Historical hacks come back to haunt, and recent breaches bite our behinds. The most threatening aspects of 2015 were the online privacy and security breach issues. If you think last year’s 3 billion data-breaching records were terrible, this year has been its fair share of headaches.
From hacks, ransoms, attacks, and even extortion attempts, we are not done with this year yet, and already we’ve witnessed millions of records have stolen, and a wealth of classified hacking tools has leaked.
In 2016, reported data breaches increased by 40%. Yahoo declared the most massive data breach in history last year, affecting more than one billion accounts. What will 2017 hold? We were hoping for the best, but we have seen that 2017 data breaching nightmares get even more severe and fearful.
Although the attention of the mainstream media remained on Sony Pictures and Apple, other less reported incidents revealed several loopholes in the traditional security measures used by some larger corporate players. This roundup will list all the data hacks of 2017.
There‘s a lot to take in, let’s have a look at some of the biggest and dangerous leaks and hacks of the year so far. All the statistics are being taken from IdentityForce.
Xbox 360 ISO and PSP ISO
On February 1, 2017, Troy Hunt, a security expert on the website Have I Been Pwned? Uncovered that XBOX 360 and PSP ISO had been hacked in September 2015. Reportedly both forums and the sites, which host illegal video game download files and store sensitive user information were taken. According to the IdentityForce, 1.3 million of PSP ISO and 1.2 million Xbox 360 email addresses, IP addresses, usernames, and passwords were stolen during the breach. The responsible suspect is still unknown, but users are encouraged to change their login credentials immediately.
UNC Health Care
In March 2017, 1300 letters were received by the prenatal patients in the University of North Carolina Health Care System, informing them about their data-breach. UNC Health Care informed that data being recorded by the women in the pregnancy home risk screening forms at prenatal appointments in all the UNC women and maternal platforms between 2014 to 2017, may have mistakenly had their information transmitted to county health departments. All the personal and medical-related data have breached during actions; it was requested that the county health department should protect all the share information to follow the state privacy laws.
America’s JobLink, a web-based system that links job employers and job seekers, revealed that on March 21, 2017, their system has breached-out by a hacker, who exploited a misconfiguration in the application code. The personal data of 4.8 million job-seekers residing in Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont, has been accessed illegally. The code configuration has eliminated in March 2017, so anyone had an account before March may have affected and compromised their data.
On May 3, 2017, Gmail users became the victim of a sophisticated phishing scam, which gained access to 1 million accounts within one hour through a third party app. The emails were developed in a way that looks like other trusted emails, informing users that they wanted to share a Google doc with them. Upon clicking the link, user reached to the Google’s real security page and prompted users to manage their email accounts. Google stopped the scam within one hour.
In May 2017, electronic signature provider DocuSign were targeted by malware phishing attacks, in which hackers breached one of the systems and access the email addresses of the customers and users. Hackers used the email addresses to practice malicious email campaign with the DocuSign-branded messages and ask users to click and download a Microsoft Word document that has malware in it. DocuSign instructs their users to access records directly from the company website and not by email links.
One more security-breaching nightmare took place in May 2017 with a cloud-based company; OneLogin is operating to manage users’ multiple-site logins and apps, based in San Francisco. OneLogin is serving 2000 firms in 44 countries by providing single sign-on and identity management, over 300 app vendors and more than 70 software-as-a-service providers. A cyber abuser used a set of AWS keys to access the AWS API from an intermediate host with another; smaller service in the US. The attack lasted for 7 hours and the customer data compromised including decrypting encrypted data. The investigation is under process, and the limit of the breached content is still unknown.
The data 14 million Verizon subscribers are at stake, and you are the victim if you have contacted Verizon customer service in the past six months. Personal data of Verizon callers have recorded by the server controlled by Israel-based systems, discovered by the UpGaurd security officer. He informed Verizon in late June, and the company secured the breached data within a week. Log file of all those who contacted Verizon customer care was obtained in the cyber attack.
In October 2017, a blog comment hosting service revealed that the company was being hacked five years ago. Have I Been Pwned? Reached the company with exposed user information and inquired the company about the hacking. Disqus verified the authenticity and the data found was from their 2012 user database. The company had no idea about being a victim of a data breach in 2012, including the customer’s data being recorded since 2007. One-third of the affecters were public while rests were Disqus users. Disqus reset passwords for all the users.
October 9, 2017: it was reported in December 2016 that more than 1 billion Yahoo accounts might have breached out in 2013, the recent development of the same story confirmed the suspects’ figures. Four months after Verizon acquired Yahoo’s core internet access, revealed that all the 3 million Yahoo accounts were impacted by that breach, including Tumbler, fantasy, and Flickr – were stolen. The suspect is still unknown after the extensive investigation.
Data breaching is one of the common practices of the hackers in the digital world. Changing user habits can hack the hackers away from the user and their intimate habits. Anyone can be a victim of cybercrime anytime anywhere, so don’t let hackers choose as their next target and play safe. The easy way out is using a fastest VPN service and antiviruses to protect you and your digital existence. VPN is the most intelligent -savvy step to be taken to reduce the vulnerability of virtual world.
“Your privacy is YOU, don’t risk to be a virtual Goon”