Data Breaches in Top Companies

Posted on Categories Cybersecurity, General

Irrespective of security measures, there’s no 100% guarantee of safety from breaches. Therefore, it becomes expedient to ask how one identifies or recognizes a data breach. Furthermore, the knowledge puts victims in a better position to decide the next course of action.

What is a Data Breach?

A data breach refers to a cyber attack whereby sensitive or protected data get accessed by unauthorized entities.

It occurs in any organization, no matter the size. However, most data breaches include personal information, identity theft, or violation of an organization’s compliance mandate.

Almost all data breaches had attributed to the vulnerability discovered by cybercriminals. They use these to gain access to the system or protocol of the organization in focus. The aim is primarily for monetary gains or political motives. In addition, some of the potential causes include;

  • Social engineering
  • Weak login credentials
  • Back doors
  • Insiders threats
  • Lost or stolen hardware, and more.

However, protecting data against modern security threats entails a lot. Good knowledge of the types of vulnerabilities goes a long way. No organization is immune to cyberattacks, no matter the size. Some organizations and governments recently experienced colossal data breaches.

List of Data Breaches and Cyber Attacks

Data breach continues in an upward trend. Almost all the top brands have had a hit from cybercriminals at least once. It shows that prestigious companies are vulnerable to the data breach trend.

  1. Canva Data Breach- 2019

Canva is an online graphic design tool from Australia. Unfortunately, the company also suffered a data breach in May 2019. All exposed data included email addresses, cities, names, passwords, and usernames.

There was a contact from the suspected culprits who claimed to access the user’s data. Canva confirmed the incidents and took steps to remedy the situation. However, every subscriber had to change their passwords and reset OAuth tokens. The episode affected 137 million users, making it one of Australia’s most significant data breaches.

  1. First American Financial Corporation Data Breach- 2019

In May 2019, a reported data breach in First American Corp. affected sensitive records of about eight hundred and eighty-five million (885m). Such data included bank account records, social security numbers, transactions, etc. However, the most alarming was that it breached records that date back to over 16 years.

  1. Facebook Data Breach- 2019

Facebook has experienced a data breach that spans between 2018 to 2021. A total of 533 million users got affected across the globe. The data included ID numbers, profile names, email addresses, and phone numbers. Facebook stated that the attack was reported in 2019 and swung into action.

Two-third of the app’s dataset got exposed on the public net. The attack actors scraped the data by exploiting the vulnerability of the now-defunct feature that allows search by number. One sad fact is that the data got leaked for free. The implication is that all numbers linked to it got compromised. Therefore, hackers can impersonate people and commit fraud.

The company stated that it found and fixed the issue. However, the potential of the leaked data resulting in attacks like social engineering is a possibility. For example, a user advertised an automated bot in January 2021 to provide the phone numbers of millions of Facebook users. While it may look safe, let’s not forget that these data are still available to hackers. Anyone with a rudimentary data skill can do much damage.

  1. MGM Grand Data Breach-2020

MGM Grand had a mild data breach. It only affected customers’ contact information, including Justin Bieber and Jack Dorsey (Twitter CEO). A total of 10.6 million users got hit. Nevertheless, no financial or password data was affected as claimed by the organization.

  1. Easyjet Data Breach-2020

Easyjet made a difficult decision to announce the exposure of personal data belonging to 9 million travelers. It was the second airline attack within two years. Customers got informed that those who booked a flight within a specified period were the affected parties. Fortunately, only 2208 customers had their credit card information stolen.

In a statement from the CEO, Johan Lundgren, no personal information got misused. Nevertheless, the airline advised the nine million customers to take protective measures to avoid potential phishing. Despite all actions taken, 51 reports of cyber fraud resulted from the Easyjet attack. The estimated loss amounted to £11,752.81.

Further attacks on the Easyjet customers are a possibility. Another angle to consider is the potential sale of customers’ information on the black market.

  1. Bonobos Data Breach-2021

Bonobos, a men’s clothing store, suffered a data breach that exposed the data of millions of customers. The method of operation entailed downloading a cloud backup of their database. However, the online store stated that the threat actor, ShinyHunters, did not breach the corporate systems.

The notorious cybercriminal posted the Bonobos database on a free hacker forum. A whopping 70 GB SQL file containing internal tables got leaked. Some hackers claimed they had started analyzing the database, while one claimed to crack some passwords.

  1. Pixlr Data Breach-2021

Pixlr is a free online photo editing application. Unfortunately, it also got a taste from a hacker’s meal in 2021. It attacked 1.9 million users’ records with information for credential stuffing or phishing attacks.

The Pixlr database got exposed for free on a hacker’s forum by the threat actor, ShinyHunters. In his claims, he stated that he also hacked 123rf stock photo sites owned by the same company. All information stolen includes email addresses, login details, SHA-512 hashed passwords, etc.

How to Prevent Hackers from Gaining Access

  • Change of Password and Two-factor Authenticator (2FA)

It becomes necessary for users to immediately change their passwords on the website on these premises. The use of a unique password prevents a breach that will affect you. Also, the use of a two-factor authenticator is crucial. Most sites use Google authenticator that works perfectly with 1OS and Androids.

  • Activity Log and Notification

The use of an activity log helps to monitor any action. Also, it is advisable to set up a notification for sensitive email accounts. So from login to password update and more, users are in the know always.