At a glance.
- Indigo is a closed book when it comes to details on cyber incident.
- Smart speakers listen in.
Indigo is a closed book when it comes to details on cyber incident.
Global News reports that Indigo Books & Music, Canada’s largest bookstore chain, experienced what the company is calling a “cybersecurity incident” on Wednesday. The exact nature of the incident is unclear, but the Toronto-based bookseller was forced to take down their customer-facing website and is not accepting online orders. In the meantime, customers will have to pay cash for any purchases, and any gift card transaction or returns will have to wait. Indigo says it’s still in the process of determining whether customer data was compromised and an investigation, aided by third-party experts, is underway. As Bleeping Computer notes, the company said it is working to restore its systems, which could indicate a ransomware attack. Threat intelligence firm Kela discovered Indigo data recently posted for sale on a cybercrime forum, acquired by using information-stealing malware like Redline, Vidar, and Raccoon, but it’s unclear if it’s connected to this particular incident.
The walls have ears.
Could your home assistant allow an outsider to eavesdrop on you? An investigator at WeLiveSecurity conducted his own experiment to find out. The “drop-in” feature on Amazon’s Echo Dot is intended to allow users on the same network to communicate from different rooms. However, it turns out that an outsider with the right information could use this tool to hear what’s going on near an Echo device, even if the intruder is not using the home’s WiFi. What’s worse, a device that’s being “dropped in” on usually lights up and emits a tone to let users know it’s in use, but a savvy spy could turn these off. Couple that with the fact that the device log doesn’t track drop-ins, and there’s no way a victim would know anyone was listening in. In order to secure their devices, it’s recommended that users employ common sense measures like using a strong password, enabling two-factor authentication, and checking the device settings instead of just relying on the default user permissions. And when in doubt, just unplug the device before discussing your tax returns or any illicit affairs.