos…etc that they will use to make a scandal for you, unless you pay them what equals 10,000 USD or less or more in bitcoins, they threatened to send your videos and data collected about you to all your friends and colleagues on email and social media.
Even if you are not a porn sites visitor, and your data have been exposed to scammers from the breach mentioned above, they still send you this blackmailing threatens email messages.
In order to convince you further that your email was hacked, scammers send you email messages that appear to be from your own email. This is not true, because it is not hard for cyber criminals to make such trick, so it will appear to you as an email that was sent to you from you…Don’t take that bait because scammers can do that to trick you. In the majority of cases this email sent from you to you will be received in your spam box, because it is a spam.
If you search in the sent box in your email, you won’t find any sent similar email messages in the sent box.
The scammers don’t send you any proof or any evidence that proves that they hold anything they can blackmail you with, and they write in the threaten email, that if you ask for the proof they will definitely send it to all your friends and colleagues. They don’t hold anything on you, but they count on scaring you and that you swallow their bait.
Cyber criminals also claim that they have your email password, and they might send you a very old password that you were actually using in the past in one of their blackmailing email messages, hoping to scare you and convince you that you must pay, so you really believe that they have hacked your device and email and they collected all data they need about you.
As it was confirmed by Apollo, they did collect very old passwords that were used in the past but not currently.
If you received any similar threatens emails, you can check it out on Have I been pwned website: pwned https://haveibeenpwned.com/ and on any case, don’t pay those cyber criminals any money, as the entire issue is a bluff and if you get panic, you will definitely give them what they want.
Now the question is, what should we do to face that breach and how to deal with it?
- First thing to do is, DO NOT PANIC.
- Don’t pay any money.
- Don’t eat voluntarily the bait that scammers, hackers and cyber criminals are trying to fish you with.
- Immediately recheck all your passwords on all the websites you are using, and change all passwords on all websites to strong different passwords. Do not use any birth dates or similar in passwords. strong passwords must be long, complicated and contain small and capital letters, numbers and symbols that don’t have any meaning. And do not use same password for all your websites login.
- Use a good Anti virus program like ESET internet security or similar and make sure to scan your computer and set all options and settings to enabling, so you have the full Anti virus and malware protection program.
- check your last account activity details on your email… gmail for example (it is located below the email page right corner bottom of the email and beside program policies powered by Google). If you see any strange login, not from your mobile and not your pc or any strange location or device, click on sign out all other gmail web sessions and make sure to change your password immediately with two authentication verification, so you don’t log into your email unless you receive a code from Google or by receiving a message on your mobile to verify that it is you who were trying to login.
- Make this two authentication verification security enabled also on social media accounts.
- If you receive any emails from an unknown sender, do not click on anything in that email, don’t click on any links, don’t even try to reply, no matter what it states in the email subject….just delete it immediately as a spam or click on phishing report if you think that the email sender is trying to trick you to steal your personal infos.
- Check your social media accounts settings, security and login, check where you were logged in. If you find any strange location or a strange device, sign out of all sessions and change your passwords immediately.
- Just as a matter of precautions, disable your webcam manually and do not enable it unless you need to use it, or let the anti virus protection handles and take control of your webcam protection, so you don’t become a victim of cyber criminals.
- Do not use your webcam when you are chatting with someone you don’t really know well. Because this someone might be a scammer, even if it’s a woman, and if you fall in the wrong hands, that person might put you in a situation without you realizing, and blackmail you forever with whatever he/she can record and hold against you.
Put into consideration, that you don’t necessarily have to be careful when using the internet, just because there might or might not be a security alert like this one here, but always make sure that you are doing all necessary in general to protect your privacy and personal data from being hacked, just by following the known safety standards measures.
Eman Nabih is Chief Operating Officer in Devenia. She is a Social Media Expert with special interest and expertise in building traffic through social media’s like Twitter, Facebook and LinkedIn. Her personal website is at EmanNabih.com.
Eman can be reached at the contact us page, by mail or phone.