A list of the biggest data leaks

Contents
  1. The top 10 biggest data breaches of 2020
  2. 10. Unknown (201 million).
  3. 9. Microsoft (250 million).
  4. 8. Wattpad (268 million).
  5. 7. Broadvoice (350 million).
  6. 6. Estée Lauder (440 million).
  7. 5. Sina Weibo (538 million).
  8. 4. Whisper (900 million).
  9. 3. Keepnet Labs (5 billion).
  10. 2. Advanced Info Service (8.3 billion).
  11. 1. CAM4 (10.88 billion).
  12. The 10 biggest data breaches of all time
  13. 1. Heartland Payment Systems
  14. 3. Equifax
  15. 4. MySpace
  16. 6. Marriott Hotels
  17. 7. Yahoo
  18. 8.
  19. 9. First American
  20. 10. Yahoo
  21. 10 Biggest Data Breaches
  22. DATA BREACHES LIST
  23. 1) Yahoo
  24. 2) Marriott Hotels
  25. 3) FriendFinder Network
  26. 4) MySpace
  27. 5)
  28. 6) Deep Root Analytics
  29. 7) MyFitnessPal / Under Armour
  30. 8) Ebay
  31. 9) Heartland Payment Systems
  32. 10) LinkedIn
  33. How to stay protected
  34. Top 10 Biggest Government Data Breaches of All Time in the U.S
  35. 10. State of Texas: 3.5 Million Affected (April 2011)
  36. 9. South Carolina Department of Revenue: 3.6 Million Affected (October 2012)
  37. 8. Tricare: 4.9 Million Affected (September 2011)
  38. 7. Georgia Secretary of State Office: 6.2 Million Affected (November 2015)
  39. 6. Office of the Texas Attorney General: 6.5 Million Affected (April 2012)
  40. 5. Virginia Department of Health Professions: 8.3 Million Affected (May 2009)
  41. 4. U.S. Office of Personnel Management (OPM): 21.5 Million (June 2015)
  42. 3. U.S. Department of Veteran Affairs: 26.5 Million Affected (May 2006)
  43. 2. National Archives and Records Administration (NARA): 76 Million Affected (October 2009)
  44. 1. U.S. Voter Database: 191 Million Affected (December 2015)
  45. The Biggest Data Breaches in the first half of 2020
  46. 1- Nintendo Data Breach
  47. 2- Spear Phishing Attack
  48. 3- Easy Jet Data Breach
  49. 4- CAM4 Data Breach: 10.88 Billion Records
  50. 5- Marriott Data Breach
  51. 6- Zoom Credentials Hack
  52. 7- Antheus Tecnologia Biometric Data Breach

The top 10 biggest data breaches of 2020

A list of the biggest data leaks

Last year, hackers were as active as never before, taking advantage of users’ vulnerabilities and the economic disruption amid the global COVID-19 pandemic.

The number of cyberattacks is growing steadily every year, and 2020 was again a year that saw a great peak in cybercrime.

According to the Risk Based Security report, 2,953 breaches were publicly reported in the first three quarters of 2020 alone, bringing the number of exposed records to a staggering 36 billion.

In comparison, there were 15.1 billion records breached throughout the entire year of 2019.

The still ongoing pandemic has drastically altered the way people work, shop, communicate, and entertain themselves. Our lives had to move online, making us leave more digital footprint, which has been attracting all types of scammers, fraudsters, and hackers who look for security vulnerabilities to exploit.

the enormous number of data breaches that happened in 2020, NordVPN experts picked the top 10 biggest leaks in terms of the data volume. The list includes leaky databases that were not necessarily breached per se but exposed sensitive data to the public. Some of the data breaches outlined below might have happened some years ago but surfaced only in 2020.

10. Unknown (201 million).

In January, security researchers found a database of more than 200 million sensitive personal records exposed online.

The leaky database with an undetermined owner was hosted on a Google Cloud server and consisted of highly sensitive personal and demographic data about U.S.

residents and their properties with names, addresses, email addresses, credit ratings, income, net worth, property market value, investment preferences, and other explicit details.

It remains unknown if any unauthorized parties accessed the dataset, which was considered to be a gold mine for cybercriminals. Google was alerted about the case, and, after more than a month, the exposed server was taken offline.

9. Microsoft (250 million).

In January 2020, Microsoft disclosed a data breach on its servers storing customer support analytics. The breach took place in December of 2019. 250 million entries, including email addresses, IP addresses, and support case details were accidentally exposed online without password protection.

The leaky database consisted of five ElasticSearch servers, which are used to simplify search operations. Misconfigured security rules were blamed for the accidental server exposure, which Microsoft swiftly fixed.

8. Wattpad (268 million).

In June 2020, a database of more than 268 million records belonging to Wattpad, a Canada-based website and app for writers to publish new user-generated stories, was breached. The malicious actors compromised Wattpad’s SQL database containing user account credentials, email addresses, IP addresses, and other sensitive data. After the incident, the company reset its users’ passwords.

7. Broadvoice (350 million).

In October 2020, news surfaced that Broadvoice, the U.S. VoIP provider to businesses, exposed more than 350 million customer records, such as names, phone numbers, and call transcripts, including voicemails left with medical outlets and financial services firms.

Ten databases belonging to the company were easily accessible to security researchers due to a configuration error which left them open without any authentication required for access. Broadvoice patched the security flaw and notified the relevant legal authorities about the incident.

6. Estée Lauder (440 million).

In January 2020, the U.S. cosmetics giant Estée Lauder had its unprotected database containing 440 million internal records exposed online.

Researchers who found the unencrypted database say the exposed information included email addresses, internal documents, IP addresses, and other information belonging to the company-owned education platform.

Once made aware of the issue, the company closed the database off.

5. Sina Weibo (538 million).

In March 2020, it was reported that the biggest Chinese social media platform, Weibo, was breached, and personal details of more than 538 million users were up for sale on the dark web and other places online.

The exact timing of the data breach is unclear, but there’s speculation that it might date back to 2019. The hacker claimed that the sensitive data, including 172 million users’ real names, gender, location, and even phone numbers, was obtained from an SQL database dump.

4. Whisper (900 million).

In March 2020, news broke that a popular secret-sharing app Whisper left 900 million user records exposed online.

Anonymous personal confessions and all the metadata related to those posts, including the location coordinates and other sensitive information, were publicly viewable on a non-password-protected database, which, if accessed by hackers, could result in user identification and blackmail. After the company was informed about the incident, access to the data was removed.

3. Keepnet Labs (5 billion).

In March 2020, Keepnet Labs, a U.K.-based cybersecurity firm, experienced a cyber incident during which a contractor temporarily exposed a database containing 5 billion email addresses and passwords from previous data breaches.

According to the threat intelligence company, which collects historic breach data to notify its business customers in case their data was compromised, it was migrating the ElasticSearch database and disabled the firewall for about 10 minutes to speed up the process. The risky decision enabled security researchers to access the data without a password via an unprotected port.

2. Advanced Info Service (8.3 billion).

In May 2020, Advanced Info Service, Thailand’s largest GSM mobile phone operator, had to take down one of its databases following an alleged data breach.

A security researcher found an open ElasticSearch database online containing 4 TB of internet usage data, or 8.3 billion records.

The sitting-to-be-found information, such as DNS queries and Netflow data, could be used to map a user’s internet activity. The leaky database is secure now.

1. CAM4 (10.88 billion).

In March 2020, researchers found an unprotected ElasticSearch server of the adult video streaming website CAM4, which was leaking 7 TB of data, or nearly 11 billion records.

The exposed records included user sensitive information, such as full names, email addresses, sexual orientation, chat and email correspondence transcripts, password hashes, IP addresses, and payment logs.

The database error was fixed; however, it remains unknown if any hackers accessed the highly sensitive information of members of the adult site, who usually prefer to stay anonymous.

Источник: https://exclusive.multibriefs.com/content/the-top-10-biggest-data-breaches-of-2020/science-technology

The 10 biggest data breaches of all time

A list of the biggest data leaks

We expect websites, online stores, payment companies, and especially banks to look after the personal data we submit. After all, we've given them their custom, used their online service – it's the least they can do.

And yet, on an almost monthly basis, we learn about new security breaches, where hackers have somehow infiltrated the security precautions of large organizations and stolen a large proportion (if not all) of the customer data.

If you've been hit by ID fraud, cybercriminals might have used leaked records. Wondering if your records have been leaked? Here are the 10 biggest data breaches  to date (compiled by Purdue University). 

1. Heartland Payment Systems

Affecting at least 100 million people, this hack wasn't detected for 8 months. Hackers stole enough data to create new physical cards. Heartland Payment Systems was forced to pay $140 million in fines and penalties.

Career hacker Albert Gonzalez was given a 20-year sentence for the hack, served concurrently with a matching punishment for hacks against other businesses.

In 2019, the names of 106 million people who had applied for credit with Capital One were exposed in a breach. Names, addresses, credit scores, payment histories, and more could be found in the stolen data.

The handywork of a single hacker, the breach included 140,000 social security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, and credit card applications dating back to 2005.

(Image credit: Shutterstock)

3. Equifax

Incredibly, an actual credit agency has even been hacked. Credit card numbers and dispute documents were exposed in this 2017 hack which seriously impacted Equifax's credibility. The compromised 143 million records also included 14 million from the UK.

Further, the incident was a masterclass in bad crisis management, with multiple figures released, and claims that passwords had not been leaked when in fact they had. The scandal also saw the departure of Equifax's chairman and chief executive, Richard Smith.

4. MySpace

No one knows when MySpace was hacked. After all, most people stopped using it years ago. The forerunner was breached at some point before 2016, however, as this is when the password records of 360 million people appeared online.

While few use MySpace these days (it's pivoted to attract musicians and artists), the leaked passwords have been shown to work on other sites. It's a key reason why every account you own should have its own, unique password.

  • Check out our roundup of the best password generators

Online dating and adult entertainment sites owned by Friend Finder Network became headline news when it transpired that over 15 million supposedly deleted accounts had not been dumped from the database. These were leaked alongside active customers in a breach totalling 412 million accounts.

The 2016 hack included data from AdultFriendFinder, Cams.com, Penthouse.com, and other smaller properties. Leaked accounts dated back to the late 1990s.

(Image credit: Shutterstock.com)

6. Marriott Hotels

The Marriott Hotels group was breached in 2018 with 500 million people affected. Personal information such as travel schedules and passport numbers were leaked, data that is usually hard for identity thieves to acquire.

Incredibly, Marriott Hotels were hit by another hacked data breach in 2020, this time revealing that up to 5.2 million accounts were exposed in January and February.

7. Yahoo

2014's hack on Yahoo resulted in 500 million accounts being leaked. Personally identifiable information was stolen by hackers, along with encrypted passwords and security questions.

Yahoo publicly declared that the hack was the work of a “state sponsored actor,” implying Russia, China, or North Korea.

However, the hack, which wasn't confirmed until two years later, is believed by independent security analysts to have been undertaken by a cybercrime gang.

(Image credit: Shutterstock)

8.

Even your account isn't safe from data breaches. In 2019 it was found that third party apps had exposed 540 million accounts. The data was left unencrypted on Amazon cloud servers used by the apps.

That this occurred after the Cambridge Analytica scandal, gave the impression that hadn't learned from that event. In fairness, the data was in the hands of third parties who had failed to encrypt the data.

However, this incident again underlined 's casual approach to user data.

9. First American

In 2019 First American was breached, resulting in 885 million records being exposed. Social security numbers, bank account numbers and details, wire transactions, and mortgage paperwork were all leaked.

Accounts dated back to 2003 and were exposed due to a complete lack of security. Anyone who wished to see a record simply had to figure out the format of First American's document URLs. That they were exposed to the internet rather than kept safely on a company intranet is bad enough. The complete lack of encryption is unforgivable.

10. Yahoo

Incredibly, Yahoo has twice been the victim of major data breaches. In 2013, 3 billion accounts were hacked, pretty much the entire database of all users at that point.

Confirmation didn't come until 2017, after a four-year investigation.

Further, the once popular webmail and search engine didn't reveal the true scale of the hack until March 2017, a whole 10 months after claiming the hack was a mere 1 billion compromised records.

  • Also check out our complete list of the best antivirus software

Источник: https://www.techradar.com/news/the-10-biggest-data-breaches-of-all-time

10 Biggest Data Breaches

A list of the biggest data leaks

Think about this – every day, how many times do you log in to a website or smartphone app? The number of usernames and passwords we have at our disposal is growing by the day – and hackers and criminals aim to have them at their disposal too, leading many to be at risk of some of the biggest data breaches of all-time. We’ve spoken previously about the importance of preventing data breaches. As January 28 is Data Privacy Day, there is no better time to reinforce the importance of keeping information secure.

DATA BREACHES LIST

We’ve collated this list of the biggest data breaches to show how personal data is constantly at risk of vulnerability. These security breaches affected some of the largest organizations in the world – and millions of their users.

1) Yahoo

Date: August 2013
Number of affected users: 3 billion
What happened: In 2016, Yahoo revealed details of a data breach which compromised more than one billion user accounts. The attack took place three years prior in August 2013. Yahoo disclosed that sensitive personal information – including names, telephone numbers, dates of birth and encrypted passwords – had been part of the breach.

In October 2017, Yahoo’s parent company Verizon revised the estimate upwards, stating that all three billion user accounts had been affected, confirming it as the biggest data breach to date.

2) Marriott Hotels

Date: November 2018
Number of affected users: 500 million
What happened: Hotel chain Marriott announced in November 2018 its reservation system had been hacked, resulting in the potential exposure of personal data belonging to 500 million guests. After purchasing the Starwood hotel group in 2016, Marriott identified the hackers had unauthorized access to the Starwood reservation database since 2014. The hacked data included names, addresses and passport numbers.

The New York Times reported in December 2018 that the Marriott hack was the target of a co-ordinated attempt by Chinese intelligence-gathering operators.

3) FriendFinder Network

Date: November 2016
Number of affected users: 412 million
What happened: Over 412 million user accounts registered across the FriendFinder Network umbrella, including Adult Friend Finder, were compromised in October 2016.

The hack exposed user information including email addresses, passwords, IP addresses and membership status.

The company stored user passwords in plaintext or using the weak SHA1 algorithm, meaning 99% of all passwords could be easily cracked, according to LeakedSource, a breach notification website.

FriendFinder Network subsequently released a statement advising that the company did “…fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”

4) MySpace

Date: May 2016
Number of affected users: 360 million
What happened: Users of the social networking site MySpace were notified in May 2016 that their old information could be available for sale online. Time Inc., which purchased MySpace in February of the same year, advised that 360 million accounts were compromised. Although the breach was dated back to June 2013, usernames and passwords could have been re-used to access information on other websites.

The Russian hacker allegedly behind the MySpace hack was also purported to be the mastermind of other attacks on social sites such as LinkedIn and Tumblr.

5)

Date: May 2018
Number of affected users: 330 million
What happened: In May 2018, urged its 330 million users to change their passwords after discovering a glitch which caused some passwords to be stored in readable text on its internal computer system. While an internal investigation found no evidence that passwords had been compromised, the company advised all users of the social network to change their passwords and enable the two-factor authentication service as an additional layer of protection.

The U.S. Federal Trade Commission had previously settled a dispute with in 2010 over accusations that “serious lapses” in data security had resulted in hackers accessing private user data on two occasions.

6) Deep Root Analytics

Date: June 2017
Number of affected users: 198 million
What happened: Deep Root Analytics, a marketing firm specializing in identifying audiences for political advertisements, was revealed to have stored internal documents on a publicly accessible Amazon server in June 2017. The leak contained 1.1 terabytes of data on 198 million American citizens – approximately 61% of the US population – and not only revealed personal data such as home addresses, birth dates and phone numbers, but also advanced sentiment analysis on political issues such as gun ownership and abortion.

The company was the subject of a class action lawsuit which alleged Deep Root Analytics had failed to “secure and safeguard the public’s personally identifiable information,” leaving US citizens open to identity theft.

7) MyFitnessPal / Under Armour

Date: February 2018
Number of affected users: 150 million
What happened: Under Armour announced in March 2018 that 150 million users of its MyFitnessPal app had their usernames and email addresses compromised. While personal information such as payment card data and social security numbers were not affected by the data breach, Under Armour encouraged all users to change their passwords immediately.

It was subsequently revealed that Under Armour had used the same notoriously weak SHA1 algorithm as FriendFinder Network prior to their 2016 hack.

8) Ebay

Date: February/March 2014
Number of affected users: 145 million
What happened: In early 2014, cyber-attackers managed to obtain customer data for all 145 million Ebay users. The hackers used credentials for three corporate employees and eventually gained access to the user database, from where they were able to access usernames and encrypted passwords belonging to users of the auction website.

Ebay initially believed no customer data had been compromised, but quickly made a public announcement when the true extent of the breach became apparent.

9) Heartland Payment Systems

Date: January 2009
Number of affected users: 130 million
What happened: The payment processor Heartland reported in January 2009 that millions of credit card and debit card transactions passing through their system had been breached. Although no merchant data or cardholder information was jeopardized, the hacked data included the digital information encoded onto the magnetic strip built into the back of credit and debit cards – enabling criminals to potentially manufacture counterfeit cards using the stolen information.

In total, 130 million credit card numbers were stolen. Computer hacker Albert Gonzalez was eventually convicted and handed a 20-year sentence for his involvement in the Heartland hack, as well as credit card data hacks of other companies including TJX, Office Max and Barnes & Noble in 2010.

10) LinkedIn

Date: June 2012
Number of affected users: 117 million
What happened: LinkedIn was hacked in 2012, affecting over 117 million members of the professional social network.

Originally, the company thought only 6.5 million passwords had been stolen, but a May 2016 announcement on LinkedIn’s website announced that over 100 million passwords were compromised.

Hackers were selling the stolen data on an online black market.

Following the announcement, LinkedIn advised its users to change their passwords and use two-factor authentication for extra security.

Check out the relative scale of these top ten data breaches in this diagram.

How to stay protected

As the list shows, data breaches can affect some of the most prominent businesses in the world.

If this list of security breaches has made you think about how your organization approaches data security, our articles on how to stay protected against data breaches and how to protect your organization’s data contain useful insights – you can also contact us directly with any questions, by filling out the form below.

Источник: https://cardconnect.com/launchpointe/payment-security/10-biggest-data-breaches

Top 10 Biggest Government Data Breaches of All Time in the U.S

A list of the biggest data leaks

Here’s a look at the ten biggest data breaches impacting federal and state governments in the U.S.

From U.S. (federal) government agencies to state agencies, cyber attackers have dug up U.S. citizens’ private information through every level of government. But it’s not just hackers that have put Americans’ personal data at risk.

Some of the biggest and most significant government data breaches come down to human error: from lost hard drives, misconfigured databases, and physical device theft to simple mistakes that lead to millions upon millions of leaked Social Security numbers, names, addresses, voting affiliations, and other sensitive data. Adding insult to injury, U.S.

taxpayers usually end up footing the bill for the aftermath, including years of free identity theft and credit monitoring for the victims.

Listed from smallest to largest in terms of the number of individuals affected, the 10 biggest government data breaches include:

  • 10. State of Texas: 3.5 Million Affected (April 2011)
  • 9. South Carolina Department of Revenue: 3.6 Million Affected (October 2012)
  • 8. Tricare: 4.9 Million Affected (September 2011)
  • 7. Georgia Secretary of State Office: 6.2 Million Affected (November 2015)
  • 6. Office of the Texas Attorney General: 6.5 Million Affected (April 2012)
  • 5. Virginia Department of Health Professions: 8.3 Million Affected (May 2009)
  • 4. U.S. Office of Personnel Management (OPM): 21.5 Million (June 2015)
  • 3. U.S. Department of Veteran Affairs: 26.5 Million Affected (May 2006)
  • 2. National Archives and Records Administration (NARA): 76 Million Affected (October 2009)
  • 1. U.S. Voter Database: 191 Million Affected (December 2015)

Let’s take a closer look at the circumstances surrounding these 10 significant government data breaches. To learn more about the biggest data breach, read our list of the Top 10 Finserv Data Breaches and our list of the Top 10 Manufacturing Data Breaches.

10. State of Texas: 3.5 Million Affected (April 2011)

Image via By LoneStarMike – Own work, CC BY 3.0, Link.

In early 2011, the Texas Comptroller’s Office revealed a breach for 3.5 million Texans’ personal information, including Social Security numbers, dates of birth, and driver’s license numbers. The Comptroller’s mea culpa admitted that the office had inadvertently kept the sensitive information on a publicly accessible state server.

9. South Carolina Department of Revenue: 3.6 Million Affected (October 2012)

Image via Mykal McEldowney, The Greenville, S.C., News.

The South Carolina Department of Revenue suffered a data breach in 2012 that exposed 3.

6 million Social Security numbers and 387,000 taxpayers’ credit and debit card numbers when a database server was hacked.

The majority of the payment card numbers (371,000) were encrypted, but the sensitivity of the other data exposed prompted South Carolina to offer a year of free credit monitoring and identity theft protection to victims.

8. Tricare: 4.9 Million Affected (September 2011)

Image via liveClinic.

The 2011 Tricare data breach represents an unfortunate crossroads of government and healthcare data breaches: Science Applications International Corporation (SAIC), which oversaw Tricare’s security at the time, announced that data for 4.9 million military hospital and clinic patients had been compromised. The breach exposed personal data, including full names, home addresses, phone numbers, and Social Security numbers.

7. Georgia Secretary of State Office: 6.2 Million Affected (November 2015)

Image via By Connor.carey at English Wikipedia, CC BY-SA 3.0, Link.

In one of the biggest state-government data breaches to date, the George Secretary of State announced in late 2015 that 6.

2 million voters’ private information, including Social Security numbers, had been accidentally included in a State Download File, sent to at least 12 groups.

The leak, dubbed #PeachBreach, was later blamed on a systems programmer.

6. Office of the Texas Attorney General: 6.5 Million Affected (April 2012)

Image via Matthew Busch/Bloomberg.

In early 2012, the Office of the Texas Attorney General mistakenly included sensitive information, including Social Security numbers, in a voter database file released to plaintiff attorneys. It’s estimated that approximately 6.5 million voters were compromised in the accidental information release. According to the Attorney General, the information was never exposed publicly.

5. Virginia Department of Health Professions: 8.3 Million Affected (May 2009)

Image via Virginia Department of Health Professions.

In mid-2009, a hacker reportedly breached a Virginia government health website used by state pharmacists and stole the personal information of 8.3 million Virginians. The hacker later taunted the government and I, demanding $10 million for the safe return of the information, which included patient records and prescriptions.

4. U.S. Office of Personnel Management (OPM): 21.5 Million (June 2015)

Image via Wikimedia Commons.

The Office of Personnel Management (OPM) manages the U.S.

government’s employment records, both for employees and contractors, as well as certain personal information for civilian federal agencies.

In mid-2015, the OPM announced it had discovered two separate (but linked) intrusions that affected an estimated 21.5 million people. Reportedly, the data was not encrypted at the time of the breach.

3. U.S. Department of Veteran Affairs: 26.5 Million Affected (May 2006)

Image via VA.gov.

In May 2006, a laptop containing sensitive VA information was lost. The result: private and sensitive information – names, dates of birth, and Social Security numbers, among other information – for 26.5 million veterans was compromised. Three years later, the VA agreed to pay $20 million to settle a class-action lawsuit – at the taxpayers’ expense, of course.

2. National Archives and Records Administration (NARA): 76 Million Affected (October 2009)

Image David Samuel, User:Hellodavey1902 – Own work, CC BY-SA 3.0, Link

Veterans took another hit in 2009.

When a hard drive malfunctioned, the National Archives and Records Administration (NARA) sent it to GMRI, their IT contractor, for repairs.

The problem: the hard drive contained the highly sensitive information for a reported 76 million veterans, and NARA forgot to wipe the drive before sending it off-premises.

1. U.S. Voter Database: 191 Million Affected (December 2015)

In the largest government data breach to date, a database of 191 million voters was exposed in late 2015.

Again, and almost unfathomably, the problem came down to human error and oversight: the database was incorrectly configured and exposed on the open Internet.

It contained the personal information – names, dates of birth, party affiliations, emails, addresses, and more – of all registered voters in the 50 states and the District of Columbia.

Data Breaches

Источник: https://digitalguardian.com/blog/top-10-biggest-us-government-data-breaches-all-time

The Biggest Data Breaches in the first half of 2020

A list of the biggest data leaks

2020 Data Breaches – In this blog, we are going to talk about the big data breach that occurred in the first half of 2020. 

Since the COVID-19 pandemic has forced companies to move their business to remote operations, there has been a significant increase in the number of data breaches. 

A recent Kaspersky report suggested that as many as 726 million reported cyber-attacks had occurred since the start of the year, putting 2020 on track to rack up somewhere in the region of 1.5 billion cyber-attacks per year. 

Each of the data breaches in this article has something to teach companies and customers on how the most ly can exposure to confidential data is in 2020.

Cybercriminals are currently exploiting the COVID-19 pandemic problem to initiate extremely advanced cyber-attacks on any potential industry. During the first six months of 2020, different Fortune 500 businesses were the victim of major data breaches that hackers sold account credentials, sensitive data, confidential and financial records from cybercriminal platforms of these organizations.

Here are 7 major breaches that happened in 2020:

1- Nintendo Data Breach

Nintendo revealed in April 2020 that it was attack by cybercriminals and 160,000 accounts have been compromised. Hackers had evidently used the stolen accounts to purchase valuable digital items.

Nintendo ended the tradition of allowing users to log in using their Nintendo Network ID (NNID) as a result of this attack. The company also suggested that users secure their data by using two-factor authentication mechanisms.

Nintendo is also the most recent victim of digital media targeting credential. In recent months Netflix, Spotify and Disney+ have all faced similar issues.

2- Spear Phishing Attack

On July 15,  a Tweet was shared on a variety of high-profile pages, including Barack Obama, Joe Biden, Bill Gates and Elon Musk. “I’m giving back to the community.

All bitcoin sent to the address below will be sent back doubled! If you send $1000, I will send back $2000.

Only doing this for 30 minutes,” it reached more than 350 million people and resulted in the recovery of £86,800 in stolen ‘donations’ within hours.

According to the announcement made by , “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems”

While the attack targeted 130,000 public figures and profiles, the attackers made $121,000 bitcoin donations after the attack.

3- Easy Jet Data Breach

EasyJet, a low-cost airline that is based in the UK recently reported that 9 million data records and as well as 2,200 credit card information of their customers were stolen by cybercriminals.  Due to the strict GDPR rules in Europe, it’s only natural for a Company EasyJet to get fined and to pay compensation to the affected customers.

EasyJet has not revealed any information as to how the databases had been hacked, except to say that the hacker appeared to be targeting the company’s intellectual property, as opposed to the personal data of its client.

Even though EasyJet reported the matter immediately to the information commissioner’s office and other regulatory authorities, critics claim that customers were only notified four months after the incident took place.

EasyJet could face penalties amounting to tens of millions of pounds due to the breach of the General Data Protection Regulation, so hard times await the EasyJet.

In addition to this, last month the low-cost carrier unveiled plans to reduce up to 30% of its 15,000 employees as it became the latest airline to note that the aviation industry is facing a slow recovery from the collapse of the coronavirus pandemic.

4- CAM4 Data Breach: 10.88 Billion Records

Nearly 11 billion records were exposed to recent CAM4 data leakage. A team of researchers uncovered the leak from CAM4, an adult entertainment platform.

Details exposed in the CAM4 data leakage contained full names, email addresses and payment records.

The database was subsequently taken down by the parent company Granity Entertainment after the CAM4 data exposure was discovered. However, the logs seem to have been released since 16 March.

The database also included information such as username, user messages, sexual preferences, gender identity, device details, IP addresses, email communications, and chat records between users and CAM4.

Cybercriminals can use this data to target emails to extort money or for spear-phishing attacks. This is a highly sensitive issue for adult sites as most members prefer to stay anonymous.

5- Marriott Data Breach

The hotel chain Marriott announced a security breach on March 31, 2020, that impacted data from more than 5.2 million hotel guests who used the loyalty application of their company.

Cybercriminals stole login credentials of two Marriott employee accounts which had access to customer details about the Marriott’s loyalty application. A month before the breach was detected, they used the information to leak the data.

According to reports, the attacker has obtained a wide range of sensitive data, including contact numbers, personal details such as gender and birthday, and linked account data such as airline loyalty programs.

6- Zoom Credentials Hack

In a world that is changing globally with COVID-19 pandemic, Zoom has increased in popularity with the move of both the education and the organizations to the home-office model.

The Zoom video conferencing software has become the most commonly used virtual meeting application and has also become popular with cybercriminals.

In a short period of time, the software became vulnerable to multiple security threats and ultimately became a victim of a data breach. In the first week of April 2020, reports of more than 500.

000 stolen Zoom passwords available for sale in dark web crime markets shook the users of the application. 

Cybercriminals then sold login credentials to those accounts on the dark web, allowing pranksters and criminals to login and attend mid-stream meetings. They were also able to obtain personal details from Zoom participants, including email addresses and other contact details.

7- Antheus Tecnologia Biometric Data Breach

Security researchers have uncovered a massive data breach at the Brazilian company Antheus Tecnologia, which produces and sells biometric solutions both in Brazil and internationally.

The data was discovered on an unsecured server including 76,000 unique fingerprints, emails from company employees, telephone numbers and more. The server did not store direct fingerprint scans, but the binary code that hackers might use to recreate them, with potentially harmful results.

Antheus Tecnologia stated in response to the report that the exposed fingerprints are public. However, they claimed that the captured data had been hashed, but that was not the case.

Источник: https://www.keepnetlabs.com/the-biggest-data-breaches-in-the-first-half-of-2020/

NEWS
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: