So many hacks occur every week that you can barely remember them all. Which is the most recent? How much data was stolen? Are there common underlying trends? Here you’ll find a short recap of the biggest data breaches and hacks in the past six months and the aftermath that often affects your daily digital life without you even knowing it.
This past March, 360 million MySpace passwords (and 427 million LinkedIn IDs) were traded online, representing approximately the population of North America. These two cases turned out to have similarities when the authorities discovered data was stolen years ago, but only came to light at the beginning of the year. These breaches exposed both current and former users of these social networks, and as a solution, MySpace reset the breached passwords. Still, there’s always a risk when people use similar passwords for other websites.
In May, major email providers Gmail, Yahoo! and Microsoft were hacked in Russia. The breach revealed 272 million stolen accounts, a figure equivalent to the population of Indonesia. These user names and passwords may have been traded in the Russian criminal underworld, and the email providers stated that there was no way for consumers to determine if their account was hacked or not. Surprisingly, the hackers only asked for a 50 ruble ransom and some positive comments on social media.
In early February 2016, the central bank of Bangladesh was a victim of anonymous hackers who breached its computer system via the SWIFT network. The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a cooperative organisation based in Brussels, providing secure financial messaging services to more than 9,000 global financial institutions. The total amount of the theft was intended to be $951 million but while some transfers failed, at least $81 million was transferred to accounts in the Philippines where it was likely laundered through casinos.
Hackers stole 65 million passwords (equivalent to the current population of Thailand) from Tumblr’s website during a big data breach in May. The data was from a 2013 data breach, before Tumblr was bought by Yahoo!, and the company refused to disclose the actual number of affected users. The data found were not in plain text as they were transformed thanks to a complex process called “salting and hashing”. The passwords may have circulated on the dark web for years before the breach was found.
In what appears to be the biggest security leak of a governmental organisation in history happened in the Philippines when a database including 55 million registered voters (nearly half of the Philippines’ population) was stolen in April, just before national elections. The breach happened at the Philippines’ Commission on Elections (COMELEC). This data dump gathered a massive amount of sensitive “personally identifiable information” such as passport information and fingerprints, information that users cannot easily change when they are hacked unlike ordinary passwords. This leak could eclipse the 2015 hack of the Office of Personnel Management in the United States which dealt with fingerprints and social security numbers of 20 million U.S. citizens.
Just this past April, 11 million files were stolen from the law firm Mossack Fonseca, mainly related to the legal and financial records of people using offshore companies, in what has been dubbed the “Panama Papers”. To give an idea of the massive size of this breach, the 2014 LuxLeak contained “only” 28,000 sensitive documents and WikilLeaks’ about 750,000 pages and videos of classified documents. This represents one of the biggest data leaks in cybersecurity history, and for now, the identities of the hackers remain unknown. Ironically, the hack appears to some cybersecurity professionals so simple that someone with no average hacking knowledge could have accomplished it. The data breach also revealed that the law firm made basic mistakes in terms of securing and protecting its data.
Another hack targeted a commercial bank (which SWIFT refused to name) and involved the PDF reader solution used by banks to open SWIFT communications. According to the Belgium-based organisation, both attacks had similarities and seemed to be a part of a “wider and highly adaptive campaign targeting banks”. The latest incident happened in May when hackers stole $12 million from a bank in Ecuador, again via the same global banking messaging system.
Unfortunately, there will be more similar hacks in the coming months, thus the importance of continuing to focus on implementing strong data security measures to protect your organization’s sensitive information. Remember that your goal is not necessarily to the be the most secure organization out there but secure enough to dissuade hackers and have them go after lower hanging targets instead.
Digital Security Perfected – APrivacy Ltd. is an award-winning company which combines military-grade data security with a seamless user experience on any platform, any device, anywhere. APrivacy Ltd.’s enabling technology now allows the financial services industry to confidently communicate with clients using their favourite channels leading to increased revenues and reduced costs while meeting the strictest regulatory requirements.