ALERT – Peer-to-peer (P2P) software continues to cause security risks for users and corporate networks with private data being accidentally shared across file sharing networks. ABN Amro (CitiGroup-owned mortgage company) recently reported that a former employee had exposed a couple of spreadsheets with 5,000+ social security numbers and other private customer information. A data-leakage protection services company traced the source of the ABN Amro data to a computer with BearShare file sharing software installed on it. BearShare is a P2P file sharing application that originally provided support for the Gnutella file sharing network, but was subsequently purchased by MusicLab, which owns and operates the iMesh file sharing network. BearShare clients (version 6 and beyond) now operate on the iMesh network.
If this scenario sounds familiar, it’s probably because Pfizer had a similar issue earlier this year with over 17,000 social security numbers and personal data compromised by P2P related issues. It’s important to note that P2P search terms commonly used are no longer names of your favorite song but are now terms to find and steal identity or personal information. Enterprise organizations should take note and understand that visibility and control over all applications on the corporate network is paramount to being able to reduce security risks and to provide compliance to regulatory requirements. Palo Alto Networks customers have visibility and control over BearShare traffic via the iMesh App-ID.
Click here to view the Dark Reading article.