Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
Groom and Two Brides
Director: Elie Semaan
Starring: Abdullah Boushehri, Laila Abdallah, Lulwa Almulla
Rating: 3/5
F1 The Movie
Starring: Brad Pitt, Damson Idris, Kerry Condon, Javier Bardem
Director: Joseph Kosinski
Rating: 4/5
The biog
Name: Shamsa Hassan Safar
Nationality: Emirati
Education: Degree in emergency medical services at Higher Colleges of Technology
Favourite book: Between two hearts- Arabic novels
Favourite music: Mohammed Abdu and modern Arabic songs
Favourite way to spend time off: Family visits and spending time with friends
PROFILE OF SWVL
Started: April 2017
Founders: Mostafa Kandil, Ahmed Sabbah and Mahmoud Nouh
Based: Cairo, Egypt
Sector: transport
Size: 450 employees
Investment: approximately $80 million
Investors include: Dubai’s Beco Capital, US’s Endeavor Catalyst, China’s MSA, Egypt’s Sawari Ventures, Sweden’s Vostok New Ventures, Property Finder CEO Michael Lahyani
UAE SQUAD
Khalid Essa (Al Ain), Ali Khaseif (Al Jazira), Adel Al Hosani (Sharjah), Mahmoud Khamis (Al Nasr), Yousef Jaber (Shabab Al Ahli Dubai), Khalifa Al Hammadi (Jazira), Salem Rashid (Jazira), Shaheen Abdelrahman (Sharjah), Faris Juma (Al Wahda), Mohammed Shaker (Al Ain), Mohammed Barghash (Wahda), Abdulaziz Haikal (Shabab Al Ahli), Ahmed Barman (Al Ain), Khamis Esmail (Wahda), Khaled Bawazir (Sharjah), Majed Surour (Sharjah), Abdullah Ramadan (Jazira), Mohammed Al Attas (Jazira), Fabio De Lima (Al Wasl), Bandar Al Ahbabi (Al Ain), Khalfan Mubarak (Jazira), Habib Fardan (Nasr), Khalil Ibrahim (Wahda), Ali Mabkhout (Jazira), Ali Saleh (Wasl), Caio (Al Ain), Sebastian Tagliabue (Nasr).
Herc's Adventures
Developer: Big Ape Productions
Publisher: LucasArts
Console: PlayStation 1 & 5, Sega Saturn
Rating: 4/5
Previous men's records
- 2:01:39: Eliud Kipchoge (KEN) on 16/9/19 in Berlin
- 2:02:57: Dennis Kimetto (KEN) on 28/09/2014 in Berlin
- 2:03:23: Wilson Kipsang (KEN) on 29/09/2013 in Berlin
- 2:03:38: Patrick Makau (KEN) on 25/09/2011 in Berlin
- 2:03:59: Haile Gebreselassie (ETH) on 28/09/2008 in Berlin
- 2:04:26: Haile Gebreselassie (ETH) on 30/09/2007 in Berlin
- 2:04:55: Paul Tergat (KEN) on 28/09/2003 in Berlin
- 2:05:38: Khalid Khannouchi (USA) 14/04/2002 in London
- 2:05:42: Khalid Khannouchi (USA) 24/10/1999 in Chicago
- 2:06:05: Ronaldo da Costa (BRA) 20/09/1998 in Berlin
MATCH INFO
Uefa Champions League semi-final, first leg
Barcelona v Liverpool, Wednesday, 11pm (UAE).
Second leg
Liverpool v Barcelona, Tuesday, May 7, 11pm
Games on BeIN Sports
A list of the animal rescue organisations in the UAE
2025 Fifa Club World Cup groups
Group A: Palmeiras, Porto, Al Ahly, Inter Miami.
Group B: Paris Saint-Germain, Atletico Madrid, Botafogo, Seattle.
Group C: Bayern Munich, Auckland City, Boca Juniors, Benfica.
Group D: Flamengo, ES Tunis, Chelsea, Leon.
Group E: River Plate, Urawa, Monterrey, Inter Milan.
Group F: Fluminense, Borussia Dortmund, Ulsan, Mamelodi Sundowns.
Group G: Manchester City, Wydad, Al Ain, Juventus.
Group H: Real Madrid, Al Hilal, Pachuca, Salzburg.
Skoda Superb Specs
Engine: 2-litre TSI petrol
Power: 190hp
Torque: 320Nm
Price: From Dh147,000
Available: Now
Bridgerton%20season%20three%20-%20part%20one
%3Cp%3E%3Cstrong%3EDirectors%3A%20%3C%2Fstrong%3EVarious%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%3C%2Fstrong%3E%20Nicola%20Coughlan%2C%20Luke%20Newton%2C%20Jonathan%20Bailey%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%20%3C%2Fstrong%3E3%2F5%3C%2Fp%3E%0A
The specs
Engine: Dual 180kW and 300kW front and rear motors
Power: 480kW
Torque: 850Nm
Transmission: Single-speed automatic
Price: From Dh359,900 ($98,000)
On sale: Now
Other workplace saving schemes
- The UAE government announced a retirement savings plan for private and free zone sector employees in 2023.
- Dubai’s savings retirement scheme for foreign employees working in the emirate’s government and public sector came into effect in 2022.
- National Bonds unveiled a Golden Pension Scheme in 2022 to help private-sector foreign employees with their financial planning.
- In April 2021, Hayah Insurance unveiled a workplace savings plan to help UAE employees save for their retirement.
- Lunate, an Abu Dhabi-based investment manager, has launched a fund that will allow UAE private companies to offer employees investment returns on end-of-service benefits.
Desert Warrior
Starring: Anthony Mackie, Aiysha Hart, Ben Kingsley
Director: Rupert Wyatt
Rating: 3/5
Results
5.30pm: Maiden (TB) Dh82,500 (Dirt) 1,600m, Winner: Panadol, Mickael Barzalona (jockey), Salem bin Ghadayer (trainer)
6.05pm: Maiden (TB) Dh82,500 (Turf) 1,400m, Winner: Mayehaab, Adrie de Vries, Fawzi Nass
6.40pm: Handicap (TB) Dh85,000 (D) 1,600m, Winner: Monoski, Mickael Barzalona, Salem bin Ghadayer
7.15pm: Handicap (TB) Dh102,500 (T) 1,800m, Winner: Eastern World, Royston Ffrench, Charlie Appleby
7.50pm: Handicap (TB) Dh92,500 (D) 1,200m, Winner: Madkal, Adrie de Vries, Fawzi Nass
8.25pm: Handicap (TB) Dh92,500 (T) 1,200m, Winner: Taneen, Dane O’Neill, Musabah Al Muhairi
Tips for newlyweds to better manage finances
All couples are unique and have to create a financial blueprint that is most suitable for their relationship, says Vijay Valecha, chief investment officer at Century Financial. He offers his top five tips for couples to better manage their finances.
Discuss your assets and debts: When married, it’s important to understand each other’s personal financial situation. It’s necessary to know upfront what each party brings to the table, as debts and assets affect spending habits and joint loan qualifications. Discussing all aspects of their finances as a couple prevents anyone from being blindsided later.
Decide on the financial/saving goals: Spouses should independently list their top goals and share their lists with one another to shape a joint plan. Writing down clear goals will help them determine how much to save each month, how much to put aside for short-term goals, and how they will reach their long-term financial goals.
Set a budget: A budget can keep the couple be mindful of their income and expenses. With a monthly budget, couples will know exactly how much they can spend in a category each month, how much they have to work with and what spending areas need to be evaluated.
Decide who manages what: When it comes to handling finances, it’s a good idea to decide who manages what. For example, one person might take on the day-to-day bills, while the other tackles long-term investments and retirement plans.
Money date nights: Talking about money should be a healthy, ongoing conversation and couples should not wait for something to go wrong. They should set time aside every month to talk about future financial decisions and see the progress they’ve made together towards accomplishing their goals.
