A data breach or data leak is the release of sensitive, confidential or protected data to an untrusted environment. Data breaches can occur as a result of a hacker attack, an inside job by individuals currently or previously employed by an organization, or unintentional loss or exposure of data.
Data breaches can involve information leakage, also known as exfiltration—unauthorized copying or transmission of data, without affecting the source data. In other cases, breaches incur complete loss of data—as in ransomware attacks, which involve hackers encrypting data to deny access by the data owner.
In other words, in a data breach, hackers or employees release or leak sensitive data. As a result, the data might be lost, or used by perpetrators for various malicious purposes.
TOP DATA BREACH
1. CAM4 Data Breach
Date: March 2020
Impact: 10.88 billion records.
Adult video streaming website CAM4 has had its Elasticsearch server breached exposing over 10 billion records.
The breached records included the following sensitive information:
Full names
Email addresses
Sexual orientation
Chat transcripts
Email correspondence transcripts
Password hashes
IP addresses
Payment logs
Many of the exposed email addresses are linked to cloud storage services. If hackers were to launch successful phishing attacks on these users, they could gain deeper access to personal photos and business information.
Due to the licentious connection of the breached database, compromised users could fall victim to blackmail and defamation attempts for many years to come.
2. Yahoo Data Breach (2017)
Date: October 2017
Impact: 3 billion accounts
Yahoo disclosed that a breach in August 2013 by a group of hackers had compromised 1 billion accounts. In this instance, security questions and answers were also compromised, increasing the risk of identity theft. The breach was first reported by Yahoo while in negotiations to sell itself to Verizon, on December 14, 2016. Yahoo forced all affected users to change passwords and to reenter any unencrypted security questions and answers to re-encrypt them.
However, by October of 2017, Yahoo changed the estimate to 3 billion user accounts. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.
3. Aadhaar Data Breach
Date: March 2018
Impact: 1.1 billion people
In March of 2018, it became public that the personal information of more than a billion Indian citizens stored in the world’s largest biometric database could be bought online.
This massive data breach was the result of a data leak on a system run by a state-owned utility company. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details.
The type of information exposed included the photographs, thumbprints, retina scans and other identifying details of nearly every Indian citizen.
4 .LinkedIn Data Breach (2021)
Date: June 2021
Impact: 700 million users
Data associated with 700 million LinkedIn users was posted for sale in a Dark Web forum on June 2021. This exposure impacted 92% of the total LinkedIn user base of 756 million users.
The data was dumped in two waves, initially exposing 500 million users, and then a second dump where the hacker "God User" boasted that they were selling a database of 700 million LinkedIn
The hackers published a sample containing 1 million records to confirm the legitimacy of the breach. The data included the following:
Email addresses
Full names
Phone numbers
Geolocation records
LinkedIn username and profile URLs
Personal and professional experience
Genders
Other social media accounts and details
The hacker scraped the data by exploiting LinkedIn's API.
LinkedIn claims that, because personal information was not compromised, this event was not a 'data breach but, rather, just a violation of their terms of service through prohibited data scraping.
Targeted Cyber Attacks
Targeted data breaches carried out by cybercriminals and hackers continue to increase despite the implementation of measures to counter them. Their ultimate goal is to steal personal identification information and compromise identities for financial gain by selling information on the dark web. The following are the main ways in which targeted attacks can happen:
Weak passwords: It is easy to detect weak passwords to gain access to important sensitive information. They are commonly simple passwords that contain whole words that are common or known personal information, such as date of birth or that of a close relative. People generally want simple passwords that are easy to remember, and hackers know that and exploit them.
System vulnerabilities: Obsolete firewalls and out-of-date software create vulnerabilities in the system, which open up opportunities for hackers to sneak malware into the system to steal data.
Malware attack: Targeted malware attacks make use of spam and phishing emails to mislead users to reveal their network credentials. Users can be forced to download attachments with malware or redirected to a malicious website through spam. Malware exploits weaknesses in hardware and software security. Spyware is a type of malware used to steal data while remaining undetected.
Drive-by download: Involves misleading users to unintentionally download malware by visiting compromised websites. It happens through exploiting out-of-date browsers, applications, and operating systems.
Phishing: Attacks are aimed at deceiving users to hand over credentials or data by pretending to be bona fide people or organizations.
Brute force attacks: Software tools used by hackers to guess user passwords. It can take time to guess it correctly depending on the password strength, but with higher processing speeds and malware infections, the process can be speeded up.
Data Breach Prevention
It is said that the security of a network is only as strong as its weakest link. Hence, it is crucial that individuals and organizations put in place inclusive preventative measures to close all potential system vulnerabilities from IT systems to end-users. Methods to prevent and minimize data breach impact include:
Regularly patching and updating software
Conducting regular vulnerability and penetration testing
Encryption of sensitive data on the local onsite network, as well as third-party cloud services. This ensures that even in the event of network penetration, threat actors will not be able to decrypt or access the actual data.
Use of strong antivirus protection, which should be regularly updated.
Enforcing strong credentials and multi-factor authentication.
Ensuring all devices use business-grade VPN services.
Formulation and circulation of data security policy for all employees
Continuous education and refresher training of staff on cybersecurity best practices, as well as the promotion of data security policy
Establishing Principle of Least Privilege (POLP) where employees are given the least possible permission and rights to undertake their work.
Formulating an Incident Response Plan (IRP) to be implemented in the event of a data breach incident. The IRP contains processes to be followed from identification, controlling, and quantifying a security incident.
Comments