Major sporting events on the scale of Tokyo Olympics 2020 do not occur very often, but in the digital age have become frequent attack targets. While coordinated intrusions by hacktivists such as launching distributed denial of service (DDoS) to cripple power systems were identified at prior Games like London 2012, the Tokyo 2020 breaches illustrate how pervasive credential theft attacks have become.

Personal data of Tokyo Olympics 2020/2021 volunteers and ticket holders have been leaked online, although officials say the breach is “not large”. The official, added that the organising committee had launched an investigation into the matter.

The stolen data includes personal credential data like usernames and passwords which can be used to access Tokyo 2020/2021 Olympic websites aimed for volunteers and ticket holders. As such, personal data such as names, addresses and bank account numbers linked with these credentials might have all been compromised.

 

Cause of the Data Breach

The personal information of around 170 people linked to the Tokyo 2020 organizing committee and THOUSANDS of login IDS and passwords of people who purchased tickets for the Tokyo Olympics was breached, via unauthorized access to an information-sharing tool developed by Fujitsu Ltd.

The source claims, however, that this leak was “not large” in scale, and that measures were already being taken to limit the spread of compromised data.

A fake phishing webpage set up by malicious actors to dupe Tokyo 2020 ticket holders & event staff into entering their personal data. Source: Kaspersky

 

Impact of the Data Breach

The data breach exposes highly sensitive data. Having such sensitive data in the public domain would make it incredibly easy to trick, defraud, and steal from the people exposed.

The bad actors can use the data for identity theft, phishing attempts, social engineering attacks, and hacked accounts.

The logins and passwords posted from the Tokyo Olympic ticket portal can be used to steal funds or create synthetic identities, which could enable cybercriminals to apply for new accounts. That said, the damage of breaches is not only directly financial.

 

Recommendations

• The users must take necessary actions as their data could be abused by attackers to take over user accounts and perform fraudulent transactions.
• As a conservative measure, the users can change the password to their compromised account, as well as for any other account for which they use the same password.

Users should also be wary of targeted phishing emails that pretend to be from Tokyo Olympics and utilize the information disclosed in this data breach. There is no single fool-proof way to avoid phishing attacks; fortunately, there are ways to avoid becoming a victim yourself. Here are the basic guidelines in keeping yourself safe:

1. Keep Informed about Phishing Techniques– New phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one. Keep your eyes peeled for news about new phishing scams.

 

2. Think Before You Click! – It’s fine to click on links when you’re on trusted sites. Clicking on links that appear in random emails and instant messages, however, isn’t such a smart move. Hover over links that you are unsure of before clicking on them.

 

3. Verify a Site’s Security –Before submitting any information, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar.

 

4. Never Give Out Personal Information– As a general rule, you should never share personal or financially sensitive information over the internet.

 

5. Keep Your Browser Up to Date – Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit. If you typically ignore messages about updating your browsers, stop. The minute an update is available, download and install it.