Gmail Panic? The Truth Behind the “2.5 Billion Account Leak”

Posted on 2025-09-102025-09-10

Latest on the Gmail Data Leak Headlines such as “Google warns 2.5 billion Gmail users” and “2.5B Gmail accounts exposed” have been circulating widely. But here’s the truth: Google has clarified that not all Gmail users were asked to reset their passwords, and there was no massive Gmail password leak. What actually happened: one of […]

Continue reading→

Zero Trust, Real Results: Taiwan Stock Exchange Rallies Securities Firms to Lock Down Applications and Protect Investors

Posted on 2025-09-102025-09-10

On August 26, 2025, the Taiwan Stock Exchange (TWSE) hosted a major cybersecurity event at Taipei 101 — “Promoting Zero Trust Adoption in Securities Firms – Application Protection.” More than 110 security officers and IT specialists from brokerage firms attended, underscoring the urgency of strengthening defenses across Taiwan’s financial market. The core message focused on […]

Continue reading→

Think Your Data Is Safe? Workday’s Breach Shows Why Hackers Target People, Not Systems

Posted on 2025-08-282025-08-28

Workday, the global HR software provider used by more than 11,000 organizations—including over 60% of Fortune 500 companies—has confirmed a data breach caused by a social engineering attack. Unlike traditional hacks that exploit system vulnerabilities, this incident highlights an uncomfortable truth: the weakest link in cybersecurity is often human. On August 6, 2025, attackers impersonated […]

Continue reading→

Chanel Customer Data Breach Exposes Names, Phone Numbers, and Addresses — Could You Be Affected?

Posted on 2025-08-142025-08-14

Luxury brand Chanel faces a major data breach. Hackers accessed customer names, phone numbers, addresses, and emails through a third-party vendor in the US. Scammers may exploit this info. Find out what Chanel is doing and how you can protect yourself. Chanel Data Breach: Were You Affected? Many have bought Chanel’s luxury products online—but now, […]

Continue reading→

Spill the Tea: “Tea” the #1 Women’s Dating App Faces Major Data Breach — Private Data Publicly Exposed

Posted on 2025-08-072025-08-07

Tea, a popular anonymous dating app for women, has suffered a major data breach, exposing private messages and photos. Here’s a breakdown of what happened and essential lessons to improve cybersecurity. What Is the Tea App, and Why Did It Go Viral? Launched in 2023 by a U.S. team, Tea became the go-to anonymous dating […]

Continue reading→

Louis Vuitton Data Breach Sends Shockwaves from Taiwan to the UK— Is Your Data Safe?

Posted on 2025-07-312025-07-31

Louis Vuitton has experienced a significant data breach impacting customers in at least five countries: Taiwan, Hong Kong, the United Kingdom, South Korea, and Turkey. Below are the key facts of the incident, details on what was compromised, and actionable recommendations for consumers and businesses. Timeline of the Louis Vuitton Data Breach and Latest Developments […]

Continue reading→

Fast Food, Faster Hack: McDonald’s AI Hiring Tool Leaks 64 Million Records: Could AI Become the Next Cybersecurity Weak Spot?

Posted on 2025-07-232025-07-23

“A recent discovery revealed a major vulnerability in McDonald’s AI-driven hiring platform, potentially exposing the personal data of up to 64 million applicants. As businesses rapidly deploy AI across operations—from HR and customer service to marketing—the drive for efficiency often outpaces rising security risks Despite its power, AI is rapidly becoming a lucrative target for […]

Continue reading→

What Is Zero Trust Architecture? Why Every Business Needs a Zero Trust Strategy in 2025

Posted on 2025-07-162025-07-16

As cyber threats become more sophisticated and IT environments more complex, Zero Trust Architecture has emerged as the leading next-generation security strategy worldwide. Traditional perimeter-based defenses assumed that everything inside the corporate network was trustworthy, while everything outside was not. In contrast, Zero Trust is founded on the principle of ‘Never trust, always verify.’ Every […]

Continue reading→

Massive Qantas Data Leak: 6 Million Affected, Why Zero Trust Is Now Essential

Posted on 2025-07-092025-07-09

A major data breach at Qantas has exposed the personal information of 6 million customers after hackers compromised a third-party support system. This incident highlights why Multi-Factor Authentication (MFA) and Zero Trust security are now essential for protecting your data. Major Data Breach at Qantas Airways On July 1, 2025, Qantas Airways confirmed a large-scale […]

Continue reading→

My Number Meltdown: Japan’s Unprecedented National ID Data Breach

Posted on 2025-06-182025-06-18

Japan is in the midst of a data security crisis. According to a recent government report, personal data breaches in the country have skyrocketed by 58% in 2024, hitting a record-breaking 21,007 reported cases — the highest number since official records began. One of the most alarming parts of this report involves Japan’s national identification […]

Continue reading→

Device authentication

We offer a “token” for end users without the administration, logistics and hardware cost by using the devices the end users already own!

Security By Your Own Device!

The secure token is the identified device a user already carry, examples could be a smartphone, tablet, browser or a desktop/laptop computer.

Geographical locations

(geo-fencing)

Access is only allowed from locations that are approved, and the approved geographical location can be as large as a country or a continent, or just as small as a city.

We make sure that if a user moves from point A to B that they verify that it is indeed the true user who has moved.

2-channel structure

The Keypasco technology offers a strong authentication solution consisting of the Keypasco server (Borgen), one or several clients (Vakten), and a web channel.

The first channel sends information between the end user’s device/browser and the Internet Content Provider.
The second channel sends information between the end user’s device/Vakten client and the authentication server.

Then the verification of the end user´s attempt is done via the multi-factor levels of security. The Keypasco server verifies the device authentication, geographical location, micro proximity devices (optional), and the risk management.

Micro proximity

The micro proximity feature adds an additional level of security by appointing a dedicated micro proximity device. If this micro proximity device is not in immediate proximity to the Vakten for Desktop client the user can’t login or sign any transactions.

For an example: if device 1 is used to login to an account then device 2 (which is the micro proximity device) has to be within centimetres of device 1 to be logged in.

Risk management

Our risk management analysis feature provides a risk score for each attempt done by the end user. The risk score and it´s value is determent by indicators such as correct device, proximity of additional secure devices, Out Of Band verifications, geographical locations/geofencing, previous fraud and fraud trends etc.

This analysis is improved continuously and is an active part of the service to quickly mitigate new threats.

PKI Sign

The Keypasco PKI Sign feature is a dynamic feature that offers ICPs full support of PKI in a portable mobile device. The feature is based upon the core concepts:

a end users credentials, only known by the correct user,
a transaction can only be approved from the correct device,
a transaction can only be approved from an approved location.

We can guarantee by utilizing the PKI Sign that the signature is done by the correct user. Keypasco has invented (and patented) a new innovative way of using a users mobile device as a secure soft carrier of private keys.

An end users private key is divided into three parts: a client part, a server part, and a secret (PIN). The private keys can only be put together and sign a transaction if the end user has all three parts. The correct user is the only one who knows the secret to achieve the client part, and the server part is only achieved when the correct device and location has identified itself.

The feature does not require a Trusted Platform or a Secure Element, and Keypasco can provide the generating of keys, and verify the signatures if no established PKI CA is provided by the Internet Content Provider through an optional plugin.

Macro proximity

Access is only allowed from locations that are approved, and a user need to have his or hers devices within a reasonable distance of each other.

If the devices are too far apart (example: the distance between point A and point B) it will result in a weak macro proximity score.

GeoOTP

The Keypasco GeoOTP is a complementary mechanism for offline situations. This feature is suitable when a user is in a situation without network access.

The GeoOTP provides information about where the device is located and which device that is being used.

Local sign

Keypasco offers Internet Content Providers a way to provide user a option to sign transactions via the Desktop Client. The Vakten for Desktop client presents a window with the transaction details and asks the user to approve or deny.

This signature option is presented on the same Desktop device that initiated the attempt, but all the information is secured by the 2-channel structure.

Vakten™ Smartphone

The Vakten client is installed on the end users smartphone device to identity the device and location. This Vakten has two functionalities:

To send the device authentication and geographical location information to the Keypasco server Borgen,
and to receive tasks to confirm attempts, which is usually payment signatures or Out of Band recovery.

Supported platforms: Android & iOS.

The Keypasco server – Borgen™

The Keypasco server Borgen is self-scalable to handle any volume, and we offer a SLA on 99,999% uptime on the Cloud Server.

Borgen store the unique identifiers (made up by the device authentication, geographical location, micro proximity devices (optional), and the Risk management.) in the anticipation that an Internet Content Provider and the Vakten software send in an authentication and/or sign attempt.

When an attempt is received, Borgen match the sets of identifiers sent through the different channels with the saved ones.

The Keypasco Server Borgen is offered to be hosted in both the Clouds and On-premise as a Server License.

Vakten™ Browser

The Keypasco product Browser Vakten is an easy and quickly deployable product tailored as an entry level product on it’s own, but comes to it’s full strength in combination with the Keypasco client Smartphone Vakten.

It doesn’t require any installation procedure on client devices; it is instead an integrated part of the web layer of the Internet Content Provider’s web site by an embedded JavaScript.

The Vakten client is installed in the end users browser to identity the device and location. This Vakten has one functionality:

To send the device authentication and geographical location information to the Keypasco server Borgen

Supported platforms: Browsers (Internet Explorer, Chrome, Firefox, & Safari) on desktop (Windows, Mac OSX, & Linux) & smartphone (Android & iOS).

Vakten™ Desktop

The Vakten client is installed on the end users smartphone device to identity the device and location. This Vakten has two functionalities:

To send the device authentication and geographical location information to the Keypasco server Borgen,
and to receive tasks to confirm attempts, which is a local sign payment signatures.

Supported platforms: Windows, Mac OSX, & Linux.

Mitigated Threats

Phishing: Keypasco mitigates phishing by linking the user with a geographical location and the device authentication. A user’s username and password will not work from a wrong device or location.

Man in the Middle & Man in the Browser: Man in the Middle (MitM) and Man in the Browser (MitB) attacks are mitigated by Keypasco’s 2-channel structure and the Out of band secure notifications.

Malicious Virus Control (Viruses, Trojans, etc): Viruses, Trojans, and other infections can control or replicate an end user’s device. Keypasco mitigates these threats by offering Out of Band authentication, which enables a user to regain control of devices and accounts.

Theft/Robbery: In addition to virtual threats, physical theft of a device can compromise a user’s security.
With Keypasco’s proximity feature, a user’s account is safe even if a device is stolen.

English