How safe is your establishment’s sensitive information? When a massive digital leak exposes data, it highlights the risks of operating in an increasingly digital space. Learn about Passion.io’s recent cybersecurity incident and the lessons you can take from it.
A Wake-Up Call for Passion.io Users
Is it your first time hearing about Passion.io? It’s a platform for producing and launching native mobile apps for people with limited to zero coding experience. Unfortunately, its creators seem to have neglected to put privacy measures in place.
The Texas/Delaware-based company stored 3,637,107 records of its two million paying users in an online database. Having an expansive digital archive is textbook for many companies, except for the fact that absolutely anyone can access it.
Cybersecurity researcher Jeremiah Fowler discovered internal files, images, and spreadsheet documents, all unencrypted, non-password protected, and fully exposed. He reported his findings to vpnMentor and warned Passion.io about their security lapse.
How Can You Protect Your Company From a Data Breach?
When a leak exposes data, it can bring a business’s operations to a grinding halt and ruin its reputation. Why should customers or stakeholders trust you after that? Take a proactive stance and follow these steps to secure your digital systems:
Tighten Login Access
Urge your staff to use complex codes with a random mix of characters and always avoid predictable choices like “123456” or birthdates. Reputable password managers like LastPass or Bitwarden can help create, store, access, and update credentials.
Enable multi-factor authentication whenever possible, too. When a criminal manages to get hold of password details, they would need to bypass other forms of verification, such as:
- Passing fingerprint checks, facial recognition, and other forms of biometric authentication
- Inputting unique codes sent to specific accounts
- Approving a push notification from a trusted device
Build a Cybersecurity-Savvy Team
All it takes is one small information leak to compromise an entire network. Train your staff on industry-recommended practices, including:
- Recognizing phishing emails and suspicious links
- Identifying and reporting unusual activity or potential threats
- Using secure networks, especially when accessing confidential data remotely
- Making requests before changing critical settings
Cybersecurity training sessions and instructional booklets should become a mainstay in every company because digital threats are always evolving.
Keep Your Software Up to Date
Updating operating systems is essential for safeguarding against vulnerabilities. When you stick to obsolete versions, you expose your system to hacking and data breaches.
Regular patches also bring performance improvements and bug fixes, making your daily activities run more smoothly.
Back-Up Sensitive Data
When you have confidential data exposed and stolen by threat actors, they can sometimes hold it hostage with ransomware. Backing up files regularly allows companies to continue operations without paying expensive ransom fees.
We recommend creating one copy in a separate physical archive and another in a cloud-based platform.
Limiting Unauthorized Access and Safeguarding Your Data
When a leak exposes data, it can lead to reputational damage and financial loss. Passion.io’s recent mistake should serve as a valuable lesson. Take the time to review your access controls, and always monitor for unusual activity.
