Huntress has not seen the data referenced in the Twitter post, and has no information on whether or not the attacker who claimed to have it has used it or shared it with others. Vendors and channel pros with Axial accounts, the company says, should reset passwords, implement multifactor authentication, and take other precautions just the same.
“Do your tried-and-true security basics,” Hammond advises.
According to Hammond, the GlobalMeet and vFairs vulnerabilities underscore the need for virtual conference vendors to make security as important a priority as functionality by assigning a full-time, permanent team to platform integrity.
“Make that their whole job forever,” he says. “They’re always testing. They’re always doing that QA quality assurance, but for security.”
Companies that stage virtual events on platforms like GlobalMeet and vFairs must take security more seriously as well, Hammond adds, by asking about security policies when evaluating platforms and requesting audit results.
“We can’t always blindly trust this potential solution or potential product that could give us what we want in the moment,” he says.
What virtual event attendees should do going forward to protect themselves from platform vulnerabilities, Huntress concedes, is less clear.
“It’s a tough problem to solve,” says Hammond, noting that since the arrival of COVID-19 last year, virtual events have been essential tools for communication, collaboration, and community-building.
“That’s how we socialize, and there’s value in that,” he says. Using disposable, temporary email addresses and “sock puppet” accounts when registering for virtual conferences isn’t viable either, adds Hammond, who calls vigilance the best available option at present for most channel pros.
“I would encourage them to stay in the know,” he says.