2/27/2018

7 worst data breaches in 2017


There seems to be no end to data breaches in most parts of the world. Every day, there is some news featuring the words like ”vulnerability", "hacked" or breach”. As reported by the Identity Theft Resource Center, the data beaches are constantly increasing, and they led to massive 1,500 in 2017. In comparison to 2016, this tantamount to a 37% annual increase, thereby, posing a major threat to personal data and its exposure. Moreover, there are many instances of security failure in most of the data breaches recorded. Here are the seven most colossal sets of compromised data breaches of 2017:

1. KRACK Vulnerability - All Wi-Fi Devices
In 2017, all data transmitted over WiFi networks was found to be exposed. According to Computer scientist Mathy Vanhoef, the WPA2 encryption protocol has made WiFi networks accessible without the need for login credentials. This posed a serious threat to the compromising of valuable data, and as a result, cyber criminals are able to access WiFi data through a key re-installation attack or KRACK. Nothing can be said now that if any data was, in fact, stolen utilizing this method, however, the data exposure threat has stood since the launch of WiFi.

In order to check this problem, technology companies have initiated the process of releasing patches. For all iPhones, the security holes have been fixed by Apple. In addition, several routers firms have released an updated firmware with the intention of protection against KRACK attacks.

2. Deep Root Analytics Data Breach
The data of near about 198,000,000 American citizens with Deep Root Analytics, the data analytics firm, working in contract for the Republican National Committee, was exposed. The data, including names, birthdates, contact numbers, and voter registration details was said to be compromised. On June 12, 2017, this breach was revealed by the security researcher Chris Vickery. He discovered that the firm’s database was stored without password protection on an Amazon cloud server, thereby, providing an opportunity to anyone to download the 1.1 terabytes value of data.

3. Equifax Breach
Equifax disclosed in September that hackers had infiltrated into their network. Being one of the four major credit reporting agencies, the breach fraudulently disclosed the data of 143,000,000 Americans. It included names, birthdates, addresses and, social security numbers. The worst thing was that the credit card numbers for approximately 209,000 consumers and documents pertaining to credit card disputes for about 182,000 people were also disclosed illegally. In return, Equifax made an effort to protect credit card holders, and offered identity theft protection services to all American citizens. The services were made free of charge till 31st January, 2018, including up to $1 million in ID theft insurance and social security number tracking.

4. Uber Data Breach Data breach occurred in Uber in 2016, but it was exposed in November, 2017, mainly due to underhandedness on Uber’s part. The data breach included compromised data in the form of names, email addresses, and contact numbers of near about 50 million Uber customers. Furthermore, the secret data information of approximately 7,000,000 drivers and 600,000 driver’s license numbers were also disclosed. The mode of operation adopted by hackers began by getting access to a private GitHub site, which was frequently utilized by Uber engineers. Subsequently, the cyber criminals also get access to Uber’s Amazon Web Services, and the personal data was accessed here. After collecting the huge data, the hackers asked for ransom from Uber. In order to hide this incident, Uber officials paid an amount of $100,000 to the hackers for keeping silence and erasing the data. The new Uber CEO Dara Khosrowshahi discovered this incident, and regretted for the same.

5. Edmodo Platform Hacked
In May, 2017, Motherboard informed that that social learning platform used by educators and students was hacked. This educational service has near about around 78,000,000 users, and a cyber criminal named “nclay” too claimed that he was in possession of account details of 77,000,000 of them. On the Dark Web, the hacked data was put up for sale. In view of the fact that the data for a site that is primarily educational and allocating homework isn’t valuable, the hacker quoted the complete database at merely $1,000.

6. Verizon Breach
In the event, you made an effort to call Verizon customer service in the earliest six months of 2017, most possibly your data was unintentionally disclosed. According to ZDnet, an Amazon S3 storage server containing data in the form of customer names, mobile numbers, and account PINs of about 14,000,000 Verizon customers was not secured successfully by Nice Systems, an Israel-based company. Luckily, Verizon was successful in protecting the valuable data earlier than anyone else could gain access to it. A Verizon spokesperson made a statement to CNBC and confirmed that an individual who got the solitary access to the cloud storage area other than Verizon was a researcher. He brought this issue to Verizon authorities. However, there were no reports of loss or theft in relation to Verizon customer details.

7. Sonic Drive-In Credit Card Breach
The fast-food chain Sonic Drive-In disclosed that an indefinite number of restaurant payment systems were breached in the form of customer credit card details. Millions of customers when ordering a cheeseburger may have unintentionally given their credit card details to swindlers. According to the security researcher, Brian Krebs, the stolen credit card numbers were utilized by the thieves for buying and selling sensitive financial data.

Click here for Global Cyber-crime New Reported by McAfee

0 comments:

Post a Comment