GDPR, IT Security News 4 November 2019

Most Shocking Data Breaches of 21st Century

Could You be a Victim From These Shocking Data Breaches?

Ryan Scholes, Service Desk Engineer, Fabric IT

In an age where our data lives in so many places, it’s no surprise that data breaches happen from time to time. These can range from minor leaks where a single password gets into the wrong hands, all the way to significant leaks where billions of pieces of data are leaked. Most data breaches can be avoided.

Read more… Learn four simple ways to keep your network secure

Here are three of the most shocking data breaches from the 21st century.

1. Yahoo

Whether you have an email address yourself or know someone who does, most of us have come across Yahoo.

Yahoo had two of the most significant data breaches of all time in 2013 and 2014. These breaches exposed millions of customers data to a group of hackers.

The first data breach was initially thought to have affected 1 billion user accounts, making it the most significant data breach of all time. However, things got worse for Yahoo when in October 2017. The hack was re-assessed, and it was found that it was actually 3 billion user accounts that were affected. This breach included names, passwords, security questions, email addresses and the date of birth of Yahoo users. 

Yahoo never actually found the cause; they know somebody gained access to their network and data, but nothing more on how or why this happened. The data was sold on the dark web for up to $300,000.

Read more… find out what the Dark Web is and why it needs to exist

The second data breach came in 2014 when a hacker from Russia gained access to Yahoo’s network via malware on an employees PC. A single employee opened a malicious email attachment sent by the hacker in a phishing email, which in turn gave the hacker enough access to be able to work his way into the Yahoo servers and access personal information. 

This breach affected 500 million users, and the information leaked included email addresses, passwords, names and dates of birth.

It’s hard to know if the first breach could be avoided due to the lack of information on how it happened, but the second breach could have been avoided by better email protection.

Advanced Threat Protection would likely have detected the email attachment as bad, and it would never have made it to the user’s mailbox in the first place. Having secure spam filters would also help to stop these emails from entering the inbox. Employee training is essential. Only open attachments if you’re sure they’re legitimate.

Did you know?… You can test employees with a phishing simulator.

Yahoo logo

2. eBay

Another service most of us have used is eBay, but many people may be unaware of the data breach they had in 2014. The breach affected 145 million users, which at the time was every user with an eBay account.

This breach came from a cyber attack which resulted in the hackers having access to multiple employees login credentials. With this information, they were able to access eBay’s internal network, giving them access to user information, including names, email addresses, physical addresses, dates of birth and encrypted passwords. Hackers had access to eBay’s internal network for 229 days until it was discovered.

eBay never disclosed how they gained access to the user accounts; however, there are many ways this can happen. A malicious email attachment could include a keylogger which would allow them to see what users are typing, including passwords. They could have also used a brute force attack which tries a vast amount of passwords until it finds the right one. Others ways include things like passwords being sent in unencrypted emails, using the same password for other websites/systems etc.

All of these things are avoidable. Multi-factor authentication could have helped to avoid all of this, as when trying to log into the user’s accounts forcibly, the hackers would have also needed access to the employee’s mobile phone. Better email security and use of Advanced Threat Protection could have prevented the malicious email. Using different passwords for each website or system would also avoid hackers gaining passwords from other sources.

ebay logo

3. Equifax

Another shocking data breach comes from Equifax. This breach affected 143 million people. Some of the data leaked included names, birth dates, social security numbers, addresses and driving license numbers. What made this data breach so severe though is that the data leaked also included 209,000 credit card numbers from customers, putting them at serious risk.

Hackers gained access to the Equifax servers using an exploit in a piece of software. Hackers found an exploit and this gave them access to the Equifax servers, meaning they could take any information they wanted.

This data breach could be avoided by using software that is not open-source, due to the code being so readily available; it makes it an easy way in. All software should be secure, especially if it has that sort of access. It is important to keep software up to date, as these sorts of vulnerabilities are fixed in software updates. Not only should software be kept up to date but it’s important to run Windows updates to keep your operating system and core software updated and secure, these are released by Microsoft and most PC’s install these automatically.

Equifax

What all of these data breaches have in common is that they were avoidable. Better email protection, multi-factor authentication (MFA) and stronger passwords could likely have prevented all of these from happening. These are all things we can provide advice on and help with implementing.

Ryan Scholes, Service Desk Engineer, Fabric IT

Get in touch Back to blog