Expert Reaction On CouchSurfing Investigates Data Breach

CouchSurfing is investigating a security breach affecting 17 million users. The CouchSurfing data is currently being sold for $700 on Telegram channels and hacking forums. As part of our expert comment series, the cybersecurity expert reacted below on this breach.


EXPERTS COMMENTS
Chloé Messdaghi, VP of Strategy,  Point3 Security
July 24, 2020
In this year of social activism, resources like CouchSurfing can be invaluable.
The good news is that they are aware of the situation, were forthcoming, and got help – both from law enforcement and cyber experts. It’s interesting and more concerning that the passwords weren’t shared. In this year of social activism, resources like CouchSurfing can be invaluable. Might it be that the bad actors wanted to get lists of people couch surfing around specific events such as pr ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
July 24, 2020
Users should always be wary of clicking links or opening attachments in any emails, even those appearing to be from your personal contacts.
While the CouchSurfing breach doesn't appear to have included password information (meaning hackers won't be able to use the information to attempt to access users' accounts on other sites and services), the breach does still present a threat to users' online privacy. Bad actors can use the email addresses to flood users' inboxes with spam emails, some of which will most surely include malicious l ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
July 24, 2020
Organisations need to have layered controls.
Organisations need to have layered controls - this means having security controls that make it difficult for attackers to gain access, as well as having detection and response controls that can help identify and respond to any attacks that are successful so that remedial actions can be taken in a quick manner. Along with technical controls, this means having good procedures in place, as well as pr ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
July 24, 2020
Anyone with an account must be vigilant to current phishing emails purporting to be from CouchSurfing or their connected partners.
This price tag seems a little high for data without password details, however, leaked information has a high value in its initial week, before it is mainstream. Once the affected users are made aware of the breach, and the heightened risk of phishing emails, the price will drop as the click-through rate decreases. Anyone with an account must be vigilant to current phishing emails purporting to be ....
[Read More >>]
Saryu Nayyar, CEO,  Gurucul
July 24, 2020
While it's fortunate that user passwords weren't compromised, the millions of active email addresses are still useful for spam and scam lists.
The release of information from the popular CouchSurfing website is of some concern to their millions of users. While it's fortunate that user passwords weren't compromised, the millions of active email addresses are still useful for spam and scam lists. Information on how the attack happened hasn't been released, but it seems likely from the volume of data and what was in it that attackers gain ....
[Read More >>]
Paul Bischoff, Privacy Advocate,  Comparitech
July 24, 2020
The information in the database can be used to make malicious emails more convincing and personalised.
Even though no passwords were reportedly leaked, I would still recommend CouchSurfing users change their account passwords, as well as any other accounts that share the same password. Users should also be on the lookout for targeted phishing emails from scammers posing as CouchSurfing or a related company. The information in the database can be used to make malicious emails more convincing and pe ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article