Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
DUBAI CARNIVAL RESULTS
6.30pm Handicap US$135,000 (Turf) 2,410m
Winner Dubai Future, Harry Bentley (jockey), Saeed bin Suroor (trainer).
7.05pm UAE 1000 Guineas Listed $250,000 (Dirt) 1,600m
Winner Dubai Love, Patrick Cosgrave, Saeed bin Suroor.
7.40pm Dubai Dash Listed $175,000 (T) 1,000m
Winner: Equilateral, James Doyle, Charles Hills.
8.15pm Al Bastakiya Trial Conditions $100,000 (D) 1.900m
Winner Laser Show, Kevin Stott, Saeed bin Suroor.
8.50pm Al Fahidi Fort Group Two $250,000 (T) 1,400m
Winner Glorious Journey, James Doyle, Charlie Appleby.
9.25pm Handicap $135,000 (D) 2,000m
Winner George Villiers, Tadhg O’Shea, Satish Seemar.
In numbers
- Number of children under five will fall from 681 million in 2017 to 401m in 2100
- Over-80s will rise from 141m in 2017 to 866m in 2100
- Nigeria will become the world’s second most populous country with 791m by 2100, behind India
- China will fall dramatically from a peak of 2.4 billion in 2024 to 732 million by 2100
- an average of 2.1 children per woman is required to sustain population growth
Benefits of first-time home buyers' scheme
- Priority access to new homes from participating developers
- Discounts on sales price of off-plan units
- Flexible payment plans from developers
- Mortgages with better interest rates, faster approval times and reduced fees
- DLD registration fee can be paid through banks or credit cards at zero interest rates
How to protect yourself when air quality drops
Install an air filter in your home.
Close your windows and turn on the AC.
Shower or bath after being outside.
Wear a face mask.
Stay indoors when conditions are particularly poor.
If driving, turn your engine off when stationary.
Paatal Lok season two
Directors: Avinash Arun, Prosit Roy
Stars: Jaideep Ahlawat, Ishwak Singh, Lc Sekhose, Merenla Imsong
Rating: 4.5/5
SOUTH%20KOREA%20SQUAD
%3Cp%3E%0D%3Cstrong%3EGoalkeepers%3A%20%3C%2Fstrong%3EKim%20Seung-gyu%2C%20Jo%20Hyeon-woo%2C%20Song%20Bum-keun%0D%3Cbr%3E%3Cstrong%3EDefenders%3A%20%3C%2Fstrong%3EKim%20Young-gwon%2C%20Kim%20Min-jae%2C%20Jung%20Seung-hyun%2C%20Kim%20Ju-sung%2C%20Kim%20Ji-soo%2C%20Seol%20Young-woo%2C%20Kim%20Tae-hwan%2C%20Lee%20Ki-je%2C%20Kim%20Jin-su%0D%3Cbr%3E%3Cstrong%3EMidfielders%3A%20%3C%2Fstrong%3EPark%20Yong-woo%2C%20Hwang%20In-beom%2C%20Hong%20Hyun-seok%2C%20Lee%20Soon-min%2C%20Lee%20Jae-sung%2C%20Lee%20Kang-in%2C%20Son%20Heung-min%20(captain)%2C%20Jeong%20Woo-yeong%2C%20Moon%20Seon-min%2C%20Park%20Jin-seob%2C%20Yang%20Hyun-jun%0D%3Cbr%3E%3Cstrong%3EStrikers%3A%20%3C%2Fstrong%3EHwang%20Hee-chan%2C%20Cho%20Gue-sung%2C%20Oh%20Hyeon-gyu%3C%2Fp%3E%0A
The schedule
December 5 - 23: Shooting competition, Al Dhafra Shooting Club
December 9 - 24: Handicrafts competition, from 4pm until 10pm, Heritage Souq
December 11 - 20: Dates competition, from 4pm
December 12 - 20: Sour milk competition
December 13: Falcon beauty competition
December 14 and 20: Saluki races
December 15: Arabian horse races, from 4pm
December 16 - 19: Falconry competition
December 18: Camel milk competition, from 7.30 - 9.30 am
December 20 and 21: Sheep beauty competition, from 10am
December 22: The best herd of 30 camels
Challenge Cup result:
1. UAE 3 faults
2. Ireland 9 faults
3. Brazil 11 faults
4. Spain 15 faults
5. Great Britain 17 faults
6. New Zealand 20 faults
7. Italy 26 faults
Tamkeen's offering
- Option 1: 70% in year 1, 50% in year 2, 30% in year 3
- Option 2: 50% across three years
- Option 3: 30% across five years
Tell Me Who I Am
Director: Ed Perkins
Stars: Alex and Marcus Lewis
Four stars
Desert Warrior
Starring: Anthony Mackie, Aiysha Hart, Ben Kingsley
Director: Rupert Wyatt
Rating: 3/5
Sarfira
Director: Sudha Kongara Prasad
Starring: Akshay Kumar, Radhika Madan, Paresh Rawal
Rating: 2/5
SERIE A FIXTURES
Saturday
AC Milan v Sampdoria (2.30pm kick-off UAE)
Atalanta v Udinese (5pm)
Benevento v Parma (5pm)
Cagliari v Hellas Verona (5pm)
Genoa v Fiorentina (5pm)
Lazio v Spezia (5pm)
Napoli v Crotone (5pm)
Sassuolo v Roma (5pm)
Torino v Juventus (8pm)
Bologna v Inter Milan (10.45pm)
MATCH INFO
Manchester United 1 (Fernandes pen 2') Tottenham Hotspur 6 (Ndombele 4', Son 7' & 37' Kane (30' & pen 79, Aurier 51')
Man of the match Son Heung-min (Tottenham)
SPEC%20SHEET%3A%20APPLE%20IPHONE%2015%20PRO%20MAX
%3Cp%3E%3Cstrong%3EDisplay%3A%3C%2Fstrong%3E%206.7%22%20Super%20Retina%20XDR%20OLED%2C%202796%20x%201290%2C%20460ppi%2C%20120Hz%2C%202000%20nits%20max%2C%20HDR%2C%20True%20Tone%2C%20P3%2C%20always-on%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EProcessor%3A%3C%2Fstrong%3E%20A17%20Pro%2C%206-core%20CPU%2C%206-core%20GPU%2C%2016-core%20Neural%20Engine%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMemory%3A%3C%2Fstrong%3E%208GB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECapacity%3A%3C%2Fstrong%3E%20256%2F512GB%20%2F%201TB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPlatform%3A%3C%2Fstrong%3E%20iOS%2017%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMain%20camera%3A%3C%2Fstrong%3E%20Triple%3A%2048MP%20main%20(f%2F1.78)%20%2B%2012MP%20ultra-wide%20(f%2F2.2)%20%2B%2012MP%205x%20telephoto%20(f%2F2.8)%3B%205x%20optical%20zoom%20in%2C%202x%20optical%20zoom%20out%3B%2010x%20optical%20zoom%20range%2C%20digital%20zoom%20up%20to%2025x%3B%20Photonic%20Engine%2C%20Deep%20Fusion%2C%20Smart%20HDR%204%2C%20Portrait%20Lighting%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMain%20camera%20video%3A%3C%2Fstrong%3E%204K%20%40%2024%2F25%2F30%2F60fps%2C%20full-HD%20%40%2025%2F30%2F60fps%2C%20HD%20%40%2030fps%2C%20slo-mo%20%40%20120%2F240fps%2C%20ProRes%20(4K)%20%40%2060fps%3B%20night%2C%20time%20lapse%2C%20cinematic%2C%20action%20modes%3B%20Dolby%20Vision%2C%204K%20HDR%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFront%20camera%3A%3C%2Fstrong%3E%2012MP%20TrueDepth%20(f%2F1.9)%2C%20Photonic%20Engine%2C%20Deep%20Fusion%2C%20Smart%20HDR%204%2C%20Portrait%20Lighting%3B%20Animoji%2C%20Memoji%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFront%20camera%20video%3A%3C%2Fstrong%3E%204K%20%40%2024%2F25%2F30%2F60fps%2C%20full-HD%20%40%2025%2F30%2F60fps%2C%20slo-mo%20%40%20120%2F240fps%2C%20ProRes%20(4K)%20%40%2030fps%3B%20night%2C%20time%20lapse%2C%20cinematic%2C%20action%20modes%3B%20Dolby%20Vision%2C%204K%20HDR%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBattery%3A%3C%2Fstrong%3E%204441mAh%2C%20up%20to%2029h%20video%2C%2025h%20streaming%20video%2C%2095h%20audio%3B%20fast%20charge%20to%2050%25%20in%2030min%20(with%20at%20least%2020W%20adaptor)%3B%20MagSafe%2C%20Qi%20wireless%20charging%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConnectivity%3A%3C%2Fstrong%3E%20Wi-Fi%2C%20Bluetooth%205.3%2C%20NFC%20(Apple%20Pay)%2C%20second-generation%20Ultra%20Wideband%20chip%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBiometrics%3A%3C%2Fstrong%3E%20Face%20ID%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EI%2FO%3A%3C%2Fstrong%3E%20USB-C%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EDurability%3A%3C%2Fstrong%3E%20IP68%2C%20water-resistant%20up%20to%206m%20up%20to%2030min%3B%20dust%2Fsplash-resistant%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECards%3A%3C%2Fstrong%3E%20Dual%20eSIM%20%2F%20eSIM%20%2B%20eSIM%20(US%20models%20use%20eSIMs%20only)%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EColours%3A%3C%2Fstrong%3E%20Black%20titanium%2C%20blue%20titanium%2C%20natural%20titanium%2C%20white%20titanium%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EIn%20the%20box%3A%20%3C%2Fstrong%3EiPhone%2015%20Pro%20Max%2C%20USB-C-to-USB-C%20woven%20cable%2C%20one%20Apple%20sticker%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPrice%3A%3C%2Fstrong%3E%20Dh5%2C099%20%2F%20Dh5%2C949%20%2F%20Dh6%2C799%3C%2Fp%3E%0A
Ain Dubai in numbers
126: The length in metres of the legs supporting the structure
1 football pitch: The length of each permanent spoke is longer than a professional soccer pitch
16 A380 Airbuses: The equivalent weight of the wheel rim.
9,000 tonnes: The amount of steel used to construct the project.
5 tonnes: The weight of each permanent spoke that is holding the wheel rim in place
192: The amount of cable wires used to create the wheel. They measure a distance of 2,4000km in total, the equivalent of the distance between Dubai and Cairo.
The specs: 2018 Nissan 370Z Nismo
The specs: 2018 Nissan 370Z Nismo
Price, base / as tested: Dh182,178
Engine: 3.7-litre V6
Power: 350hp @ 7,400rpm
Torque: 374Nm @ 5,200rpm
Transmission: Seven-speed automatic
Fuel consumption, combined: 10.5L / 100km
UAE currency: the story behind the money in your pockets
EA Sports FC 24
THE DETAILS
Kaala
Dir: Pa. Ranjith
Starring: Rajinikanth, Huma Qureshi, Easwari Rao, Nana Patekar
Rating: 1.5/5
Real estate tokenisation project
Dubai launched the pilot phase of its real estate tokenisation project last month.
The initiative focuses on converting real estate assets into digital tokens recorded on blockchain technology and helps in streamlining the process of buying, selling and investing, the Dubai Land Department said.
Dubai’s real estate tokenisation market is projected to reach Dh60 billion ($16.33 billion) by 2033, representing 7 per cent of the emirate’s total property transactions, according to the DLD.
Why your domicile status is important
Your UK residence status is assessed using the statutory residence test. While your residence status – ie where you live - is assessed every year, your domicile status is assessed over your lifetime.
Your domicile of origin generally comes from your parents and if your parents were not married, then it is decided by your father. Your domicile is generally the country your father considered his permanent home when you were born.
UK residents who have their permanent home ("domicile") outside the UK may not have to pay UK tax on foreign income. For example, they do not pay tax on foreign income or gains if they are less than £2,000 in the tax year and do not transfer that gain to a UK bank account.
A UK-domiciled person, however, is liable for UK tax on their worldwide income and gains when they are resident in the UK.
SPEC%20SHEET%3A%20APPLE%20M3%20MACBOOK%20AIR%20(13%22)
%3Cp%3E%3Cstrong%3EProcessor%3A%3C%2Fstrong%3E%20Apple%20M3%2C%208-core%20CPU%2C%20up%20to%2010-core%20CPU%2C%2016-core%20Neural%20Engine%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EDisplay%3A%3C%2Fstrong%3E%2013.6-inch%20Liquid%20Retina%2C%202560%20x%201664%2C%20224ppi%2C%20500%20nits%2C%20True%20Tone%2C%20wide%20colour%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMemory%3A%3C%2Fstrong%3E%208%2F16%2F24GB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStorage%3A%3C%2Fstrong%3E%20256%2F512GB%20%2F%201%2F2TB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EI%2FO%3A%3C%2Fstrong%3E%20Thunderbolt%203%2FUSB-4%20(2)%2C%203.5mm%20audio%2C%20Touch%20ID%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConnectivity%3A%3C%2Fstrong%3E%20Wi-Fi%206E%2C%20Bluetooth%205.3%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBattery%3A%3C%2Fstrong%3E%2052.6Wh%20lithium-polymer%2C%20up%20to%2018%20hours%2C%20MagSafe%20charging%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECamera%3A%3C%2Fstrong%3E%201080p%20FaceTime%20HD%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EVideo%3A%3C%2Fstrong%3E%20Support%20for%20Apple%20ProRes%2C%20HDR%20with%20Dolby%20Vision%2C%20HDR10%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EAudio%3A%3C%2Fstrong%3E%204-speaker%20system%2C%20wide%20stereo%2C%20support%20for%20Dolby%20Atmos%2C%20Spatial%20Audio%20and%20dynamic%20head%20tracking%20(with%20AirPods)%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EColours%3A%3C%2Fstrong%3E%20Midnight%2C%20silver%2C%20space%20grey%2C%20starlight%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EIn%20the%20box%3A%3C%2Fstrong%3E%20MacBook%20Air%2C%2030W%2F35W%20dual-port%2F70w%20power%20adapter%2C%20USB-C-to-MagSafe%20cable%2C%202%20Apple%20stickers%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPrice%3A%3C%2Fstrong%3E%20From%20Dh4%2C599%3C%2Fp%3E%0A
Honeymoonish
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Elie%20El%20Samaan%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%20%3C%2Fstrong%3ENour%20Al%20Ghandour%2C%20Mahmoud%20Boushahri%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%203%2F5%3C%2Fp%3E%0A
Our family matters legal consultant
Name: Hassan Mohsen Elhais
Position: legal consultant with Al Rowaad Advocates and Legal Consultants.
More on animal trafficking
Match info:
Leicester City 1
Ghezzal (63')
Liverpool 2
Mane (10'), Firmino (45')
