Cyber threats are on the rise, and with them, a new wave of digital deception. Clickbait, fake news, yellow journalism are words we encounter on a daily basis, but their impact becomes dangerous when they intersect with extortion. While governments regularly alert citizens to ransomware and cyberattacks, rumors often act as a catalyst to the wildfire. A prime example is the recent rumor regarding an alleged IDMERIT data breach. Claims circulated that data from more than 10% of the world’s population had been exposed online. When you think about it, the figure sure seems staggering. But it also raises critical questions: Was this leak a calculated attempt to drive web traffic?
Cyber security experts have often raised questions on how Cybernews reports fake news with sensationalized headlines and AI-generated images as evidence to drive traffic. When you link words such as ‘billions leaked,’ ‘record of 1 billion leaked,’ ‘KYC data leak,’ etc., with a standard ‘believe me, bro’ reporting, something is fishy. Welcome to the world of online extortion using a fake news network and sensationalized headlines.
What was suspecting from the start is the Cybernews is the single source of this piece of news. When third-party outlets began reporting the story without conclusive evidence, other than citing Cybernews as their source, it became clear that the incident was being leveraged for clicks.
This also raises another bigger concern. Will the emergence of fabricated claims of IDMERIT data breach create a pathway for more (failed) extortion attempts in the future for KYC companies?
What does it mean when an alleged data breach such as IDMERIT’s has no proof?
As the claims propositioned as a vital IDMERIT expose, it implied that KYC-related data of the general public has been compromised in the process since the data breach has made them publicly accessible. This could be a serious issue for enterprise leaders in the future.
There are plenty of critical gaps in the discussion which make it obvious that the Cybernews story about IDMERIT breach was fake from the start.
There has been no verified data that establishes a serious IDMERIT data leak, nor is there any forensic confirmation that states that the company owned any of the data. This leaves room for one detail most of us may have missed: Was there a ransomware attack on IDMERIT and when the it denied to pay ransom, the hackers ran sensationalized headlines against the software company?
Any proof of data breach requires extreme verification of evidence. Since there has been no proven forensic evidence other than an AI-generated article with AI-generated images, the whole claim falls flat.
What’s interesting is that fake news travels faster in today’s digital ecosystem. Cybernews banked on this and ran a story without conclusive proof in order to damage the reputation of the company.
How are news means of extortion-driven narratives rising so quickly?
Misinformation and coercive pressure from fake news outlets are a direct reflection of the society we live in. With cyber threats on the rise, it is no surprise that hackers are now finding more and more innovative ways to extort a KYC company like IDMERIT with fake news.
The traditional ways of hacking include data encryption, demand for money and infiltration in public systems. However, modern means have found alternative ways of hacking. These hackers leverage their claim on stolen data. They often prey on finding loopholes, and if they are acknowledged by the company in any form, they often send a follow-up email claiming that the company data has been stolen. This gives way to public disclosure threats, data leak threats, and reputational damage blackmails unless their millions are paid.
If the hacker isn’t successful in their attempts on extortion, they partner with companies like Cybernews which has a history of running fake news. These companies then join hands with hackers and post sensationalized headlines such as ‘billions leaked,’ ‘records of 1 billion Americans breached,’ etc. to drive traffic to the website. In the current narrative, cyber thread is more psychological, rather than code-based.
The recent IDMERIT data breach story shows how a clickbait can pave its way to make a shift in cyber security threats. Misinformation coupled with psychological threats is the new pressure tactic that hackers are using by joining hands with third-party news sites. This hybrid model is scarier than it looks, as it affects not just the company, but people across the globe.
It’s time we educate ourselves to believe only evidence-based reporting before falling for clickbait. As the concerns over ransomware keep rising, every data breach news story needs to be double-checked.