Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
The specs: 2018 Volkswagen Teramont
Price, base / as tested Dh137,000 / Dh189,950
Engine 3.6-litre V6
Gearbox Eight-speed automatic
Power 280hp @ 6,200rpm
Torque 360Nm @ 2,750rpm
Fuel economy, combined 11.7L / 100km
Who has lived at The Bishops Avenue?
- George Sainsbury of the supermarket dynasty, sugar magnate William Park Lyle and actress Dame Gracie Fields were residents in the 1930s when the street was only known as ‘Millionaires’ Row’.
- Then came the international super rich, including the last king of Greece, Constantine II, the Sultan of Brunei and Indian steel magnate Lakshmi Mittal who was at one point ranked the third richest person in the world.
- Turkish tycoon Halis Torprak sold his mansion for £50m in 2008 after spending just two days there. The House of Saud sold 10 properties on the road in 2013 for almost £80m.
- Other residents have included Iraqi businessman Nemir Kirdar, singer Ariana Grande, holiday camp impresario Sir Billy Butlin, businessman Asil Nadir, Paul McCartney’s former wife Heather Mills.
Hunting park to luxury living
- Land was originally the Bishop of London's hunting park, hence the name
- The road was laid out in the mid 19th Century, meandering through woodland and farmland
- Its earliest houses at the turn of the 20th Century were substantial detached properties with extensive grounds
The more serious side of specialty coffee
While the taste of beans and freshness of roast is paramount to the specialty coffee scene, so is sustainability and workers’ rights.
The bulk of genuine specialty coffee companies aim to improve on these elements in every stage of production via direct relationships with farmers. For instance, Mokha 1450 on Al Wasl Road strives to work predominantly with women-owned and -operated coffee organisations, including female farmers in the Sabree mountains of Yemen.
Because, as the boutique’s owner, Garfield Kerr, points out: “women represent over 90 per cent of the coffee value chain, but are woefully underrepresented in less than 10 per cent of ownership and management throughout the global coffee industry.”
One of the UAE’s largest suppliers of green (meaning not-yet-roasted) beans, Raw Coffee, is a founding member of the Partnership of Gender Equity, which aims to empower female coffee farmers and harvesters.
Also, globally, many companies have found the perfect way to recycle old coffee grounds: they create the perfect fertile soil in which to grow mushrooms.
Poland Statement
All people fleeing from Ukraine before the armed conflict are allowed to enter Poland. Our country shelters every person whose life is in danger - regardless of their nationality.
The dominant group of refugees in Poland are citizens of Ukraine, but among the people checked by the Border Guard are also citizens of the USA, Nigeria, India, Georgia and other countries.
All persons admitted to Poland are verified by the Border Guard. In relation to those who are in doubt, e.g. do not have documents, Border Guard officers apply appropriate checking procedures.
No person who has received refuge in Poland will be sent back to a country torn by war.
World Cricket League Division 2
In Windhoek, Namibia - Top two teams qualify for the World Cup Qualifier in Zimbabwe, which starts on March 4.
UAE fixtures
Thursday February 8, v Kenya; Friday February 9, v Canada; Sunday February 11, v Nepal; Monday February 12, v Oman; Wednesday February 14, v Namibia; Thursday February 15, final
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3ECompany%20name%3A%3C%2Fstrong%3E%20Alaan%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%202021%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Dubai%3Cbr%3E%3Cstrong%3EFounders%3A%3C%2Fstrong%3E%20Parthi%20Duraisamy%20and%20Karun%20Kurien%3Cbr%3E%3Cstrong%3ESector%3A%3C%2Fstrong%3E%20FinTech%3Cbr%3E%3Cstrong%3EInvestment%20stage%3A%3C%2Fstrong%3E%20%247%20million%20raised%20in%20total%20%E2%80%94%20%242.5%20million%20in%20a%20seed%20round%20and%20%244.5%20million%20in%20a%20pre-series%20A%20round%3Cbr%3E%3Cbr%3E%3C%2Fp%3E%0A
UAE currency: the story behind the money in your pockets
The%20Killer
%3Cp%3E%3Cstrong%3EDirector%3A%C2%A0%3C%2Fstrong%3EDavid%20Fincher%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%C2%A0%3C%2Fstrong%3EMichael%20Fassbender%2C%20Tilda%20Swinton%2C%20Charles%20Parnell%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%204%2F5%C2%A0%3C%2Fp%3E%0A
Who's who in Yemen conflict
Houthis: Iran-backed rebels who occupy Sanaa and run unrecognised government
Yemeni government: Exiled government in Aden led by eight-member Presidential Leadership Council
Southern Transitional Council: Faction in Yemeni government that seeks autonomy for the south
Habrish 'rebels': Tribal-backed forces feuding with STC over control of oil in government territory
Six things you need to know about UAE Women’s Special Olympics football team
Several girls started playing football at age four
They describe sport as their passion
The girls don’t dwell on their condition
They just say they may need to work a little harder than others
When not in training, they play football with their brothers and sisters
The girls want to inspire others to join the UAE Special Olympics teams
'Cheb%20Khaled'
%3Cp%3E%3Cstrong%3EArtist%3A%20%3C%2Fstrong%3EKhaled%3Cbr%3E%3Cstrong%3ELabel%3A%20%3C%2Fstrong%3EBelieve%3Cbr%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%204%2F5%3C%2Fp%3E%0A
