The presentation covers the top three major breaches reported via IHaveBeenPwned in the APAC region in 2021, offering a summary of the publicly known information, how the attacks occurred, and providing tips on how to prevent these types of attacks.
- IHaveBeenPwned is a platform created and maintained by Troy Hunt that allows users to check if their email address or password has been compromised
- The presentation covers three major breaches in the APAC region: Raychat, Oxfam Australia, and Domino's India
- For Raychat, basic security guidelines and vendor recommendations should be followed, and free resources like OWASP should be utilized
- For Oxfam Australia, a good security program with good detection systems is essential, and people should be trained and controls should be implemented
- For Domino's India, security involves all parts of the business, including third-party programs, and it's important to help those businesses protect themselves
- An anecdote about the Raychat breach is provided, highlighting the importance of honesty and helping customers secure their data
- References are provided for those interested in learning more
The Raychat breach is discussed in detail, with the founder and architect of the company commenting on the compromise of the legal card inside. He states that most of the compromised accounts have fake data and IPs from anonymous VPNs or proxies that are not likely to bring much actionable evidence to law enforcement agencies for investigation. He also notes that even Western law enforcement agencies are currently unequipped to investigate and prosecute cyber crimes on a large scale. This highlights the importance of taking preventative measures and being honest about breaches when they occur.