Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
Company profile
Name: Thndr
Started: October 2020
Founders: Ahmad Hammouda and Seif Amr
Based: Cairo, Egypt
Sector: FinTech
Initial investment: pre-seed of $800,000
Funding stage: series A; $20 million
Investors: Tiger Global, Beco Capital, Prosus Ventures, Y Combinator, Global Ventures, Abdul Latif Jameel, Endure Capital, 4DX Ventures, Plus VC, Rabacap and MSA Capital
Tonight's Chat on The National
Tonight's Chat is a series of online conversations on The National. The series features a diverse range of celebrities, politicians and business leaders from around the Arab world.
Tonight’s Chat host Ricardo Karam is a renowned author and broadcaster who has previously interviewed Bill Gates, Carlos Ghosn, Andre Agassi and the late Zaha Hadid, among others.
Intellectually curious and thought-provoking, Tonight’s Chat moves the conversation forward.
Facebook | Our website | Instagram
THE SPECS
Engine: 1.5-litre turbocharged four-cylinder
Transmission: Constant Variable (CVT)
Power: 141bhp
Torque: 250Nm
Price: Dh64,500
On sale: Now
KEY%20DATES%20IN%20AMAZON'S%20HISTORY
%3Cp%3E%3Cstrong%3EJuly%205%2C%201994%3A%3C%2Fstrong%3E%20Jeff%20Bezos%20founds%20Cadabra%20Inc%2C%20which%20would%20later%20be%20renamed%20to%20Amazon.com%2C%20because%20his%20lawyer%20misheard%20the%20name%20as%20'cadaver'.%20In%20its%20earliest%20days%2C%20the%20bookstore%20operated%20out%20of%20a%20rented%20garage%20in%20Bellevue%2C%20Washington%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EJuly%2016%2C%201995%3A%3C%2Fstrong%3E%20Amazon%20formally%20opens%20as%20an%20online%20bookseller.%20%3Cem%3EFluid%20Concepts%20and%20Creative%20Analogies%3A%20Computer%20Models%20of%20the%20Fundamental%20Mechanisms%20of%20Thought%3C%2Fem%3E%20becomes%20the%20first%20item%20sold%20on%20Amazon%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E1997%3A%3C%2Fstrong%3E%20Amazon%20goes%20public%20at%20%2418%20a%20share%2C%20which%20has%20grown%20about%201%2C000%20per%20cent%20at%20present.%20Its%20highest%20closing%20price%20was%20%24197.85%20on%20June%2027%2C%202024%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E1998%3A%3C%2Fstrong%3E%20Amazon%20acquires%20IMDb%2C%20its%20first%20major%20acquisition.%20It%20also%20starts%20selling%20CDs%20and%20DVDs%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2000%3A%3C%2Fstrong%3E%20Amazon%20Marketplace%20opens%2C%20allowing%20people%20to%20sell%20items%20on%20the%20website%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2002%3A%3C%2Fstrong%3E%20Amazon%20forms%20what%20would%20become%20Amazon%20Web%20Services%2C%20opening%20the%20Amazon.com%20platform%20to%20all%20developers.%20The%20cloud%20unit%20would%20follow%20in%202006%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2003%3A%3C%2Fstrong%3E%20Amazon%20turns%20in%20an%20annual%20profit%20of%20%2475%20million%2C%20the%20first%20time%20it%20ended%20a%20year%20in%20the%20black%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2005%3A%3C%2Fstrong%3E%20Amazon%20Prime%20is%20introduced%2C%20its%20first-ever%20subscription%20service%20that%20offered%20US%20customers%20free%20two-day%20shipping%20for%20%2479%20a%20year%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2006%3A%3C%2Fstrong%3E%20Amazon%20Unbox%20is%20unveiled%2C%20the%20company's%20video%20service%20that%20would%20later%20morph%20into%20Amazon%20Instant%20Video%20and%2C%20ultimately%2C%20Amazon%20Video%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2007%3A%3C%2Fstrong%3E%20Amazon's%20first%20hardware%20product%2C%20the%20Kindle%20e-reader%2C%20is%20introduced%3B%20the%20Fire%20TV%20and%20Fire%20Phone%20would%20come%20in%202014.%20Grocery%20service%20Amazon%20Fresh%20is%20also%20started%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2009%3A%3C%2Fstrong%3E%20Amazon%20introduces%20Amazon%20Basics%2C%20its%20in-house%20label%20for%20a%20variety%20of%20products%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2010%3A%3C%2Fstrong%3E%20The%20foundations%20for%20Amazon%20Studios%20were%20laid.%20Its%20first%20original%20streaming%20content%20debuted%20in%202013%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2011%3A%3C%2Fstrong%3E%20The%20Amazon%20Appstore%20for%20Google's%20Android%20is%20launched.%20It%20is%20still%20unavailable%20on%20Apple's%20iOS%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2014%3A%3C%2Fstrong%3E%20The%20Amazon%20Echo%20is%20launched%2C%20a%20speaker%20that%20acts%20as%20a%20personal%20digital%20assistant%20powered%20by%20Alexa%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2017%3A%3C%2Fstrong%3E%20Amazon%20acquires%20Whole%20Foods%20for%20%2413.7%20billion%2C%20its%20biggest%20acquisition%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2018%3A%3C%2Fstrong%3E%20Amazon's%20market%20cap%20briefly%20crosses%20the%20%241%20trillion%20mark%2C%20making%20it%2C%20at%20the%20time%2C%20only%20the%20third%20company%20to%20achieve%20that%20milestone%3C%2Fp%3E%0A
SWEET%20TOOTH
%3Cp%3E%3Cstrong%3ECreated%20by%3A%3C%2Fstrong%3E%20Jim%20Mickle%2C%20Beth%20Schwartz%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%3C%2Fstrong%3E%20Nonso%20Anozie%2C%20Christian%20Convery%2C%20Adeel%20Akhtar%2C%20Stefania%20LaVie%20Owen%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%203.5%2F5%3C%2Fp%3E%0A
The Details
Article 15
Produced by: Carnival Cinemas, Zee Studios
Directed by: Anubhav Sinha
Starring: Ayushmann Khurrana, Kumud Mishra, Manoj Pahwa, Sayani Gupta, Zeeshan Ayyub
Our rating: 4/5
England's all-time record goalscorers:
Wayne Rooney 53
Bobby Charlton 49
Gary Lineker 48
Jimmy Greaves 44
Michael Owen 40
Tom Finney 30
Nat Lofthouse 30
Alan Shearer 30
Viv Woodward 29
Frank Lampard 29
The White Lotus: Season three
Creator: Mike White
Starring: Walton Goggins, Jason Isaacs, Natasha Rothwell
Rating: 4.5/5
MATCH INFO
West Ham United 2 (Antonio 73', Ogbonna 90 5')
Tottenham Hotspur 3 (Son 36', Moura 42', Kane 49')
The Details
Kabir Singh
Produced by: Cinestaan Studios, T-Series
Directed by: Sandeep Reddy Vanga
Starring: Shahid Kapoor, Kiara Advani, Suresh Oberoi, Soham Majumdar, Arjun Pahwa
Rating: 2.5/5
UAE currency: the story behind the money in your pockets
The specs
Engine: 4.0-litre flat-six
Torque: 450Nm at 6,100rpm
Transmission: 7-speed PDK auto or 6-speed manual
Fuel economy, combined: 13.8L/100km
On sale: Available to order now
Our legal consultant
Name: Hassan Mohsen Elhais
Position: legal consultant with Al Rowaad Advocates and Legal Consultants.
Related
SPEC SHEET
Display: 6.8" edge quad-HD dynamic Amoled 2X, Infinity-O, 3088 x 1440, 500ppi, HDR10 , 120Hz
Processor: 4nm Snapdragon 8 Gen 1/Exynos 2200, 8-core
Memory: 8/12GB RAM
Storage: 128/256/512GB/1TB
Platform: Android 12
Main camera: quad 12MP ultra-wide f/2.2, 108MP wide f/1.8, 10MP telephoto f/4.9, 10MP telephoto 2.4; Space Zoom up to 100x, auto HDR, expert RAW
Video: 8K@24fps, 4K@60fps, full-HD@60fps, HD@30fps, super slo-mo@960fps
Front camera: 40MP f/2.2
Battery: 5000mAh, fast wireless charging 2.0 Wireless PowerShare
Connectivity: 5G, Wi-Fi, Bluetooth 5.2, NFC
I/O: USB-C
SIM: single nano, or nano and SIM, nano and nano, eSIM/nano and nano
Colours: burgundy, green, phantom black, phantom white, graphite, sky blue, red
Price: Dh4,699 for 128GB, Dh5,099 for 256GB, Dh5,499 for 512GB; 1TB unavailable in the UAE
New schools in Dubai
Infiniti QX80 specs
Engine: twin-turbocharged 3.5-liter V6
Power: 450hp
Torque: 700Nm
Price: From Dh450,000, Autograph model from Dh510,000
Available: Now
French Touch
Carla Bruni
(Verve)
Normcore explained
Something of a fashion anomaly, normcore is essentially a celebration of the unremarkable. The term was first popularised by an article in New York magazine in 2014 and has been dubbed “ugly”, “bland’ and "anti-style" by fashion writers. It’s hallmarks are comfort, a lack of pretentiousness and neutrality – it is a trend for those who would rather not stand out from the crowd. For the most part, the style is unisex, favouring loose silhouettes, thrift-shop threads, baseball caps and boyish trainers. It is important to note that normcore is not synonymous with cheapness or low quality; there are high-fashion brands, including Parisian label Vetements, that specialise in this style. Embraced by fashion-forward street-style stars around the globe, it’s uptake in the UAE has been relatively slow.
List of UAE medal winners
Gold
Faisal Al Ketbi (Open weight and 94kg)
Talib Al Kirbi (69kg)
Omar Al Fadhli (56kg)
Silver
Zayed Al Kaabi (94kg)
Khalfan Belhol (85kg)
Zayed Al Mansoori (62kg)
Mouza Al Shamsi (49kg women)
Bronze
Yahia Mansour Al Hammadi (Open and 94kg)
Saood Al Hammadi (77kg)
Said Al Mazroui (62kg)
Obaid Al Nuaimi (56kg)
Bashayer Al Matrooshi (62kg women)
Reem Abdulkareem (45kg women)
Killing of Qassem Suleimani
MOUNTAINHEAD REVIEW
Starring: Ramy Youssef, Steve Carell, Jason Schwartzman
Director: Jesse Armstrong
Rating: 3.5/5
The specs
- Engine: 3.9-litre twin-turbo V8
- Power: 640hp
- Torque: 760nm
- On sale: 2026
- Price: Not announced yet
Specs
Engine: Electric motor generating 54.2kWh (Cooper SE and Aceman SE), 64.6kW (Countryman All4 SE)
Power: 218hp (Cooper and Aceman), 313hp (Countryman)
Torque: 330Nm (Cooper and Aceman), 494Nm (Countryman)
On sale: Now
Price: From Dh158,000 (Cooper), Dh168,000 (Aceman), Dh190,000 (Countryman)
David Haye record
Total fights: 32
Wins: 28
Wins by KO: 26
Losses: 4
Killing of Qassem Suleimani
ABU%20DHABI'S%20KEY%20TOURISM%20GOALS%3A%20BY%20THE%20NUMBERS
%3Cp%3EBy%202030%2C%20Abu%20Dhabi%20aims%20to%20achieve%3A%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E%E2%80%A2%2039.3%20million%20visitors%2C%3C%2Fstrong%3E%20nearly%2064%25%20up%20from%202023%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E%E2%80%A2%20Dh90%20billion%20contribution%20to%20GDP%2C%3C%2Fstrong%3E%20about%2084%25%20more%20than%20Dh49%20billion%20in%202023%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E%E2%80%A2%20178%2C000%20new%20jobs%2C%3C%2Fstrong%3E%20bringing%20the%20total%20to%20about%20366%2C000%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E%E2%80%A2%2052%2C000%20hotel%20rooms%2C%3C%2Fstrong%3E%20up%2053%25%20from%2034%2C000%20in%202023%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E%E2%80%A2%207.2%20million%20international%20visitors%2C%3C%2Fstrong%3E%20almost%2090%25%20higher%20compared%20to%202023's%203.8%20million%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E%E2%80%A2%203.9%20international%20overnight%20hotel%20stays%2C%3C%2Fstrong%3E%2022%25%20more%20from%203.2%20nights%20in%202023%3C%2Fp%3E%0A
The British in India: Three Centuries of Ambition and Experience
by David Gilmour
Allen Lane
Red flags
- Promises of high, fixed or 'guaranteed' returns.
- Unregulated structured products or complex investments often used to bypass traditional safeguards.
- Lack of clear information, vague language, no access to audited financials.
- Overseas companies targeting investors in other jurisdictions - this can make legal recovery difficult.
- Hard-selling tactics - creating urgency, offering 'exclusive' deals.
Courtesy: Carol Glynn, founder of Conscious Finance Coaching
The five pillars of Islam
