Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
Essentials
The flights
Whether you trek after mountain gorillas in Rwanda, Uganda or the Congo, the most convenient international airport is in Rwanda’s capital city, Kigali. There are direct flights from Dubai a couple of days a week with RwandAir. Otherwise, an indirect route is available via Nairobi with Kenya Airways. Flydubai flies to Kinshasa in the Democratic Republic of Congo, via Entebbe in Uganda. Expect to pay from US$350 (Dh1,286) return, including taxes.
The tours
Superb ape-watching tours that take in all three gorilla countries mentioned above are run by Natural World Safaris. In September, the company will be operating a unique Ugandan ape safari guided by well-known primatologist Ben Garrod.
In the Democratic Republic of Congo, local operator Kivu Travel can organise pretty much any kind of safari throughout the Virunga National Park and elsewhere in eastern Congo.
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Nag%20Ashwin%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%20%3C%2Fstrong%3EPrabhas%2C%20Saswata%20Chatterjee%2C%20Deepika%20Padukone%2C%20Amitabh%20Bachchan%2C%20Shobhana%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%20%3C%2Fstrong%3E%E2%98%85%E2%98%85%E2%98%85%E2%98%85%3C%2Fp%3E%0A
Washmen Profile
Date Started: May 2015
Founders: Rami Shaar and Jad Halaoui
Based: Dubai, UAE
Sector: Laundry
Employees: 170
Funding: about $8m
Funders: Addventure, B&Y Partners, Clara Ventures, Cedar Mundi Partners, Henkel Ventures
Sonchiriya
Director: Abhishek Chaubey
Producer: RSVP Movies, Azure Entertainment
Cast: Sushant Singh Rajput, Manoj Bajpayee, Ashutosh Rana, Bhumi Pednekar, Ranvir Shorey
Rating: 3/5
Sarfira
Director: Sudha Kongara Prasad
Starring: Akshay Kumar, Radhika Madan, Paresh Rawal
Rating: 2/5
More from Neighbourhood Watch
TOURNAMENT INFO
Women’s World Twenty20 Qualifier
Jul 3- 14, in the Netherlands
The top two teams will qualify to play at the World T20 in the West Indies in November
UAE squad
Humaira Tasneem (captain), Chamani Seneviratne, Subha Srinivasan, Neha Sharma, Kavisha Kumari, Judit Cleetus, Chaya Mughal, Roopa Nagraj, Heena Hotchandani, Namita D’Souza, Ishani Senevirathne, Esha Oza, Nisha Ali, Udeni Kuruppuarachchi
UAE central contracts
Full time contracts
Rohan Mustafa, Ahmed Raza, Mohammed Usman, Chirag Suri, Mohammed Boota, Sultan Ahmed, Zahoor Khan, Junaid Siddique, Waheed Ahmed, Zawar Farid
Part time contracts
Aryan Lakra, Ansh Tandon, Karthik Meiyappan, Rahul Bhatia, Alishan Sharafu, CP Rizwaan, Basil Hameed, Matiullah, Fahad Nawaz, Sanchit Sharma
Our legal columnist
Name: Yousef Al Bahar
Advocate at Al Bahar & Associate Advocates and Legal Consultants, established in 1994
Education: Mr Al Bahar was born in 1979 and graduated in 2008 from the Judicial Institute. He took after his father, who was one of the first Emirati lawyers
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3ECompany%3A%20%3C%2Fstrong%3EMascotte%20Health%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarted%3A%20%3C%2Fstrong%3E2023%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3EMiami%2C%20US%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFounder%3A%3C%2Fstrong%3E%20Bora%20Hamamcioglu%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EOnline%20veterinary%20service%20provider%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EInvestment%20stage%3A%3C%2Fstrong%3E%20%241.2%20million%20raised%20in%20seed%20funding%3C%2Fp%3E%0A
DUNE%3A%20PART%20TWO
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Denis%20Villeneuve%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%3C%2Fstrong%3E%20Timothee%20Chamalet%2C%20Zendaya%2C%20Austin%20Butler%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%205%2F5%3C%2Fp%3E%0A
Tank warfare
Lt Gen Erik Petersen, deputy chief of programs, US Army, has argued it took a “three decade holiday” on modernising tanks.
“There clearly remains a significant armoured heavy ground manoeuvre threat in this world and maintaining a world class armoured force is absolutely vital,” the general said in London last week.
“We are developing next generation capabilities to compete with and deter adversaries to prevent opportunism or miscalculation, and, if necessary, defeat any foe decisively.”
David Haye record
Total fights: 32
Wins: 28
Wins by KO: 26
Losses: 4
Other acts on the Jazz Garden bill
Sharrie Williams
The American singer is hugely respected in blues circles due to her passionate vocals and songwriting. Born and raised in Michigan, Williams began recording and touring as a teenage gospel singer. Her career took off with the blues band The Wiseguys. Such was the acclaim of their live shows that they toured throughout Europe and in Africa. As a solo artist, Williams has also collaborated with the likes of the late Dizzy Gillespie, Van Morrison and Mavis Staples.
Lin Rountree
An accomplished smooth jazz artist who blends his chilled approach with R‘n’B. Trained at the Duke Ellington School of the Arts in Washington, DC, Rountree formed his own band in 2004. He has also recorded with the likes of Kem, Dwele and Conya Doss. He comes to Dubai on the back of his new single Pass The Groove, from his forthcoming 2018 album Stronger Still, which may follow his five previous solo albums in cracking the top 10 of the US jazz charts.
Anita Williams
Dubai-based singer Anita Williams will open the night with a set of covers and swing, jazz and blues standards that made her an in-demand singer across the emirate. The Irish singer has been performing in Dubai since 2008 at venues such as MusicHall and Voda Bar. Her Jazz Garden appearance is career highlight as she will use the event to perform the original song Big Blue Eyes, the single from her debut solo album, due for release soon.
UPI facts
More than 2.2 million Indian tourists arrived in UAE in 2023
More than 3.5 million Indians reside in UAE
Indian tourists can make purchases in UAE using rupee accounts in India through QR-code-based UPI real-time payment systems
Indian residents in UAE can use their non-resident NRO and NRE accounts held in Indian banks linked to a UAE mobile number for UPI transactions
How%20to%20avoid%20getting%20scammed
%3Cul%3E%0A%3Cli%3ENever%20click%20on%20links%20provided%20via%20app%20or%20SMS%2C%20even%20if%20they%20seem%20to%20come%20from%20authorised%20senders%20at%20first%20glance%3C%2Fli%3E%0A%3Cli%3EAlways%20double-check%20the%20authenticity%20of%20websites%3C%2Fli%3E%0A%3Cli%3EEnable%20Two-Factor%20Authentication%20(2FA)%20for%20all%20your%20working%20and%20personal%20services%3C%2Fli%3E%0A%3Cli%3EOnly%20use%20official%20links%20published%20by%20the%20respective%20entity%3C%2Fli%3E%0A%3Cli%3EDouble-check%20the%20web%20addresses%20to%20reduce%20exposure%20to%20fake%20sites%20created%20with%20domain%20names%20containing%20spelling%20errors%3C%2Fli%3E%0A%3C%2Ful%3E%0A
WRESTLING HIGHLIGHTS
The years Ramadan fell in May
War
Director: Siddharth Anand
Cast: Hrithik Roshan, Tiger Shroff, Ashutosh Rana, Vaani Kapoor
Rating: Two out of five stars
The five pillars of Islam
MATCH INFO
Champions League quarter-final, first leg
Tottenham Hotspur v Manchester City, Tuesday, 11pm (UAE)
Matches can be watched on BeIN Sports
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
