Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
Just one pixel can cost your business millions
Message
<blockquote data-quote="Plotu" data-source="post: 467" data-attributes="member: 5"><p>The story of a clinic that forgot that there was a little spy lurking in its website.</p><p></p><p>One of the largest European clinics narrowly avoided a multimillion-dollar fine due to one small pixel and inattention of IT specialists.</p><p></p><p>A few years ago, a large international network of medical clinics ran an advertising campaign and installed a special tracking pixel on the site to track its effectiveness. This is a fairly common practice among marketers and advertisers. The pixel captures the activity of potential customers on the site and transmits the data to promotion specialists for analysis and development of new strategies.</p><p></p><p>After the campaign was completed, the pixel was forgotten and not deleted. And it continued to quietly intercept the personal information of site visitors: names, phone numbers, even confidential health data from doctor's appointments.</p><p></p><p>This was a gross violation of the GDPR (General Data Protection Regulation — regulation of the European Union) and other privacy standards. According to European laws, the organization faced a fine of up to 4% of its annual revenue. And according to the laws of some American states, for example, California, up to $7,500 for each leaked medical card.</p><p></p><p>Given the fact that the organization is very large, we could talk about tens of millions of dollars. In addition, the clinic's reputation would suffer irreparably.</p><p></p><p>Thanks to chance, a financial catastrophe was avoided. Reflectiz, a developer of solutions for protecting web resources, discovered an error during a routine check of the clinic's website.</p><p></p><p>The Reflectiz, ScannAR tool scans web resources for anomalies. In this case, it worked as it should — it recognized the threat and sent an alert to the administrators. The pixel was deleted in time.</p><p></p><p>Recently, Reflectiz specialists released a study describing the problem. One of the main phenomena that affects the work is "configuration drift".</p><p></p><p>Configuration drift occurs when the current state of the site deviates more and more from the original state over time. This happens for many reasons: manual code changes, software updates, and human factors.</p><p></p><p>Drift introduces inconsistencies and vulnerabilities in the operation of web resources. It is quite difficult to ensure reliable data protection in such conditions.</p><p></p><p>To combat this problem, companies implement special tools for monitoring systems that help them find errors and deviations from secure settings in a timely manner.</p><p></p><p>The study mentions two other important points.</p><p></p><p>The first is non-compliance with the requirements of PCI DSS v4. 0 (Payment Card Industry Data Security Standard), which regulate the protection of payment data on online store sites.</p><p></p><p>The second is violations of HIPAA health regulations that protect confidential medical information. This once again highlights the seriousness of the mistake made by the staff of the aforementioned clinic, who ignored the problem for 4 whole years.</p><p></p><p>Configuration errors cause not only leaks, but also serious financial risks for all companies due to non-compliance with industry standards.</p></blockquote><p></p>
[QUOTE="Plotu, post: 467, member: 5"] The story of a clinic that forgot that there was a little spy lurking in its website. One of the largest European clinics narrowly avoided a multimillion-dollar fine due to one small pixel and inattention of IT specialists. A few years ago, a large international network of medical clinics ran an advertising campaign and installed a special tracking pixel on the site to track its effectiveness. This is a fairly common practice among marketers and advertisers. The pixel captures the activity of potential customers on the site and transmits the data to promotion specialists for analysis and development of new strategies. After the campaign was completed, the pixel was forgotten and not deleted. And it continued to quietly intercept the personal information of site visitors: names, phone numbers, even confidential health data from doctor's appointments. This was a gross violation of the GDPR (General Data Protection Regulation — regulation of the European Union) and other privacy standards. According to European laws, the organization faced a fine of up to 4% of its annual revenue. And according to the laws of some American states, for example, California, up to $7,500 for each leaked medical card. Given the fact that the organization is very large, we could talk about tens of millions of dollars. In addition, the clinic's reputation would suffer irreparably. Thanks to chance, a financial catastrophe was avoided. Reflectiz, a developer of solutions for protecting web resources, discovered an error during a routine check of the clinic's website. The Reflectiz, ScannAR tool scans web resources for anomalies. In this case, it worked as it should — it recognized the threat and sent an alert to the administrators. The pixel was deleted in time. Recently, Reflectiz specialists released a study describing the problem. One of the main phenomena that affects the work is "configuration drift". Configuration drift occurs when the current state of the site deviates more and more from the original state over time. This happens for many reasons: manual code changes, software updates, and human factors. Drift introduces inconsistencies and vulnerabilities in the operation of web resources. It is quite difficult to ensure reliable data protection in such conditions. To combat this problem, companies implement special tools for monitoring systems that help them find errors and deviations from secure settings in a timely manner. The study mentions two other important points. The first is non-compliance with the requirements of PCI DSS v4. 0 (Payment Card Industry Data Security Standard), which regulate the protection of payment data on online store sites. The second is violations of HIPAA health regulations that protect confidential medical information. This once again highlights the seriousness of the mistake made by the staff of the aforementioned clinic, who ignored the problem for 4 whole years. Configuration errors cause not only leaks, but also serious financial risks for all companies due to non-compliance with industry standards. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
Just one pixel can cost your business millions
Top