A competitor is attempting to steal away customers from website analytics solutions provider Hitsniffer after an employee made off with the company's customer database.
On 6 September, 2016, Hitsniffer tweeted out that a rival web analytics company called Hitsteps had gained unauthorised access to its customer database and was using it to try and steal away its customers.
Hitsteps has no affiliation to Hitsniffer, as the latter expressed on its Twitter account:
"We have no relationship with Hitsteps, they do not have permission to be using our databases to contact our clients. Be wary."
The company also included a screenshot of what one of its customers received from Hitsteps:
At this time, it's unclear how exactly Hitsteps gained access to the customer database.
On its website (which is currently down), Hitsniffer said its competitor's unscrupulous behavior could be linked to the actions of one of its employees:
"Hitsniffer was compromised by a programmer who had worked for the company since its inception. This programmer has stolen all databases. The customer database is now in his hands. You will probably have received an email from a company called Hitsteps, this company has no relationship with Hitsniffer, Hitsteps is now using our customer database to contact our customers."
Little is known about the programmer in question, including their motivations for stealing the database and whether they provided Hitseps with the customer contacts directly.
The police and the Information Commissioner's Office (ICO) in the United Kingdom are currently investigating the incident. As of this writing, no arrests have been made.
Hitsniffer's story is a reminder for all companies to be on the lookout for malicious insiders.
Organisations can protect themselves against these types of attacks by training their employees to watch for suspicious behavior and other telltale signs among their coworkers.
Could your company do more to defend against insider attacks?
If so, contact Metacompliance and learn how its e-learning software can strengthen your employees' respect for your internal policies and their awareness of malicious behaviour.