Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
Results
Stage three:
1. Stefan Bissegger (SUI) EF Education-EasyPost, in 9-43
2. Filippo Ganna (ITA) Ineos Grenadiers, at 7s
3. Tom Dumoulin (NED) Jumbo-Visma, at 14s
4. Tadej Pogacar (SLO) UAE-Team Emirates, at 18s
5. Joao Almeida (POR) UAE-Team Emirates, at 22s
6. Mikkel Bjerg (DEN) UAE-Team Emirates, at 24s
General Classification:
1. Stefan Bissegger (SUI) EF Education-EasyPost, in 9-13-02
2. Filippo Ganna (ITA) Ineos Grenadiers, at 7s
3. Jasper Philipsen (BEL) Alpecin Fenix, at 12s
4. Tom Dumoulin (NED) Jumbo-Visma, at 14s
5. Tadej Pogacar (SLO) UAE-Team Emirates, at 18s
6. Joao Almeida (POR) UAE-Team Emirates, at 22s
Company%20profile
%3Cp%3E%3Cstrong%3EName%3A%3C%2Fstrong%3E%20Belong%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Dubai%3Cbr%3E%3Cstrong%3EFounders%3A%3C%2Fstrong%3E%20Michael%20Askew%20and%20Matthew%20Gaziano%3Cbr%3E%3Cstrong%3ESector%3A%3C%2Fstrong%3E%20Technology%3Cbr%3E%3Cstrong%3ETotal%20funding%3A%3C%2Fstrong%3E%20%243.5%20million%20from%20crowd%20funding%20and%20angel%20investors%3Cstrong%3E%3Cbr%3ENumber%20of%20employees%3A%3C%2Fstrong%3E%2012%3C%2Fp%3E%0A
SPEC%20SHEET%3A%20SAMSUNG%20GALAXY%20Z%20FLIP%204
%3Cp%3E%3Cstrong%3EDisplay%3A%20%3C%2Fstrong%3EMain%20%E2%80%93%206.7%22%20FHD%20Dynamic%20Amoled%202X%2C%202640%20x%201080%2C%2022%3A9%2C%20425ppi%2C%20HDR10%2B%2C%20up%20to%20120Hz%3B%20cover%20%E2%80%93%201.9%22%20Super%20Amoled%2C%20512%20x%20260%2C%20302ppi%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EProcessor%3A%3C%2Fstrong%3E%20Qualcomm%20Snapdragon%208%2B%20Gen%201%2C%204nm%2C%20octa-core%3B%20Adreno%20730%20GPU%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMemory%3A%3C%2Fstrong%3E%208GB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECapacity%3A%3C%2Fstrong%3E%20128%2F256%2F512GB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPlatform%3A%3C%2Fstrong%3E%20Android%2012%2C%20One%20UI%204.1.1%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMain%20camera%3A%3C%2Fstrong%3E%20Dual%2012MP%20ultra-wide%20(f%2F2.2)%20%2B%2012MP%20wide%20(f%2F1.8)%2C%20OIS%2C%20portrait%2C%20super%20slo-mo%2C%20hyperlapse%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EVideo%3A%3C%2Fstrong%3E%204K%4030%2F60fps%2C%20full-HD%4030%2F60fps%2C%20HD%4030fps%3B%20slo-mo%40240%2F960fps%3B%20HDR10%2B%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFront%20camera%3A%3C%2Fstrong%3E%2010MP%20(f%2F2.4)%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBattery%3A%3C%2Fstrong%3E%203700mAh%2C%2025W%20fast%20charging%2C%2015W%20wireless%20charging%2C%20reverse%20wireless%20charging%2C%20'all-day'%20life%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConnectivity%3A%3C%2Fstrong%3E%205G%3B%20Wi-Fi%2C%20Bluetooth%205.2%2C%20NFC%20(Samsung%20Pay)%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EI%2FO%3A%3C%2Fstrong%3E%20USB-C%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECards%3A%3C%2Fstrong%3E%20Nano-SIM%20%2B%20eSIM%3B%20no%20microSD%20slot%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EColours%3A%3C%2Fstrong%3E%20Bora%20purple%2C%20graphite%2C%20pink%20gold%2C%20blue%3B%20Bespoke%20Edition%20in%20select%20countries%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EIn%20the%20box%3A%3C%2Fstrong%3E%20Flip%204%2C%20USB-C-to-USB-C%20cable%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPrice%3A%3C%2Fstrong%3E%20Dh3%2C799%20%2F%20Dh3%2C999%20%2F%20Dh4%2C449%3C%2Fp%3E%0A
Prop idols
Girls full-contact rugby may be in its infancy in the Middle East, but there are already a number of role models for players to look up to.
Sophie Shams (Dubai Exiles mini, England sevens international)
An Emirati student who is blazing a trail in rugby. She first learnt the game at Dubai Exiles and captained her JESS Primary school team. After going to study geophysics at university in the UK, she scored a sensational try in a cup final at Twickenham. She has played for England sevens, and is now contracted to top Premiership club Saracens.
----
Seren Gough-Walters (Sharjah Wanderers mini, Wales rugby league international)
Few players anywhere will have taken a more circuitous route to playing rugby on Sky Sports. Gough-Walters was born in Al Wasl Hospital in Dubai, raised in Sharjah, did not take up rugby seriously till she was 15, has a master’s in global governance and ethics, and once worked as an immigration officer at the British Embassy in Abu Dhabi. In the summer of 2021 she played for Wales against England in rugby league, in a match that was broadcast live on TV.
----
Erin King (Dubai Hurricanes mini, Ireland sevens international)
Aged five, Australia-born King went to Dubai Hurricanes training at The Sevens with her brothers. She immediately struck up a deep affection for rugby. She returned to the city at the end of last year to play at the Dubai Rugby Sevens in the colours of Ireland in the Women’s World Series tournament on Pitch 1.
Favourite things
Luxury: Enjoys window shopping for high-end bags and jewellery
Discount: She works in luxury retail, but is careful about spending, waits for sales, festivals and only buys on discount
University: The only person in her family to go to college, Jiang secured a bachelor’s degree in business management in China
Masters: Studying part-time for a master’s degree in international business marketing in Dubai
Vacation: Heads back home to see family in China
Community work: Member of the Chinese Business Women’s Association of the UAE to encourage other women entrepreneurs
Avatar%20(2009)
%3Cp%3E%3Cstrong%3EDirector%3A%20%3C%2Fstrong%3EJames%20Cameron%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%20%3C%2Fstrong%3ESam%20Worthington%2C%20Zoe%20Saldana%2C%20Sigourney%20Weaver%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%20%3C%2Fstrong%3E3%2F5%3C%2Fp%3E%0A
The BIO
Favourite piece of music: Verdi’s Requiem. It’s awe-inspiring.
Biggest inspiration: My father, as I grew up in a house where music was constantly played on a wind-up gramophone. I had amazing music teachers in primary and secondary school who inspired me to take my music further. They encouraged me to take up music as a profession and I follow in their footsteps, encouraging others to do the same.
Favourite book: Ian McEwan’s Atonement – the ending alone knocked me for six.
Favourite holiday destination: Italy - music and opera is so much part of the life there. I love it.
21 Lessons for the 21st Century
Yuval Noah Harari, Jonathan Cape
Trippier bio
Date of birth September 19, 1990
Place of birth Bury, United Kingdom
Age 26
Height 1.74 metres
Nationality England
Position Right-back
Foot Right
