2018 was a prolific year for hackers all over the world and even the biggest, most powerful companies became their victims. AMATAS regularly informs you about the most up-to-date studies and news about breaches, which have affected lots of people, with one aim – to convince you that taking care of your personal and your business’s cybersecurity hygiene is of crucial importance.
In this article, we have collected some of the most impressive cases from this year where cybersecurity was seriously compromised. Read, share and follow us in order to know how to be safe in the digital world in 2019!
The notorious “MoneyTaker” hacker group stole at least $920,000 from the Russian PIR Bank. The cybercriminal managed to penetrate the bank's network via an outdated router. Cybersecurity experts believe that the hackers stole tens of millions from banks since they started attacking targets back in 2016. Statistically, the average losses are of $500,000 per such incident in the US and around $1.2 million per incident in Russia. So far, MoneyTaker’s victims have become 15 US banks, 5 Russian banks, a UK banking software company, a Russian law firm, to name a few.
Air Canada has notified its customers that it has become a victim of a cybercriminal attack, due to which hackers have been able to get unauthorized access to 20,000 Air Canada mobile application users' profiles. All 1.7 million Air Canada customers were asked to change their passwords according to special passwords' cybersecurity instructions. According to cybersecurity experts criminals could use this huge amount of data for various abuses.
Cybercriminals have been able to steal the bank details of customers who used the airline's website and the mobile application. This means that all British Airways' customers who used the airline's website or mobile application to make bookings between August 21 and September 5 were affected by the cybercrime and are at risk of losing their money. It was hardly reassuring that during the hacker attack there was no passengers' passport and travel information stolen as hackers have successfully gained free access to the personal and financial data of 380,000 customers. In addition to bank information, the stolen data also included the customers' names, addresses, and email addresses.
Hackers managed to steal $60 million (6.7 billion yen) worth of cryptocurrencies from a Japanese Zaif crypto exchange. The company acknowledged that a Zaif`s server was under the hackers control for two hours. A significant amount of cryptocurrencies was unauthorizedly transferred by the so-called "hot wallet," a place where such exchange platforms store the cryptocurrencies they operate. Bitcoin and Monacoin cryptocurrencies have been stolen – $20 million (2.2 billion yen) of the sum were a property of the company itself, but the rest of the funds belonged to customers.
Probably the case which got most attention during the past year is Facebook’s incredible data breach that affected at least 50 million accounts. It was found that the attackers have exploited a vulnerability in Facebook’s code that impacted the “View As” feature which lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. The access tokens of the almost 50 million affected accounts were reset. Further 40 million accounts that have been subject to a “View As” look-up in the last year were in also reset as precaution.
Data leak was made possible due to a bug, pretty similar to Facebook’s one which caused the Cambridge Analytica scandal. However, Google preferred to keep this for themselves for a long time. The company announced that it shuts down the consumer version of Google+. Google said that “the Profiles of up to 500,000 Google+ accounts were potentially affected” and “up to 438 applications may have used this API”. As a result, three US senators sent an official letter to Google CEO Sundar Pichai, requesting details and documentation around the security bug.
Around 200 million people in the U.S. and Israel will be compensated by Yahoo for the cybersecurity breach that led to personal data theft in 2013 and 2014. The company agreed to pay $50 million in damages and provide two years of free credit-monitoring services to its affected users. Similarly to Google’s silence for their bug which eventually led to closing of Google+, Yahoo disclosed the information about the immense cyberattack only in 2016, with a 3-year delay. Around 1 billion user accounts were compromised then. Furthermore, in 2014 Yahoo suffered another security breach which affected at least 500 million users. It was also announced after some time – in 2016.
In October, hackers have managed to penetrate the American HSBC bank's database and accessed the undefined number of clients' data. Among stolen customers' data were account numbers, balances, physical addresses, transaction history, and many other details. Last year, the same bank was attacked with fake security software, and in 2016 a DDOS attack crushed its systems.
Marriott International reported that the personal data of about 500 million of their guests had been stolen during the penetration of its Starwood guest reservation database. With this disclosure, the case is one of the biggest breaches in the consumers’ data security globally. The investigation revealed that someone had unauthorized access from 2014 onwards! The hacker has stolen, copied and encrypted the hotel chain information.
Quora, the popular question-and-answer website, announced in early December that 100 million of its users have become victims of a cybersecurity attack. Adam D’Angelo, Quora’s CEO, wrote in a blog post that as a result of the attack personal data of the affected users has been exposed.