A cybersecurity issue/problem has been faced by Qualcomm recently which impacted the security of their visitor check-in framework. Qualcomm is an American multinational corporation, established in 1985, headquartered in California, that builds semiconductors, intellectual property, softwares and in addition provides wireless technology-related services.
Qualcomm on its issue-related FAQ page explains, how the incident occurred, that the attacker/hackers utilized an RCE (Remote Code Execution) vulnerability in their QVisit app to achieve access to servers that hosted the app. By accessing the servers, attackers/hackers downloaded and executed further software which served them log-in to the sacrificed systems. When the systems and their logs were analyzed, no further traces were discovered about attackers performing any malicious activities on the system or in the application.
The affected people are the ones who may have used the visitor check-in system while visiting Qualcomm’s office earlier. The user data was exposed to attackers and it included first and last name, contact details such as emails and phone numbers, address, start, and end date and time of visit, type and purpose of the visit, visit location, organization, title, country of citizenship, and if the visitor was a job applicant then his designation details and the schedule of the interview.
This big giant has initiated making the affected ones aware of the incident via a privacy notice that explains the issue when it was discovered and how and why did the incident occur. The privacy notice also included that no one is vulnerable to identity theft as details like date of birth, government identifier, or credit card details were never exposed. It also explains that however, there aren’t any risks of identity theft, but since the contact details have been exposed, the victims could possibly face phishing.
Qualcomm, on its FAQ page, stated that “we don’t believe that the type of information that was exposed raises a serious threat of identity theft. Credit card information, government identifiers, or birth dates were not part of the exposed information. As a good practice, however, you should monitor your accounts and obtain a credit report on yourself on a regular basis.” Qualcomm also explains that “upon discovery of the unauthorized access into our systems, the company immediately began an investigation of the impacted systems to determine the nature and scope of the incident along with the specific data impacted. We have completed a rebuild of the impacted QVisit application and associated infrastructure to ensure the intrusion was contained and further access is prevented. We have also added additional cybersecurity monitoring to detect any future intrusion attempts. The intrusion has been reported to the federal authorities and we are notifying impacted individuals.”
It is suggested for the victims of the incident to stay quite aware of the phishing emails or messages that you may receive in the coming times. The organization served a link that explains effective ways to recognize and stay safe from phishing. Qualcomm also suggests to stay more safe and secure in any case, victims should keep a constant eye on their accounts and should also get credit reports more often than ever.