Blog

One of the first hacks that affected the public occurred in 1986. On the night of April 27, millions of HBO subscribers were enjoying the movie «The Falcon and the Snowman» see on their TV screens a message from Captain Midnight . The message was about the ridiculous cost of a subscription in the amount of $ 12.95. Some of them were concerned about the hack, others took it as a funny joke. This hack caused no real damage, only a little pause in the broadcast.

Now news about various attacks and hacks appear quite often. The annual global damage from them is estimated at trillions of dollars.

The biggest data breaches:

• Yahoo (2013)

As a result of this hack, 3 billion records were compromised, including real usernames, email addresses, date of birth, phone number, and security questions. At this time, the company was in the process of being bought by Verizon. Yahoo’s value has fallen by 350 million. According to Yahoo, the attack was state-sponsored.

• First American Financial Corporation (2019)

As a result of the data breach, 885 million records were compromised (bank account numbers, bank statements, credit data, tax records, social security numbers, transaction data). This case is unique because an authentication error occurred (authentication is not available to view documents). This was caused by an IDOR (Insecure Direct Object References) bug that allowed unauthorized access to web pages and files. This error went unnoticed for several years.

• Marriott International (2018)

500 million records are the result of a cyber attack. Contact information, passport data, travel data, bank card numbers and other users’ personal information were compromised. The attack was carried out by a Chinese intelligence group whose goal was to collect data from US citizens.

• Facebook (2019)

The purpose of the cyberattack was the personal data of social network users: phone numbers, usernames, gender, location. The attack affected 540 million records. Several Facebook databases were not secured with passwords or encryption. This led to the fact that everyone could find data on the Internet.

• Target (2013)

American company that operates a chain of retail stores suffered a cyberattack in 2013. 60 million records (names, phone numbers, email addresses, payment card numbers, credit card verification codes and other sensitive data) were compromised. Damage amounted to $18.5 million, as well as a $10 million class-action lawsuit settlement and $10,000 payments to customers. The organizer of the attack was not identified. Attackers gained access to Target’s networks using stolen credentials from a third-party provider (a company that maintains HVAC systems). After gaining access to the database, malware was downloaded to collect information.

• MySpace (2013)

As a result of the attack, 360 million records with users’ personal information were affected. The attack was carried out by a Russian hacker in 2013, but it became known in 2016. The stolen credentials were leaked to LeakedSources and were also available for purchase on the Dark Web Markets the Real Deal for 6 bitcoins (approximately $3,000 in 2013).

• LinkedIn (2012)

The purpose of this hack was users’ logins and passwords. After the data was published on the Russian hacker forum. The company had to pay $1.25 million to users affected by the hack. LinkedIn revealed the full scale of the attack only in 2016.