Numrich Gun Parts Corporation, the world’s largest retailer of gun parts, confirmed recently that an unknown individual was able to obtain consumer payment details used to make orders on the corporation’s website.
On June 6, 2022, Numrich filed a formal notification, issuing alert letters to as many as 45,169 customers. According to Numrich, the hack compromised the addresses, names, debit or credit card numbers, and expiry dates.
What Led To The Numrich Data Breach?
Even though Numrich didn’t mention how the unauthorized person accessed the data, this seems to be a typical case of a data scraping cyber-attack.
Data scraping is not a direct attack but a way to get information. Many legitimate companies use data scraping to get data online. Data scraping generally means someone gets data from websites using a computer program.
For instance, when crawling webpages, search engines such as Google and Bing use data scraping to figure out which webpages are the most useful to a searcher, depending on their search terms.
On the other hand, hackers can also use data scraping to get information from a site. When a hacker uses the method as part of an attack, the site will look perfectly normal, and users won’t notice anything wrong.
But hackers can send customers’ names and debit or credit card data when they buy something from an online store by sneakily putting malicious software on the store’s back end. This lets hackers get valuable financial information, which they often use to make purchases without permission or pull other scams.
Tips To Prevent Data Scraping
Ultimately, it’s up to the big firms in question to set up practices that keep your information from getting into the wrong hands. In the meantime, though, there are things you can do to protect yourself against data scraping.
Set up Two-Factor Authentication On All Online Accounts
To keep your accounts safe, use two-factor authentication. If you turn it on, you’ll get a text or email message when someone tries to get into your accounts. The article 5 Easy Steps To Get Two-Factor Authentication & Why You Need It has excellent tips on setting up 2-factor authentification.
Make Sure You Haven’t Been “Pwned” To Avoid Having Your Data Stolen
Many businesses you work with won’t tell you if their data is leaked. Websites like www.haveibeenpwned.com let you stay on top of things and keep track of data breaches that affect you.
Don’t Give Out So Much Information Online
The best way to avoid data scaping is to quit using social media. But at a minimum, change your personally identifiable information (PII) on your online profiles to hide your real info. This includes using a fake phone number, fake address, fake date of birth, and being untruthful when answering security questions about the street you grew up on, first pet’s name, etc. Store your alternate information in your password manager.
words And Start Using PassphrasesChange Those Pass
Data scraping doesn’t usually reveal passwords, but shifting to longer passphrases will help secure your online accounts. Passphrases should not be lyrics or other sentences found online. Use a sentence about a personal goal or dream that includes numbers and proper grammar, including punctuation. Don’t be scared to use spaces in the passphrase. Whole phrases are easy for you to memorize but hard for someone else to figure out—still, store passphrases in your password manager.
“Replace your 10 year-old keyboard.” or “GoWorkout@TheY@8!” are examples of passphrases (by the way, don’t use these 2 examples now that they’re published). Check out this article on tips to create strong passwords….errr pass-phrases.