perm_phone_msgConsider your business risks? Chat With US

Top Cybersecurity Data Breaches of 2019

Cyber insurance BCyber todayJanuary 14, 2020 21

share close

Every year we hear about the data and security breaches, hacks and malware alerts; this happens when a website or an application software has vulnerabilities that hackers use to their own advantage.

Federal agencies recognize the growing threat of these exploits. The severity of these breaches range from small attacks to large disruptions. Most of these attacks are for monetary gains and others are carried out by governments for tracking and surveillance of certain individuals or to gain sensitive information for espionage. 

Forbes states that ‘Data Breaches Expose 4.1 Billion Records In First Six Months Of 2019’. We can say that your online data is not as secure as you think it is. In fact, an alarming report from Varonis states that ‘58% of companies have over 100,000 folders open to every employee’. This means that one wrong click from an employee and your data could land into the lap of prying hackers. 

Though there are many new online threats and breaches every day, there are certain steps you can take to ensure that your privacy is maintained going ahead in the new year and for that here are some cybersecurity tips for 2020.

Major Data Breaches Of 2019

With more and more threats happening every year, there is no way of telling what the future holds but let’s take a look at the major security data breaches that have come to light in the year 2019:

1) Whatsapp Hack 

In May 2019, hackers were able to install a malicious piece of Spyware on WhatsApp user’s devices. A vulnerability in the app allowed hackers to install surveillance software on both android and iPhones using WhatsApp’s phone call feature. 

It is to be noted that WhatsApp is used by over 1.5 billion people worldwide. It is unclear how many users were affected.

The malicious piece of code can install itself on the smartphone even if the call was not answered by the user. The call would disappear from the call log without leaving a visible trace of malicious activity.

The Financial Times stated that the software was developed by NSO, a secretive Israeli company. Also, a statement from WhatsApp said that the attack bore all the hallmarks of a private company known to work with governments to develop spyware that reportedly takes over the functions of mobile operating systems.

2) Fortnite Breach

In January, over 200 million Fortnite users worldwide were left exposed to cybersecurity attacks due to an old, unsecured webpage on their subdomain. Hackers could access the player’s account, record audio and use their in-game currency without even needing login credentials.

Instead, the hackers sent a message with a link promising the player to get free “V-Bucks”, the in-game virtual currency of Fortnite. As soon as the user clicked on the link the hacker could collect the user’s ‘Login token’; this way the hackers got access to several accounts. 

The problem was mitigated when Checkpoint Research reported the vulnerability to Epic Games, Fortnite’s parent company.

Also in August, players were also warned against a Ransomware attack that encrypted files on the computer and asked for payment to unlock the files.

3) iPhone Surveillance

Once considered impenetrable, iOS was also subject to cyber-attacks this year, making every iPhone user potentially vulnerable. Forbes states that for two years various hacked websites were used to attack iPhones.

These hacks were discovered by cybersecurity researchers from Google’s Project Zero.

The company states that iPhone users were visiting certain dangerous websites that install malicious code that makes them vulnerable to surveillance across the phone software, browsers, messaging and private data like passwords and locations of the user.

The nature of the attack conveyed the presence of a state-backed agency. Most probably, this was done by China for geopolitical reasons. Likely an attempt to monitor the Uyghur Muslim Community of Xinjiang, China.

The attacks were downplayed by Apple, Stating that the problem was fixed within 10 days of the discovery and that the few dozed websites that were used were specifically targeted at the Uyghur users.

4) Dunkin Donuts Credential Stealing 

For a second time this year, Dunkin Donuts again faced a data breach with hackers gaining access to customers’ accounts with credential stuffing attacks. User’s data was leaked on to the dark web form where the users were able to access a lot of login details, this gave them access to the user’s ‘DD Perk Reward’ accounts.

Now the hackers are reportedly selling the DD Perks account details over the Dark Web with all the user’s information, email Ids, account number, and QR code.

5) Toyota Data Breach

The Japanese car manufacturer had its fair share of controversy when it was hacked twice this year, once in the month of February and again in March. The company has faced attacks in Australia, Vietnam, Thailand, and Japan. Several sales subsidiaries of Toyota were also affected. The most serious attack was in japan with an impact on 3.1 million customers.

While there is still speculation about how the attack happened, the attacks were targeted at the automaker’s computer systems. The hackers gained “unauthorized access” to the database revealing name, contact information, birth date, & employment status. However, no customer credit information was revealed according to Toyota.

For now, the company claims to have contained the damage from the security incident. Sources are pointing to a Vietnamese Hacktivist group that used Advanced Persistent Threat (APT32) to commit the hack. The group allegedly supports Vietnamese interest in the automotive sector.

6) Capital One Bank 

Capital One Bank faced a similar issue this March, where personal data of 106 million users was made available online. The data is said to have contained details including people’s names, addresses, social security numbers, social insurance numbers, bank account details, credit limits, credit scores, balance, and other sensitive information. There is no doubt that this is one of the biggest hacks of the year.

A hacker named Paige Thompson is accused of breaking into the company’s server.

Paige used to work for Amazon Web Services, the cloud hosting service that Capital One was using. She was able to gain access by exploiting a misconfigured application firewall.

Paige was less than careful with the information she had acquired and made it available on Github with her full name. As soon as people noticed, they informed Capital One, which filed a case against her.

Final Word

These breaches are proof that every organization, no matter how small or big needs to have a proper focus and investment in data security. They need to make sure that databases are protected from eyeing hackers and unethical elements. 

Also, tech giants like Facebook should vary of giving third-party companies access to users’ data as these companies are not good at safeguarding the data and are easy targets for hackers. They are often the entry point of data breaches.

As a user, you should avoid using the same password everywhere and frequently update your passwords. Also, you can use VPNs to maintain anonymity online and keep your activities from being logged and sold to third parties without your consent.

Be Safe! Stay Tuned!

This content was originally published here.

Written by: BCyber

Rate it
Previous post