Angelo Gajo | June 5, 2019 | 8 minutes
Numerous Australian organisations have already been affected by severe data breaches this year including big names like Princess Polly, Canva, Australian National University and Westpac. Should companies invest more in new preventative methods such as implementing biometric verifications like ArmorVox’s voice verification?
Princess Polly, an Australian fashion boutique e-tailer, announced on May 31st that they were recently breached by an unidentified third-party. The incident exposed customers’ personal information and payment details, leaving customers vulnerable to future scams such as identity theft and credit card fraud. To remedy the situation, they deployed a curative method of hiring external IT and cybersecurity consultants to investigate the incident and repair their online security.
Source: Twitter via ‘princess polly’ search query
Canva, an Australian-founded global graphic-design tool website, announced on May 25th that they recently suffered a security incident. In their announcement, they state that a malicious attack occurred on their systems, exposing 139 million of their customers profile data. These data include customers’ usernames, names, email addresses and country. Furthermore, the hackers managed to obtain details on customers’ cryptographically protected passwords and OAuth login tokens, while briefly viewed files with a partial credit card and payment information. Like Princess Polly, Canva is currently implementing curative methods to remedy the situation by notifying their users to change their passwords, resetting their OAuth tokens, working with external IT and cybersecurity consultants as well as offering one-year free service to 1Password, a password management system.
Interestingly, password managers are not the ultimate solution. Storing multiple passwords into a centralised location only promotes more targeted hacks. Loopholes and security flaws also exist even with the most popular password managers. In fact, some users of 1Password, Dashlane, KeePass, LastPass and RoboForm had their passwords left exposed in their computer’s memory. Even worse, 1Password, LastPass and Roboform had some of their users’ master passwords left exposed. However, it is critical to note that everything online will always be vulnerable. Password managers are still an effective preventative method but digital users and providers should look to invest more into multifactor authenticators that use biometric data such as facial, iris, fingerprint or voice.
Westpac recently announced that they were targeted by a group of hackers who breached their PayID system. PayID is an online lookup system where users can search the bank’s database using a phone number or email address to display an account holder’s details. The hackers accessed around 98,000 of its customers’ personal details by filtering through over 600,000 random Australian numbers. A spokesperson stated that Westpac took “additional preventative actions which did not include a system shutdown” and that no further inappropriate activity was detected.
Source: Twitter via @anthonycr0
Today, the Australian National University announced that they suffered a massive data hack. A great sum of data was breached which included: names, addresses, phone numbers, dates of birth, emergency contact details, tax file numbers payroll information, bank account details, student academic records and student academic transcripts. With this amount of different types of data in the wrong hands, hackers can virtually impersonate users and conduct various scams such as identity theft and credit card fraud effortlessly. The university is currently working with IT and cybersecurity officials to determine the extent of the breach.
The underlying issue is that hackers can access systems via a loophole. Bear in mind, hackers often break into systems using the same access points that customers use. Therefore, more importance is emphasised during the user enrolment and verification phases in order to securely protect users’ personal data. After all, organisations have the ethical responsibility to ensure that they have the most secure and up to date protection implemented.
Character-based passwords, no matter how random, are not the most effective security measures anymore. Nowadays, users often use the same passwords for different platforms. As mentioned previously, multi-factor authentication using at least one biometric authentication is a better alternative. If a user is required to present their voice to access their accounts, it is less likely for hackers to breach their systems. ArmorVox by Auraya uses a random digit challenge to ensure recording someone saying one phrase does not provide access to hackers because each access requires the user to say a new random phrase with the authorised voice.
Further, biometric authenticators are becoming more accessible modern smartphones have high-quality microphones built in. Voice biometric technology, such as our ArmorVox engine, is already capable of verifying and authenticating users in milliseconds at very high-security settings. Additionally, our ArmorVox engine maintains an ethical and compliant approach in delivering its capabilities. For example, ArmorVox converts voice files into blobs of data. This means that users’ voice prints will not contain any personally identifiable information (PII), nor can hackers play the voice print audio or extract information from it.