Data Breach at Major Hong Kong Broadband Provider May Spike ATO Attacks

Posted June 12, 2018

Data Breach at Major Hong Kong Broadband Provider May Spike ATO Attacks

A recent data breach at one of Hong Kong’s largest residential broadband providers has reportedly compromised the personal data of 380,000 customers, amplifying the risk of account takeover (ATO) attacks in the months ahead.

According to the South China Morning Post, the affected telco discovered that the personal information on an inactive customer database containing 40,000 credit card numbers, names, identity card information, telephone numbers, email and physical addresses had been accessed without authorization.

So far, it looks like there hasn’t been any communications or demands made from the unknown hackers. The company, however, immediately urged customers to change their login passwords to email, social media and online payment accounts in order to avoid account takeover fraud.

Of course, this kind of attack is hardly an isolated incident in this or any industry, but it does point to unsettling trends that service providers face as demand for digital connectivity continues to experience explosive growth.

Just ask Mary Meeker.

Boomtime for Broadband

According to Mary Meeker’s new Internet Trends 2018 Report, the total number of Internet users will surpass half the world’s population by the end of this year. Although year-over-year growth in Internet users, unit shipments of smartphones and other broadband devices has actually declined in recent years, digital media usage is another thing entirely.

From desktops and laptops, to mobile and other connected devices, total hours spent online now tops 5.9 hours per day, per adult user and shows no signs of slowing down, even as that second half of the human race joins the digital economy.

Broadband service providers are, and will continue to be, foundational to this revolution, both in terms of connectivity and in enabling whole new business and service models. That’s especially true in an Asia-Pacific region that is rapidly embracing Jack Ma’s vision for e- and m-commerce as embodied by Alibaba and other innovative digital-first players in numerous sectors.

Factor in Hong Kong’s wealthy consumer base, and a breach like this is no small matter. As Meeker puts it, cybersecurity threats are growing increasingly sophisticated and in many cases, data like the kind hacked in this incident is target #1.

Anatomy of an Account Takeover

The fact is, the same technologies and trends that are fueling today’s digital revolution also make it easier than ever for cybercriminals to monetize stolen data at a global scale. That makes broadband providers and other telcos especially lucrative to fraudsters.

A typical scenario: hijacking customer accounts and ordering new handsets or home routers that can then be sold online, along with their associated subscriptions. The financial and reputational damage done to a provider’s brand could be significant.

But it’s also just the tip of the iceberg. If account takeovers land access to customer emails and other online accounts, the ensuing string of crimes perpetrated against these victims could be truly jaw-dropping.

Small wonder then that thieves are increasingly using automated bots to test credentials in order to perpetrate ATOs. Across all industries, there were a record 820 million bot attacks worldwide last year, according to the Q1 2018 Cybercrime Report from ThreatMetrix.

Among the least prepared countries for this and other forms of cyberattack, according to Cybersecurity Insiders.com: Hong Kong.

Indeed, in the aftermath of breaches like the one that hit this Hong Kong telco, providers quickly discover how outdated models for verifying the identity of customers logging into accounts have instantly become a whole lot less reliable.

From Information to Intelligence

The fact is, broadband providers and other telcos face multiple challenges when it comes to fighting back against fraudsters.

For one thing, there are those potential ATOs. But there’s also the task of verifying the identity of customers applying for new contracts. It’s no longer (just) about ensuring customers can pay their monthly bills, mind you. It’s about detecting and blocking accounts created using stolen identity credentials too.

In addition to urging customers to change their logins, the Hong Kong broadband provider has strengthened encryption and reduced the amount of time personal data is stored.

Which are all good steps. But increasingly, successful fraud detection relies on being able to look beyond pieces of information to find actionable intelligence to differentiate customer from criminal, even if they’re both using valid credentials.

Today, it’s unclear how many organizations in this sector have adopted best-in-class approaches to accessing the kind of global, digital identity intelligence and analytics firepower needed to recognize how customers transact across devices, locations and behaviors in order to spot imposters.

Then again, whether it’s this or other approaches to stopping account takeovers and other forms of cybercrime, organizations will probably find they need to act sooner rather than later.

With both crooks and competitors eying opportunities in the $3 trillion digital economy, providers have plenty of motivation to ward off rivals and keep their own broadband booms well, booming.

To learn more about threats from identity-based fraud and how to mitigate them through a digital identity-based approach to user authentication, download a FREE copy of the Q1 2018 Cybercrime Report here.

Alisdair Faulkner

Alisdair Faulkner

Chief Identity Officer, ThreatMetrix

close btn