A data breach is an unexpected cybersecurity incident where confidential information is accessed without authorization by the data’s owners. This can occur for a multitude of reasons including human error, such as falling for a phishing scam or using weak passwords utilized by company users, or by malicious actors targeting a specific network or system with malware or other cyber attacks. This cyber attack puts victims at risk not only on the day of a breach, but potentially years to come with their personally identifiable information (PII) now being available to cybercriminals online.
Data breaches have continued to plague businesses even in the midst of a world-wide pandemic — hitting almost 4,000 breaches by August of 2020 with nearly 16 billion records exposed at that time (not even including September!). Here we’ll look at just a few of the worst breaches from the past six months of this chaotic year.
Q2 Major Breaches
With businesses and schools being forced to shift operations to being at home, video meeting platforms gained incredible amounts of usership at the start of the pandemic. A company which seemingly came out of nowhere was now becoming the number one source for much of the world’s meetings – Zoom. Quickly following this abrupt shift in early April, a breach was reported – 500,000 users impacted with their passwords now for sale on the Dark Web with some being offered up for free. The majority of the leaked accounts were people whose credentials were tied to financial institutions, banks, colleges, and other major name organizations. Not only were the victim’s passwords stolen, but personal meeting URLs and HostKeys were taken too.
Over 19 million customers of domain registrar, GoDaddy, were impacted by a data breach. The breach, which affected 77 million domains that the company managed, was brought to light after suspicious activity was observed on a multitude of sites that the company managed. This breach was caused by an “unauthorized individual” accessing login credentials that allowed them to “connect to SSH” on the affected hosting accounts. SSH stands for secure shell and is a network protocol used by system administrators to access remote computers. Something that is now a major topic of discussion following this particular breach is the proper securing of SSH as it is seen by hackers as an excellent means of breaking into their potential victims’ websites. The breach apparently happened in October of last year, but the announcement came out earlier in 2020.
Originally, the gaming giant reported that roughly 160,000 accounts were compromised in a recent data breach, however, it turns out this estimate was wrong by nearly 50%. Over 300,000 Nintendo accounts have now been reportedly accessed by malicious hackers. Any personal information tied to ones login was accessed and sold on the Dark Web following the attack. Affected users will be notified by email, so if you have a Nintendo account, be on the lookout.
Q3 Major Breaches
Social media powerhouse, Twitter, was hit by a data breach in July of this year. In this attack, hackers targeted high profile accounts such as those of Elon Musk, Bill Gates, and Barrack Obama with a total of 130 accounts which were targeted; of those 130, 45 accounts experienced passwords which were reset by the cybercriminals. Hackers used these accounts to to dupe over 300 users to send them a total of $121,000 in Bitcoin — they tweeted out falsified tweets saying that if users sent $1,000 to a Bitcoin address, they would receive $2,000.
With the pandemic forcing many of us to stay home as much as possible, take out and delivery services definitely saw an uptick in users. One such service, Instacart, helped to make it possible to get groceries delivered to your home — a very helpful tool for this times! However, if you have this service, you might want to update your login information as this delivery service experienced a data breach in July of this year. Over 278,000 Instacart customer records were stolen in this hack and it has been reported that, despite the company denying the breach, that customer information is available for sale on the Dark Web for $2 per person. This stolen data includes names, email addresses, order histories, and the last four digits of credit card numbers.
Experian South Africa
In August of this year, the South African branch of Experian reported that the data breach which hit the company exposed 24 million customers’ records. In addition to this, nearly 800,000 local businesses were impacted by this breach as well – putting at risk not only those businesses, but their customers as well. Once the attack was discovered, the company reported the incident to local authorities, and the attacker was identified with the stolen data then being erased from this person’s devices — however, the fact that this was able to happen at all is a scary precedent for the company indeed.