Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
KLOPP%20AT%20LIVERPOOL
%3Cp%3EYears%3A%20October%202015%20-%20June%202024%3Cbr%3ETotal%20games%3A%20491%3Cbr%3EWin%20percentage%3A%2060.9%25%3Cbr%3EMajor%20trophies%3A%206%20(Premier%20League%20x%201%2C%20Champions%20League%20x%201%2C%20FA%20Cup%20x%201%2C%20League%20Cup%20x%202%2C%20Fifa%20Club%20World%20Cup%20x1)%3C%2Fp%3E%0A
Profile
Name: Carzaty
Founders: Marwan Chaar and Hassan Jaffar
Launched: 2017
Employees: 22
Based: Dubai and Muscat
Sector: Automobile retail
Funding to date: $5.5 million
Skoda Superb Specs
Engine: 2-litre TSI petrol
Power: 190hp
Torque: 320Nm
Price: From Dh147,000
Available: Now
Who's who in Yemen conflict
Houthis: Iran-backed rebels who occupy Sanaa and run unrecognised government
Yemeni government: Exiled government in Aden led by eight-member Presidential Leadership Council
Southern Transitional Council: Faction in Yemeni government that seeks autonomy for the south
Habrish 'rebels': Tribal-backed forces feuding with STC over control of oil in government territory
Global state-owned investor ranking by size
|
1.
|
United States
|
|
2.
|
China
|
|
3.
|
UAE
|
|
4.
|
Japan
|
|
5
|
Norway
|
|
6.
|
Canada
|
|
7.
|
Singapore
|
|
8.
|
Australia
|
|
9.
|
Saudi Arabia
|
|
10.
|
South Korea
|
Read more from Aya Iskandarani
Director: Laxman Utekar
Cast: Vicky Kaushal, Akshaye Khanna, Diana Penty, Vineet Kumar Singh, Rashmika Mandanna
Rating: 1/5
Desert Warrior
Starring: Anthony Mackie, Aiysha Hart, Ben Kingsley
Director: Rupert Wyatt
Rating: 3/5
The five pillars of Islam
1. Fasting
2. Prayer
3. Hajj
4. Shahada
5. Zakat
RACECARD
6pm Emaar Dubai Sprint – Conditions (TB) $60,000 (Turf) 1,200m
6.35pm Graduate Stakes – Conditions (TB) $100,000 (Dirt) 1,600m
7.10pm Al Khail Trophy – Listed (TB) $100,000 (T) 2,810m
7.45pm UAE 1000 Guineas – Listed (TB) $150,000 (D) 1,600m
8.20pm Zabeel Turf – Listed (TB) $100,000 (T) 2,000m
8.55pm Downtown Dubai Cup – Rated Conditions (TB) $80,000 (D) 1,400m
9.30pm Zabeel Mile – Group 2 (TB) $180,000 (T) 1,600m
10.05pm Dubai Sprint – Listed (TB) $100,000 (T) 1,200m
Paatal Lok season two
Directors: Avinash Arun, Prosit Roy
Stars: Jaideep Ahlawat, Ishwak Singh, Lc Sekhose, Merenla Imsong
Rating: 4.5/5
Company name: Play:Date
Launched: March 2017 on UAE Mother’s Day
Founder: Shamim Kassibawi
Based: Dubai with operations in the UAE and US
Sector: Tech
Size: 20 employees
Stage of funding: Seed
Investors: Three founders (two silent co-founders) and one venture capital fund
The specs
Engine: 4.0-litre V8 twin-turbocharged and three electric motors
Power: Combined output 920hp
Torque: 730Nm at 4,000-7,000rpm
Transmission: 8-speed dual-clutch automatic
Fuel consumption: 11.2L/100km
On sale: Now, deliveries expected later in 2025
Price: expected to start at Dh1,432,000
SUCCESSION%20SEASON%204%20EPISODE%201
%3Cp%3E%3Cstrong%3ECreated%20by%3A%20%3C%2Fstrong%3EJesse%20Armstrong%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%3C%2Fstrong%3E%20Brian%20Cox%2C%20Jeremy%20Strong%2C%20Kieran%20Culkin%2C%20Sarah%20Snook%2C%20Nicholas%20Braun%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%204%2F5%3C%2Fp%3E%0A
UAE v Gibraltar
What: International friendly
When: 7pm kick off
Where: Rugby Park, Dubai Sports City
Admission: Free
Online: The match will be broadcast live on Dubai Exiles’ Facebook page
UAE squad: Lucas Waddington (Dubai Exiles), Gio Fourie (Exiles), Craig Nutt (Abu Dhabi Harlequins), Phil Brady (Harlequins), Daniel Perry (Dubai Hurricanes), Esekaia Dranibota (Harlequins), Matt Mills (Exiles), Jaen Botes (Exiles), Kristian Stinson (Exiles), Murray Reason (Abu Dhabi Saracens), Dave Knight (Hurricanes), Ross Samson (Jebel Ali Dragons), DuRandt Gerber (Exiles), Saki Naisau (Dragons), Andrew Powell (Hurricanes), Emosi Vacanau (Harlequins), Niko Volavola (Dragons), Matt Richards (Dragons), Luke Stevenson (Harlequins), Josh Ives (Dubai Sports City Eagles), Sean Stevens (Saracens), Thinus Steyn (Exiles)
The President's Cake
Director: Hasan Hadi
Starring: Baneen Ahmad Nayyef, Waheed Thabet Khreibat, Sajad Mohamad Qasem
Rating: 4/5
India Test squad
Kohli (c), Dhawan, Rahul, Vijay, Pujara, Rahane (vc), Karun, Karthik (wk), Rishabh Pant (wk), Ashwin, Jadeja, Kuldeep, Pandya, Ishant, Shami, Umesh, Bumrah, Thakur
Greatest Royal Rumble results
John Cena pinned Triple H in a singles match
Cedric Alexander retained the WWE Cruiserweight title against Kalisto
Matt Hardy and Bray Wyatt win the Raw Tag Team titles against Cesaro and Sheamus
Jeff Hardy retained the United States title against Jinder Mahal
Bludgeon Brothers retain the SmackDown Tag Team titles against the Usos
Seth Rollins retains the Intercontinental title against The Miz, Finn Balor and Samoa Joe
AJ Styles remains WWE World Heavyweight champion after he and Shinsuke Nakamura are both counted out
The Undertaker beats Rusev in a casket match
Brock Lesnar retains the WWE Universal title against Roman Reigns in a steel cage match
Braun Strowman won the 50-man Royal Rumble by eliminating Big Cass last
Roll%20of%20Honour%2C%20men%E2%80%99s%20domestic%20rugby%20season
%3Cp%3E%3Cstrong%3EWest%20Asia%20Premiership%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Tigers%0D%3Cbr%3ERunners%20up%3A%20Bahrain%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EUAE%20Premiership%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Jebel%20Ali%20Dragons%0D%3Cbr%3ERunners%20up%3A%20Dubai%20Hurricanes%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EUAE%20Division%201%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Sharks%0D%3Cbr%3ERunners%20up%3A%20Abu%20Dhabi%20Harlequins%20II%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EUAE%20Division%202%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Tigers%20III%0D%3Cbr%3ERunners%20up%3A%20Dubai%20Sharks%20II%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EDubai%20Sevens%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Tigers%0D%3Cbr%3ERunners%20up%3A%20Dubai%20Hurricanes%3C%2Fp%3E%0A
How much of your income do you need to save?
The more you save, the sooner you can retire. Tuan Phan, a board member of SimplyFI.com, says if you save just 5 per cent of your salary, you can expect to work for another 66 years before you are able to retire without too large a drop in income.
In other words, you will not save enough to retire comfortably. If you save 15 per cent, you can forward to another 43 working years. Up that to 40 per cent of your income, and your remaining working life drops to just 22 years. (see table)
Obviously, this is only a rough guide. How much you save will depend on variables, not least your salary and how much you already have in your pension pot. But it shows what you need to do to achieve financial independence.
FA Cup semi-finals
Saturday: Manchester United v Tottenham Hotspur, 8.15pm (UAE)
Sunday: Chelsea v Southampton, 6pm (UAE)
Matches on Bein Sports
The BIO:
He became the first Emirati to climb Mount Everest in 2011, from the south section in Nepal
He ascended Mount Everest the next year from the more treacherous north Tibetan side
By 2015, he had completed the Explorers Grand Slam
Last year, he conquered K2, the world’s second-highest mountain located on the Pakistan-Chinese border
He carries dried camel meat, dried dates and a wheat mixture for the final summit push
His new goal is to climb 14 peaks that are more than 8,000 metres above sea level
Wonka
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%C2%A0Paul%20King%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%C2%A0%3C%2Fstrong%3ETimothee%20Chalamet%2C%20Olivia%20Colman%2C%20Hugh%20Grant%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%202%2F5%3C%2Fp%3E%0A
