Site Loader
Join Us
Spice Digital Limited, Spice Global Knowledge Park, 19A &19B, Sector-125, Noida-201301
data breach fatured

Today in this blog we are presenting various Hacks that occurred in the previous Year and along with a Learning statement.

So let’s start with the first and the Biggest one –

1- Aadhaar Security breach 2018

aadhaar

We all know that the biggest Databases that India today is handling is of Aadhaar card Details and in previous years, we have been listening to various Data leaks on Aadhaar Data. In previous Year, a French Security Researcher found a bug in Indian Government’s mAadhaar app and showed that the data of users was exploitable. Later a critical bug was found in various Indian Government sites which were giving access to Aadhaar Database easily.

Data Included –

  1. Name
  2. Biometric Details
  3. Personal Information

Lesson from the Hack – Government websites and mobile apps must be fully secured because it can exploit various user’s data and India Government’s Reputation. Third Party CyberSec Companies must be employed to secure Indian Government’s Digital world.

2- British Airways Hack –

In the previous year, British Airways encountered a Hack which stole the personal and financial details of hundreds of customers who booked their airline ticket on ba.com or ba mobile app.

Customers were completely disappointed with the service of the company as they were complaining that the news of this biggest Hack was not informed to them by the Company and moreover, they did not take any steps for the betterment of Customers.

As per the legal rules, companies must aware their customers within 72 hours of becoming aware of the hack.

Even some customers had to block their credit cards in order to be secure.

However, the chairman and chief executive of the company said, “We are completely sorry for the disruption that this criminal activity has caused. We take the protection of our customer’s data very seriously”.

Data Included –

  1. Name
  2. Address
  3. Personal details of Payment Mode

Lesson from the Hack – As Attack vectors are changing so we need to update our knowledge according to the latest trends in cyber security.

3- Shein announces data breach of 6.4 million users –

In previous year Shein, a fashion retailer company encountered an attack in which 6.4 million users were compromised.

Shein disclosed that the Hackers were able to get the registered email address and the encrypted passwords of 6.4 million users and they also shared that now they have taken help from a Cyber Security Company to investigate the whole case.

Data Included-

  1. Email Address
  2. Passwords (Encrypted)

Lesson from the Hack – It has been always said that Prevention is always better than cure so we should always ensure that our company’s assets are all secured or not. It can be done by employing a Cyber Sec Team in the Company.

4- Facebook announces 30 million user’s Data Breach –

facebook

In the previous year, Facebook was badly affected by Hackers. Approximately 30 million users were found to be breached and on the same day Facebook announced a way by which you can check that you are compromised or not and immediately said to change your respective passwords.

Facebook announced that the Hackers were able to gain the personal details by using the “View as” feature moreover Facebook also announced that the Hackers behind whole case are discovered.

Data Included –

  1. Name
  2. Phone numbers
  3. Email address
  4. Some personal information also

Lesson from the Hack – The lesson here is that before the deployment of any feature, the module should be accurately checked for security issues as it can harm more after the final deployment.

5- Google + Hack impacted 500 thousand uses all over the world-

Initially the hack was first disclosed by Google on October 8 2018 and again in December 2018 Google again announced their second data breach which affect approximately 52.5 million records for 6 days to third party Google+ apps.

Data Included –

  1. Name
  2. Date of Birth
  3. Email address

Lesson from the Hack – Companies should not trust third party apps to adequately secure their technologies. A deep level of verification must be done.

6- Orbitz Hack affected 880 thousand users

This was considered the most deep and silent attack because the original attack was started on 1 October 2017 and was processed to 22 December 2017 and was first discovered on March 2018. The Hack was disclosed to Public after 19 Days i.e on March 20 2018.

The attackers managed to access Company’s Legal Computer and from there the data was compromised.

Data Included –

  1. Name
  2. Email address
  3. Phone numbers
  4. Payment Information
  5. Personal Information

Lesson from the Hack – All the Systems involved in the Official work must be secure and employees of the Company must be aware about Social Engineering attacks.

7- T-Mobile Hack affected 2 million users –

This attack was not so famous but was a Big one. The attackers were able to take the control of Company’s Servers but the attack was discovered on the same day and was cured on the same day. The day of attack and Discovery is same in this case i.e August 20 2018 but it was disclosed on August 23 2018.

Data Included –

  1. Name
  2. Email Addresses
  3. Billing Information
  4. Account Numbers
  5. Passwords (Encrypted)

Lesson from the Hack – The Backbone of the Company is always their Server on which their final code or data is placed so Server must be checked on a regular basis. Firewall settings must be updated as per the requirement.

8- Saks and Lord & Taylor Hack affected 5 million users –

This was performed by a Hacker Group JokerStash. Attackers implemented this attack by compromising the retailer’s point of sale by installing malware through Phishing pages and fake emails and were able to get the payment information of many customers.

Data Included –

  1. Payment Information

Lesson from the Hack – The company’s like Saks and Lord & Taylor which have their retailers on various places should check that how much aware their retailers are, because data can also be breached by affecting retailer’s system. So every single detail must be cross checked. Even a small mistake can cause millions of loss.

9- Timehop Hack affected 21 million users –

This Hack was exploited by a small bug in company’s Cloud Computing environment. The only bug was that there was no Two-Factor Authentication deployed on Cloud Computing Service. This Hack was performed on July 4 2018 and was discovered on the same day.

Data Included –

  1. Name
  2. Date of Birth
  3. Email address
  4. Phone Numbers
  5. Personal Information

Lesson from the Hack – Wherever we are having a Login type of thing, Two Factor Authentication must be implied because it add-ons a new layer of Security. If a Developer forgets to add this layer, then a Security tester should consider this as a Bug and must report to the Developer.

10- Quora Hack infected 100 million users –

In this Hack a Third Party app was able to get the access to Quora’s systems and various user’s Information was compromised. The Hack was discovered on November 30 2018 but there is no more legal information on this Hack on the Internet.

Data Included –

  1. Names
  2. Email Addresses
  3. Encrypted Passwords
  4. Data that was send on Personal network of users

Lesson from the Hack – This Hack just shows us that we should never trust any third party app easily without verifying every single detail.

11- Twitter Hack affected 100 million users –

twitter

This Hack was actually not a Hack because Twitter itself found a small Bug which can affect a lot because Twitter found a Internal file which stores all the Passwords in a Plain text without any Encryption which can be compromised easily. So Twitter asked each and every individual on Twitter to change or reset their respective Passwords.

Data Included –

  1. Passwords (Plain text)

Lesson from the Hack – Wherever the Passwords are stored they should be encrypted by any algorithm other than MD5, as it can be cracked easily.

So, these were the Top 10 Data Breaches held in the previous year i.e 2018 along with the Learning that we got from them.

Post Author: Amanpreet Singh

One Reply to “Biggest Data Breaches of 2018”

Leave a Reply

Your email address will not be published.

Enjoy this blog? Please spread the word :)

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • Instagram