#databreaches

Data Breaches for the last year

One of the latest data leaks became known on April 04, 2022. Block has acknowledged that the Cash App mobile payment service was hacked due to an insider threat. In December 2021, a former employee of the company hacked the service and stole customer names, bank account numbers, asset values, exchange trading information. The exact number of customers who were affected by this incident was not reported. It is known that the company turned to 8 million of its customers and reported what had happened. Such attacks happen regularly and concern all modern companies. Below are some more examples of recent cases of hacking and information leakage.

The biggest data breaches

One of the first hacks that affected the public occurred in 1986. On the night of April 27, millions of HBO subscribers were enjoying the movie «The Falcon and the Snowman» see on their TV screens a message from Captain Midnight . The message was about the ridiculous cost of a subscription in the amount of $ 12.95. Some of them were concerned about the hack, others took it as a funny joke. This hack caused no real damage, only a little pause in the broadcast.

Now news about various attacks and hacks appear quite often. The annual global damage from them is estimated at trillions of dollars.

The biggest data breaches:

As a result of this hack, 3 billion records were compromised, including real usernames, email addresses, date of birth, phone number, and security questions. At this time, the company was in the process of being bought by Verizon. Yahoo’s value has fallen by 350 million. According to Yahoo, the attack was state-sponsored.

As a result of the data breach, 885 million records were compromised (bank account numbers, bank statements, credit data, tax records, social security numbers, transaction data). This case is unique because an authentication error occurred (authentication is not available to view documents). This was caused by an IDOR (Insecure Direct Object References) bug that allowed unauthorized access to web pages and files. This error went unnoticed for several years.

500 million records are the result of a cyber attack. Contact information, passport data, travel data, bank card numbers and other users’ personal information were compromised. The attack was carried out by a Chinese intelligence group whose goal was to collect data from US citizens.

The purpose of the cyberattack was the personal data of social network users: phone numbers, usernames, gender, location. The attack affected 540 million records. Several Facebook databases were not secured with passwords or encryption. This led to the fact that everyone could find data on the Internet.

American company that operates a chain of retail stores suffered a cyberattack in 2013. 60 million records (names, phone numbers, email addresses, payment card numbers, credit card verification codes and other sensitive data) were compromised. Damage amounted to $18.5 million, as well as a $10 million class-action lawsuit settlement and $10,000 payments to customers. The organizer of the attack was not identified. Attackers gained access to Target’s networks using stolen credentials from a third-party provider (a company that maintains HVAC systems). After gaining access to the database, malware was downloaded to collect information.

As a result of the attack, 360 million records with users’ personal information were affected. The attack was carried out by a Russian hacker in 2013, but it became known in 2016. The stolen credentials were leaked to LeakedSources and were also available for purchase on the Dark Web Markets the Real Deal for 6 bitcoins (approximately $3,000 in 2013).

The purpose of this hack was users’ logins and passwords. After the data was published on the Russian hacker forum. The company had to pay $1.25 million to users affected by the hack. LinkedIn revealed the full scale of the attack only in 2016.

High-profile Data Leaks 2021 – 2022

With every hack and data leak, the question of organization cybersecurity becomes more and more relevant. Any business must first of all take care of information security. Here are examples of high-profile company data leaks in recent months that prove the importance of this issue.

  1. February 2022 – GiveSendGo

A Christian fundraising site was hijacked in response to Ottawa truckers’ protests. The hackers used a DDoS attack and redirected the fundraising site to another page. As a result of this attack, the personal data of people who donated funds were compromised. In total, the personal information of 90,000 donors was published.

This case further highlights the importance of using secure platforms and payment methods to keep customer data safe and not compromised. If the company has already encountered such a nuisance, it is worth taking the right measures to eliminate the leak as well as the causes of its occurrence.

  1. January 2022 – Crypto.com

Blockchain is the latest technology that is used in the financial sector. This model has long been considered one of the most secure transaction processing forms. But technology development gives rise to the development of cybercrime methods. So, on January 17, 2022, an attack was made on an application for exchanging cryptocurrency. The attack targeted the wallets of 483 app users.

The hack resulted in the theft of about $18 million worth of BTC, $15 million worth of ETH, and other cryptocurrencies. Hackers have learned to bypass two-factor authentication and gain access to users’ wallets, which made it possible to organize a hack. To reduce the risks of this attack type, it is important to use a password manager. Businesses should be aware of all the risks associated with the theft of cryptocurrencies. Therefore, all sensitive data must be encrypted.

  1. December 2021 – FlexBooker

FlexBooker is an appointment scheduling tool. Before the New Year holidays, they became a victim of cybercriminals, as a result of which approximately 3 million users suffered. Attackers gained access to confidential data (driver’s license, photos and other personal information) and posted it on various hacker forums. For these purposes, the hackers used the FlexBooker AWS configuration, installed malware on the servers, which allowed them to take full control of the system.

  1. November 4, 2021 – Robinhood

Robinhood is an American financial services company offering commission-free trading in stocks and exchange-traded funds through a mobile app. The attack on the company took place on November 16, 2021. Using social engineering (the method is based on the social psychology usage), internal systems were hacked. According to the company report, criminals gained access to the email addresses of almost 5 million users and other personal information. For non-disclosure of any data, the attackers demanded a ransom.

  1. October 2021 – Twitch

Twitch is a video streaming service that specializes in video games. In October, it became known that an unknown attacker penetrated the source code, as a result of which data sets were compromised, including about payments to the creators of the service. The leak contained 3 years of payout data, information about twitch.tv activities, client source code, proprietary code, etc.

GoUp Chat