Santa Claus has landed himself in hot water, following the release of “selfie” photos.
Believed to have been caught up in the Apple iCloud unauthorised access incident from this summer, where an attacker used brute force password tools to access the accounts and leak photos, including revealing photos of a number of actresses, St Nicholas is the latest victim of the access.
In this latest development, selfies of Santa have been the latest to be revealed in a timely release just before Christmas. These were not disclosed at the time, but questions will be asked on the impact upon families around the world, but on his behaviour too.
TK Keanini, CTO of Lancope, said that there is a vested interest in keeping Santa secure as:
1. He knows all your names and whether you have been naughty or nice. If the naughty list was in detail, the attackers could black mail you like they did Sony in disclosing things about you that no one should know.
2. He has access to your home, which has always scared me as a kid
3. Everyone trusts him, so if the attackers used his identify they could phish just about anyone in the world who believes in Santa.
Gavin Millard, technical director for EMEA at Tenable, said: “Forgetting to enable such simple security as two-factor authentication should relegate Santa to the naughty list. It doesn’t bode well for the default security on the cheap Android tablets he’ll be stuffing into our stockings this year.”
AlienVault, suggested that Santa could maybe benefit from a little collaborative threat intelligence this year, especially with the WHoRAT (Worldwide Holiday Remote Access Toolkit) installed on Santa’s mail server.
“Our Unified Security Management was able to catch it in time, though, making sure that no good kids got coal in their stockings,” a spokesperson said.
Watch the full report here: