Information security breaches are getting increasingly common around the world, across all domains. Surprisingly enough many of these security breach incidents go unnoticed for days, months and even for years, leaving the users and the organizations clueless about the theft of information that has taken place. A very recent incident was that of the Yahoo, where the security hack went unnoticed for 2 long years.
Here are 6 data thefts of the last decade which left the world shocked.
Yahoo Security Breach 2014
Yahoo data breach is undoubtedly one of the biggest hacks of recent time. When Yahoo disclosed the security breach on 22nd September 2016, it already went undetected for two years. What was believed to be a state-sponsored hacking group according to Yahoo sources, exposed some 500 million user accounts to the risk of security breach. With such unprecedented volume of data stolen, it came to be known as one of the biggest known security intrusion in the history of any company. Yahoo confirmed that the hackers could not steal any credit card information or bank details and asked its users to change their password immediately.
Yahoo has been constantly criticized for its negligence and insufficient allocation of funds on user security measures. Six years back in 2010 a number of companies along with Yahoo and Google suffered security attack from some Chinese military hackers. After the security breach of 2010, Google invested heavily on prevention of unauthorized intrusion and steps were taken to improve its security. Yahoo, however, was slower to follow the footsteps of Google. It was stern when it came to investment on security enhancement. The consequence of which came as a leak of 500 million user account. The data breach report came forward just at a time when Yahoo was trying to strike a deal with Verizon for $4.8 billion. Surely it will create a tough time for Yahoo to negotiate. Whether Yahoo works on its security measures now is yet is to be seen.
LinkedIn Security Breach 2012
Over 6.5 million user account was found to be stolen by some Russian cyber criminals, when Linked security hack was discovered on 5th June 2012. The 6.5 million people whose profile were hacked, could no longer access their account anymore and found their existing passwords no longer valid. These passwords along with the username were posted in a Russian password forum in plain text.
Something even more surprising was waiting to be disclosed later. In May 2016, 100 million more e-mail addresses along with their passwords were again found online. These accounts were believed to be hacked as a part of the 2012 hack but were disclosed only on May 2016. As a measure to correct itself LinkedIn invalidated the password of all these 100 million accounts, asked its users to change the password and remain alert about online security theft.
LinkedIn apologized to its more than 100 million user base after this massive security breach was unearthed. LinkedIn assisted by FBI is investigating on this massive security breach which made millions of account vulnerable. These hacks also exposed to the world how security theft is taking a toll on our online presence and our privacy.
Adobe Data Breach 2013
Back in October 3rd,2013, when Adobe data breach was reported, at least 38 million users were said to be impacted. Hackers were believed to have stolen millions of encrypted customer credit card records and login information. Adobe was initially reluctant to disclose the extent of the security breach or the total number of users impacted but as time passed, a website named AnonNews.org posted a file named “user.tar.gz”. This file contained more than 150 million usernames and password pair, believed to have been hacked from Adobe. Other than the user ids and passwords, the hacker also accessed the source code repository of Adobe which is believed to have impacted Adobe products like Acrobat, ColdFusion, and several other applications. AnonNews.org later posted a file which Adobe announced to be the source code for Adobe Photoshop.
Adobe has been criticized several times by security researchers like Kaspersky Labs for producing products possessing top 10 security vulnerabilities. A security flaw was uncovered in the Photoshop version CS5 when Adobe even sparked a controversy by saying that it will leave the flaw unpatched and users wanting to use it securely will have to pay extra for its up gradation. Adobe later decided to provide the security patch, though. Whether Adobe took measures to protect its users and data from such huge security breach is something only time can say.
JP Morgan Chase Data Breach 2014
In 2014 a cyber-attack took place against the American banking giant JP Morgan Chase, in which data associated with 83 million accounts were believed to be compromised. This included household and small businesses data. The declaration came from the bank on September 2014 and was believed that the intruders did not get any access to login details of the accounts. The hackers mostly got hold of names, e-mails, postal addresses which could give rise to a potential phishing attack. Several other financial organizations and firms like Fidelity investments, Citigroup, HSBC Holdings, Regions Financial Corporation and Automatic Data Processing were believed to be a target of these security intruders.
As a measure to improve its security measures, JP Morgan announced a spending of USD 250 million per year. This massive security breach exposed the need for proactive action in the detection of present and future security threats to make financial institutions secure against data threats.
Tumbler Data Breach 2013
On 12th May 2016 Tumbler, a microblogging social networking site, currently owned by Yahoo, confirmed that a data set was stolen by a third party in 2013. What came to light after this announcement was that the login information of around 65 million Tumbler user was stolen. It was not clear, though, how the breach happened. A matter of a relief to the user in this particular case was the fact that the passwords which were stolen were salted and hashed. This meant they were encrypted using an encryption function. Tumbler had immediately asked its users whose passwords were stolen, to change their password so that the hackers cannot do any nefarious activity using their password.
eBay Data Breach 2014
In March 2014 Online auction house giant eBay confirmed that its servers were compromised. They immediately asked their users to change their password. eBay later confirmed that the intruders could not access the credit card details of the accounts which were compromised. However, details like name, physical address, e-mail address, encrypted passwords and phone number of 145 Million customers had been accessed. eBay confirmed later that employee login was used initially and as many as 100 employee accounts were involved. It was unclear, however, that how employees fell a prey of such security breach.
Hope this blog post helped you to know about the security breaches around the world.
Keep visiting www.acadgild.com for more updates on the courses. Click here to Become Certified Ethical Hacker in 5 Days.