The hardware - the chips and circuit boards can also provide ways for an attacker to extract data or modify data within a computer system. Sometimes the chips or boards don't work exactly as the designer expected, and these mistakes give the attacker access. But if the attacker can get their own chips into the production process then they can deliberately design and manufacture chips that add back doors into the system. Counterfeit chips that work in identical way to the official chips are widespread and hard to detect. Any one of these counterfeits could be compromised.
Another way of attacking via the hardware is to add a small, insignificant component to a circuit board. https://www.wired.com/story/plant-spy-chips-hardware-supermicro-cheap-proof-of-concept/
This form of attack has been discussed for many years in the CyberSecurity community - but this latest demonstration shows how easy it is to set up.
Often the weakest link in CyberSecurity is the computer user. Many users do things that make life easier for the criminal. We have mentioned running the computer using an admin account all the time. Downloading software from dubious sites. Clicking spam email links, opening attachments
Equally bad are using short words as passwords, or using the same password on several sites, or not changing the default passwords. More on that in the next tutorial.
But carelessness also applies to security companies that should have procedures in place that check and check again that all their data is secure.
Verifications.io: In February 2019, the email address validation service verifications.io suffered a data breach . Discovered by Bob Diachenko and Vinny Troia , the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed.