One of the latest data leaks became known on April 04, 2022. Block has acknowledged that the Cash App mobile payment service was hacked due to an insider threat. In December 2021, a former employee of the company hacked the service and stole customer names, bank account numbers, asset values, exchange trading information. The exact number of customers who were affected by this incident was not reported. It is known that the company turned to 8 million of its customers and reported what had happened. Such attacks happen regularly and concern all modern companies. Below are some more examples of recent cases of hacking and information leakage.
- In March 2022, Microsoft was hacked by the Lapsus$ hacker group. Confirming the hack screenshot in Azure DevOps was published in their Telegram channel. The hack compromised Bing, Cortana, and other projects. Lapsus$ was motivated by monetary interest, but not political. To achieve their goals, they turned to the company technical staff with a request to compromise their employers.
- On January 17, 2022, hackers hacked the wallets of 483 Crypto.com users. Over $30 million was stolen from this hack. Part of the amount was stolen in Bitcoins, part in Ethereum and other cryptocurrencies. Attackers bypassed two-factor authentication and gained access to users’ wallets. The company announced a hack a few days later, as well as a refund of funds to the victims.
- In December 2021, a group of hackers hacked the FlexBooker online booking platform. As a result of the hack, the data of 3 million users (driver’s licenses, passwords and other personal information) was stolen. After stolen data was put up for sale on various forums. The data was accessed using the FlexBooker Amazon Web Services configuration.
- In November 2021, Panasonic was hacked and exposed data about trainees, job applicants and other information. The company did not report the scale of the damage but notified all the victims.
- In October 2021, Twitch source code and other business data began to appear online. A 125 GB torrent was posted on an anonymous 4chan forum, allegedly containing the entire Twitch. The data cache contained data on payouts to creators for 3 years, the full volume of twitch.tv, proprietary code, details of an unreleased Stem competitor, and more. Twitch stated that a server configuration error was the cause, and the effect of the hack was minimal.
- The attack on Neiman Marcus was carried out in May 2020. However, the attack and consequences were detected and assessed only in September 2021. The hack affected about 4.6 million customer accounts (payment card data, expiration date, other personal information). Different customer accounts were affected in different ways.
- The T-Mobile data breach in August 2021 compromised the information of nearly 48 million people. Hackers stole files with loan applications, confidential information including names and surnames, social security numbers, dates of birth, driver’s licenses and identification numbers.
- Misconfiguration of Microsoft Power Apps led to the disclosure of 30 million records in over 47 organizations. This information appeared in August 2021. Organizations affected included Ford Motor Co, American Airlines, New York Metropolitan Transportation Authority and other. The stolen information differed depending on the company it belonged to personal details of employees, Covid-19 test data, vaccination data, including personal information of related individuals, etc. Misconfiguration is not the fault of Microsoft directly, as certain system changes initiated by users may have made the data publicly available. However, the lack of warnings about possible consequences makes Microsoft partly to blame.
