The year 2019 witnessed a huge increase in data breaches, where the phrase (unsecured database) was frequently present in the news throughout the year 2019, and the stories of the companies that were hacked were remarkably many, in various fields such as: health care, Hospitality, e-commerce, financial services, and others.
Also, most of the breaches occurred due to leaving sensitive customer data unprotected in open internet software to be bought and sold by hackers who did not make an effort to even find them. Each month, there was more than one company requesting its customers to change their passwords and report any damage .
During the first nine months of 2019, 5,183 security breaches were reported, causing the disclosure of 7.9 billion records. Accordingly, the total number of violations increased by 33.3% compared to 2018, and only 6 violations resulted in the detection of 3.1 billion records in the period. Between 1 July and 30 September.
During the month of November, the research company (Risk Based Security) described 2019 as the worst ever for cybersecurity, due to the large number of data breaches that occurred during it and the number of records reached by pirates.
Here an important question arises: How much does an average data breach cost an institution?
According to the latest IBM study, the cost of a data breach has increased by 12% over the past five years, as a security breach now costs about $ 3.92 million on average, and these expenses include covering the costs of investigation, damage control, repairs, lawsuits, and fines, with no signs To slow down. These breaches also pose an increasing danger to small companies, as they cost up to 5% of annual revenue, an amount that may be a disincentive for small businesses.
What is difficult to estimate is the amount of cost to individual consumers around the world this year, as well as the expected cost during 2020, as it was easy to access the most sensitive data in 2019 such as: passport numbers, medical records, and bank account details, And login data to social media accounts, and social security numbers, prompting millions of people to close their accounts on social media and search for strong insurance methods.
It will be almost impossible to calculate the hours and dollars that people trying to recover from the shameful neglect of some of these companies spend, as predicting future costs is unimaginable. But so far, most experts note that following basic internet security procedures while browsing or shopping will help a lot in protecting you from being harmed by huge breaches.
Today, we will review the 10 largest data breaches that occurred in 2019:
1- Breaching the Marriott chain and reaching 383 million records:
The year 2019 started with the release of (Marriott International Hotel Services) on January 4, a statement confirming that hackers have reached records that include: some passport numbers and credit card information for up to 383 million guests. This number is more than twice the number of users who have been affected by the most recent breakthrough in history, which is Equifax, a consumer credit company, that has reached 147.7 million Americans.
2- (Group 1) Collection # 1 and access to 773 million records:
Security researcher (Troy Hunt) announced on January 17th the largest set of hacked data that includes more than 773 million email addresses and 22 million passwords, and the size of the data file hosted on the MEGA cloud storage service reaches 87 GB, which makes it the largest Individual data breach.
The group contains more than 12 thousand separate files, with a total number of email addresses and passwords approaching 2.7 billion, and although most email addresses have appeared in breaches previously discovered, the researcher indicated that there are 140 million email addresses that came from a breach Large for data not reported or through many smaller data breaches or a combination of both.
3- Hacking 16 sites and leaking more than 617 million records:
A report by The Register on February 11 reported that more than 617 million records were stolen from 16 websites and put up for sale on the dark web. The owners of these hacked websites saw the stolen user data sold for less than $ 20,000 in Bitcoin. Bitcoin digital on the Dark Web.
This data was stolen from the sites: Dubsmash, Armor Games, 500 px, Whitepages, ShareThis, MyFitnessPal, MyHeritage, Houzz, Ixigo travel reservation site, YouNow live video site, and others.
Meanwhile, a group of smaller security breaches demonstrated the seriousness of neglecting electronic security in health care:
On February 19: Nearly 2.7 million phone calls from Swedish National Health Services hotline were discovered on an unencrypted system that can be accessed without a password or any authentication method, as it was accessible to anyone with an internet connection.
On February 20: An attacker detained up to 15,000 patient files at the specialist heart disease unit at Cabrini Health Hospital in Australia for a ransom.
February 22: (UConn Health) revealed that an unauthorized third party has accessed employee email accounts which have broken the records of 326,000 patients.
4- Accessing 540 million records for Facebook users:
Security researcher (Brian Krebs) revealed on March 21 that Facebook exposed hundreds of millions of passwords to danger, by storing up to 600 million passwords to Facebook and Instagram users for several years in plain text format that could be read, which means that it was from It can be read by thousands of company employees.
Also, during the month of April, researchers for UpGuard Security Services announced that Facebook application developers had left data of hundreds of millions of users exposed within cloud servers open to the public, and researchers explained that the two largest groups of data came from:
A Mexican company called (Cultura Colectiva): It saved 146 GB data that contained more than 540 million records on the Amazon S3 server without a password, allowing anyone to access it, which contains information such as: comments, likes, feedback, names Accounts, and others.
An American company called (At the Pool): It is not as big a discovery as the Cultura Colectiva dataset, but it contains text passwords (i.e. unprotected) for up to 22,000 users.
5- Verifications.io hacked and access to 808 million records:
Researchers (Bob Diachenko) and (Vinny Troya) announced during the month of April that they had found an accessible database containing 150 GB of detailed marketing data. The database was owned by Verifications.io, to verify e-mail.
The database contained four separate sets of data, the records totaled more than 808 records, this is perhaps the largest and most comprehensive email database, and the bulk of it was called (mailEmailDatabase) and it contained three folders designed to include the zip code, phone number , Address, gender, and email. By reviewing a random set of records using a (HaveIBeenPwned) database, it turned out that this data is not due to any previous leaks, but rather a completely new set of data.
6- Canva hacked and leaked 139 million records:
(Canva), the most popular website in the field of design, announced during May that it had experienced a security breach affecting 139 million users. The data included: real usernames, email addresses, passwords, and information about the city. Additionally, out of 139 million users, 78 million users had a Gmail address associated with their Canva account.
ZDnet announced on May 24 that the hacker responsible for this hack had released data of 932 million online dark sale records stolen from 44 companies from around the world including Canva data.
7- First American company penetration and leaking 885 million records:
Security researcher Brian Krebs revealed on May 24 that First American - the largest real estate property insurance company in the United States - was exposed to a security breach that exposed nearly 885 million digital documents, and these documents were intended for mortgages and hundreds of millions of them It dates back to 2003.
The records included bank account numbers, mortgage data, social security numbers, bank transaction receipts, tax documents and driving license pictures. These records were available without authentication, so they could be read by anyone using a web browser.
8- Capital One hacking and leaking data of 106 million records:
Capital One, one of the largest financial institutions in the United States and owner of a series of banks, announced on July 29 a security breach due to a security vulnerability in the company's server infrastructure that revealed nearly 100 million user records in the United States, and about 6 Millions of users log in Canada.
The largest category of leaked data included information related to individual customers and small companies that used the company's credit cards from 2005 until the beginning of 2019, and this data varied between names, addresses, postal codes, phone numbers, birth dates, email addresses and income, in addition to credit card data.
Not all bank account or social security numbers were hacked, but about 140,000 social security numbers were affected by credit card customers, and about 80,000 bank account numbers associated with credit card customers.
The company quickly discovered and repaired the vulnerability directly, and it collaborated with the Federal Bureau of Investigation (FBI) to reveal the identity of the hacker, and for its part, the US Department of Justice announced the arrest of a software engineer named Paige A. Thompson who was working at Amazon company related to the penetration incident. After investigations, it was found that Thompson was linked to hacking incidents by several other companies.
9- The data of 7.5 million users of Adobe company:
Comparitech, a cyber security company, announced on October 25 that Adobe left one of its servers without security, as it was accessible on the web without the need for a password, or any type of authentication, revealing data for 7.5 million records for its cloud service users ( Creative Cloud. The company closed it immediately after the warning.
The exposed database included details such as: email addresses, account creation dates, user subscribed products, subscription statuses, member IDs, country of origin, time since last login and whether they are Adobe employees or not. Adobe also confirmed that the data did not include any passwords or financial information.
10- TrueDialog hacked and uncovered over a billion records:
On December 2, two researchers from vpnMentor announced they had found a non-protected US Telecom (TrueDialog) database containing tens of millions of SMS text messages, most of which were sent by companies to potential customers.
The researchers stated that the TrueDialog database hosted on the Microsoft Azure service running on Oracle Marketing Cloud in the United States of America, contained 604 GB of data. This included nearly 1 billion records.
The database contained details such as: full recipient names, TrueDialog account holders, message content, email addresses, recipient and user phone numbers, transmission dates, and status indicators on sent messages.
0 Comments