The Biggest Data Breaches of 2018 Part 2

As 2018 draws to a close we look back at just a few of the biggest data breaches of the year. Here’s part 2 that covers the last six months of the year.

The second half of the year has had no shortage of data breaches and unfortunately, it looks like the trend in the number of breaches looks set to continue to rise in 2019.

Until every organisation and individual starts to take their cybersecurity seriously by doing at least the basics the number of successful attacks will continue. If you missed part 1 you can view it here.

July – Timehop Trouble

There was no let-up in the second half of the year with new cyber-attacks being reported on a daily basis and social media services were once again the source of some huge breaches.

Timehop

Social media app Timehop reported a data breach where a hacker managed to steal the details of all 21 million of the app’s users. The unknown attackers managed to break into its Cloud Computing Environment and accessed user data including, email addresses, names, and 4.7 million phone numbers. As well as all that, the attackers also managed to pinch authorisation tokens provided to Timehop by other social media sites such as Facebook. With these tokens, the hackers could view posts on these social media sites without the user's permission. - https://techcrunch.com/2018/07/09/timehop-discloses-july-4-data-breach-affecting-21-million/

August – Airways woes

British Airways

British Airways suffered a breach of around 380,000 booking transactions made between August 21 and September 5. Customer names, email addresses, addresses and sensitive payment card details were all exposed. A Russian linked hacker group attributed to the hack were reportedly selling credit card details between £7 and £39 each. - https://www.theregister.co.uk/2018/09/11/british_airways_website_scripts/

September – Bad news for Facebook

Facebook (Again)

Facebook again made the headlines for all the wrong reasons when it was revealed that hackers had exposed the details of 50 million of its users. The hackers exploited a feature in the social media sites code to gain access to user accounts that could have allowed them to take control of them. The breach was the largest in Facebook’s 14-year history. - http://uk.businessinsider.com/bank-accounts-could-be-compromised-becuse-facebook-hack-2018-10

October – Another Airline, Another Social Network

Cathay Pacific airlines 

Hong Kong based airline Cathay Pacific revealed that it had suffered a major breach which saw hackers steal the data of 9.4 million of its customers.            The incident occurred in March and the attack lasted several months but was only revealed to the public in October. As a result of the breach the airline is facing hefty fines from various authorities. - https://www.theregister.co.uk/2018/10/25/cathay_pacific_hacked_up_to_94_million_passenger_deets_exposed/

Google+

It was Google’s turn to suffer a breach, this time to its Google+ social network. The account details of 500,000 users were exposed to external developers due to a bug. The breach prompted Google to announce that it will be shutting down the ill-fated social network for consumers. The bug was reportedly discovered and fixed in March but was not made public until October. According to the Wall Street Journal, the delay was due to Google not wanting to encourage more regulatory scrutiny and to limit reputational damage. - https://www.theguardian.com/technology/2018/oct/08/google-plus-security-breach-wall-street-journal

November – Post, Footy and Hotels

United States Postal Service (USPS)

The data of up to 60 million customers of USPS were exposed due to a vulnerability on the organisations website that made account details visible. The vulnerability could have allowed a malicious actor to have pulled off email addresses, usernames, user IDs, account numbers, street addresses, phone numbers, authorized users and mailing campaign data. - https://krebsonsecurity.com/2018/11/usps-site-exposed-data-on-60-million-users/

FIFA

World footballs governing body revealed that it had suffered another hack back in March and that it expected sensitive internal documents to be leaked to the press. A phishing campaign was the suspected cause of the attack. - https://www.cbronline.com/news/fifa-hack

Marriot Hotel Group

Unknown attackers compromised a guest reservation database containing the details of 500 million customers. Payment details were included in the breach. Marriott said it was alerted by an internal security tool that somebody was attempting to access the Starwood database. After investigating, it discovered that an "unauthorised party had copied and encrypted information”. - https://www.itv.com/news/2018-11-30/marriott-breach-may-have-exposed-500m-guests-details/

December – Data exposed

Sky Brasil

A researcher discovered that Sky Brasil exposed the data of 32 million of its customers. The data was exposed after the company failed to secure a server with a password. The leaked data included; full names, email addresses, passwords, client IP addresses, personal addresses and payment methods. The breach is thought to have taken place earlier in the year as the researcher discovered the server being indexed on Shodan but was only made public December 3rd. - https://www.scmagazine.com/home/security-news/sky-brasil-one-of-the-biggest-subscription-television-services-in-brazil-is-the-latest-elasticsearch-server-user-to-leave-its-customers-exposed-after-not-securing-the-server-with-a-password/

Quora

Another big-name tech firm suffered a major breach at the start of the month.  The data of 100 million of the site’s users may have been. The data affected included names, encrypted passwords and email addresses. - http://ww2.cfo.com/data-security/2018/12/quora-discloses-data-breach/

As the year’s not yet over there could be a few more breaches announced in the run up to New Year.