Data breaches aren’t new. There’s a target painted on almost every system today. Particularly if that system contains valuable data in the millions. After all, data is the new oil. Among the many high-profile hacks that have happened over the last decade, here are some of the notable ones.
The WhatsApp hack
Back in May, a WhatsApp vulnerability was discovered. This vulnerability allowed attackers to inject commercial Israeli spyware on to the phones. It was discovered that attackers could install surveillance software for both Android as well as iPhones. This was by ringing the target phone via the phone call function in the app.
The malicious code is said to be developed by Israeli company NSO Group. This code is transmitted to phones even if the said calls are not picked up by the recipients. Researchers at the University of Toronto’s Citizen Lab claimed that the malicious code was linked to NSO’s flagship product, Pegasus. It’s a program that can turn on a phone’s camera and microphone, crawl through emails and messages, and even collect location data.
Given how WhatsApp hosts over 1.4 billion users worldwide the vulnerability is definitely among the most dangerous in recent times.
Fortnite hit with ransomware
Fortnite is one of the most popular online games today, with around 250 million players. Ransomware called Syrk targeted Fortnite users disguised as a cheating app for the game. Based on the open-source Hidden-Cry program, the malware appears as “SydneyFortniteHacks.exe”. Once executed, the app encrypts the computer’s hard drives and any USB drives connected. The ransomware will delete files from the storage if the ransom isn’t paid in crypto.
Fortunately, the program was based on a known attack vector. Users were easily able to unlock their computers by looking for a few text files on the computers.
Capital One data breach
What happens when one of the biggest financial corporations in the United States get hacked? Hundreds of millions of customer data get stolen. That’s exactly what happened with the Capital One data breach. Dubbed as one of the biggest cyber-attacks, a hacker gained access to over 100 million Capital One customers’ accounts and credit card applications.
According to Capital One, the attack occurred on the 22nd and 23rd of March. The hack compromised credit card details that back to as far as 2005. The breach affected around 100 million users in the United States and 6 million in Canada. However, the company stated that it’s unlikely the information was used for fraud by the hacker.
An individual named Paige Thompson is accused of breaking into a Capital One server. She is said to have posted the information on GitHub along with her full name, which led to the discovery of the breach.
Yahoo 3 billion hack
This was a hack of epic proportions. Yahoo may no longer be your first choice of setting up an email address nowadays. But that doesn’t mean the company isn’t a target for hackers. A security breach dating back to 2013 claimed to have stolen data from 1 billion Yahoo accounts. Later, the company revealed that the number is 3 billion. That’s every single Yahoo account including email, Tumblr, Fantasy and Flickr.
Back in 2014 Yahoo was also hit by another attack. It is believed to be separate from the 2013 breach. But it still compromised 500 million accounts. Although unclear as to who was behind the initial attack, analysts claim the hacked data was up for sale on the dark web.
Facebook’s exposed data
This was a Cambridge Analytica level data breach. According to Australian IT company UpGuard, two apps allowed access to Facebook user data has stored personal information on insecure servers. These servers did not have the appropriate security measures in place.
540 million records were found on a database uploaded by Mexican digital publisher Cultura Colectiva. This was discovered on AWS servers. A second database with 22,000 users’ Facebook related data was also found.
The records included data like Facebook IDs, comments, likes and reactions, friend lists, location check-ins, and events, etc. The second database even included passwords.
Equifax is one of the largest consumer credits reporting agencies. In September 2017, the company fell victim to a massive data breach. The company reported that the breach affected 147 million customers. Hackers gained access to a long list of customer details such as names, social security numbers, credit card numbers, and driver’s license numbers.
It was later discovered that Equifax was informed months prior to the vulnerability that allowed the hackers to get through to the systems. But the company failed to install the necessary patches.
By July 2019, Equifax agreed to pay $700 million to settle federal and state investigations pertaining to how the company handled the data breach.
This breach compromised over 412 million accounts in the FriendFinder network. This included over 300 million accounts on AdultFriendFinder, 62 million cams.com accounts, 7 million on penthouse.com, 1.4 million on stripshow.com, 1.1 million on icams.com, and around 35,000 on an unknown domain. It was reported that the hack was via a local file inclusion exploit.
According to LeadkedSource, the company either stored user passwords in plaintext, or hashed them using the SHA1 algorithm. Additionally, FriendFinder also kept over 15 million emails and passwords of deleted accounts.
This cyberattack in 2014 resulted in hackers gaining access to 145 million eBay users. It is believed that the attackers got in via credentials of 3 corporate employees. This got them through to the user base, where they accessed email addresses and encrypted passwords of all eBay users.
eBay stated that hackers targeted the network between late February and early March in 2014. The company said financial information was safe and its payments unit at the time, PayPal was unaffected.
Customer details of almost 7.5 million Adobe Creative Cloud users were leaked online in October. The data included customer account information. But thankfully, it didn’t include passwords or financial information.
It is suspected that the hackers may have been looking at a phishing attempt. This is where hackers target active Adobe premium accounts with phishing emails to hijack high-value Creative Cloud accounts from owners. The attackers can later re-sell online, most likely on the dark web.
Hacks of all forms
This goes to show that security is no joke. Particularly if you’re a large company that’s responsible for millions of user data. But security procedures aren’t rocket science. It can be as simple as patching that security update, setting up proper access levels or just following secure coding practices.