In 2016 we saw some of the worst data breaches in US History including high-profile victims, such as LinkedIn and Yahoo. At last count, there were over 2.2 billion records stolen.
While methods of infiltration are different, the common factors many of them share are that hackers were using stolen credentials to gain access. Consumers also had their access credentials exposed and sold on the dark web. According to the 2016 Verizon Data Breach Investigations Report, 63% of confirmed data breaches involved the use of weak, default, or stolen credentials.
From a ZDNet article, here are a few of the most notable hacks from last year:
FBI hacked terrorist’s iPhone – should Apple be helping the FBI? Apparently, the FBI thought so, they brought a case against Apple to compel the company to help them break into the iPhone of one of the San Bernardine shooters. Apple refused to help and filed a formal appeal. Under public scrutiny, the FBI backed down. However, the FBI did find a willing hacker to break into the phone at the last minute.
Linux Mint ‘backdoored’ by hacker – one of the most popular Linux distributions, thus a great target for a creative hacker to insert a backdoor in the operating system and trick users into downloading the malicious version from the project’s website. Hundreds of Linux users downloaded the affected build.
SWIFT took several hits this year – the global financial messaging system company revealed a new cyber security plan in the wake of a $81 million cyber heist from a Bangladeshi bank earlier in the year. The cyber attackers learned how the messaging system worked, took the bank’s SWIFT code and made a series of transaction requests for cash to be sent from the country’s New York-based account to entities across Asia.
Trump’s organizations were hit multiple times – his hotel chain was attacked twice due to insecure and unpatched systems that dated back more than a decade. Also, Trump’s presidential campaign leaked the resumes of potential interns. The information leaked included names, addresses, and employment details.
LinkedIn hits the headlines – this was the second time LinkedIn was hacked, the first hack occurred in 2012. This time around, the scale of the records stolen went up almost twenty-fold to 117 million accounts compromised. To add insult to injury most of the LinkedIn passwords were ridiculously simple.
Tumblr suffers a major hack – the social blogging site owned by Yahoo suffered a breach in May this year. Investigative journalists revealed that the breach leaked information from 65 million Tumblr accounts.
MySpace, long forgotten, but not your account details – the ailing social network suffered a breach that allowed 427 million accounts to be stolen earlier this year. This one was a good reminder that security can come back to haunt you.
US accuses Russia of political cyberattacks – a month before the end of the election, the Whitehouse formally accused the Kremlin of politically motivated hacks. Based on the “scope and sensitivity” only Russia’s senior-most officials could have authorized the hacking activity on the Democratic campaign.
As Russia hacks, Russian businesses suffer – three hacks in three months. Social network giant VK.com was targeted in June with 171 million stolen accounts.
NSA hacking tools were stolen and auctioned – in one of the largest breaches of classified information since the Snowden affair, hacking tools thought to have been used by NSA for carrying out intelligence gathering and surveillance activities were stolen and later auctioned off by the Shadow Brokers.
The NSA suffered another huge breach later in the year due to a disgruntled staffer walking out the door with 50 terabytes of classified data from the agency. The breach vastly eclipsed what Snowden stole.
Oracle Micros division hit by hackers – one of the largest point-of-sale terminal makers reported that hackers had compromised “hundreds of systems” at the company, potentially compromising a portal used by retail clients. The party responsible for the breach installed malware on the support portal to scrape usernames and passwords.
Opera sync server hacked – close to 2 million users were affected by the hack of their synchronization server. Although passwords were reset, the company’s vague information about the breach caused many customers to lose trust in the company.
Yahoo hack broke all existing records with over 500 million accounts compromised – at the time this occurred, Verizon was bidding on Yahoo’s company assets. Talk about bad timing. They claimed a state was behind the hack, but there is still an ongoing investigation into what happened.
Yahoo announced a 1 billion user breach a mere three months later. The company launched a project in 2013 to get rid of the MD5 encryption algorithm (which had been announced as cryptographically unsound in 2008). Unfortunately, they were too late as the user data was compromised before their efforts were complete.
Weebly admits it left the doors open – the web design company put over 43 million customers at risk due to their own shoddy security. The hackers took records including usernames, scrambled passwords, and IP addresses.
Bottom line here, companies need to take note of what has happened to other organizations and ensure they take appropriate steps to safeguard their resources and data.
For more information on the best cyber security service options for your business, set up a quick call with one of our experts here.