2018 was an alarming year signaling the need for data security after various data was exposed through cyberattacks. Billions of people’s personal data was breached in 2018, and surprisingly 765 million people were affected in April, May, and June alone.
It is believed that tens of millions of dollars were lost as per the reports of global digital security firm Positive Technologies.
The personal data of half a billion customers of the Marriott hotel groups’ Starwood Properties was exposed, including those who stayed at the St Regis, Westin, Sheraton, Aloft, Le Meridien, Four Points, and W Hotel brands, and is considered the biggest breach of the year.
The Marriott corporation said hackers broke into the booking system to access the data of customers over the last 4 years, which includes name, contact details, passport numbers, and much more.
Another well-known breach happened to be at Twitter, when a software bug exposed passwords and affected 330 million users. Twitter quoted that something went wrong with their password hashing system and caused the password encryption problem.
Twitter also suggested users change their passwords while the problem was fixed.
MyFitnessPal, a food and nutrition app, was also caught up in the wave of data breaches, which leaked 150 million users’ data. While personal information was exposed and accessed by the hackers, credit card information wasn’t compromised, as it was stored separately.
Under Armour, who owns the MyFitnessPal app, is investigating the attack with data security firms and implementing preventive measures to avoid other break-ins.
Quora, an infamous Q&A platform, was also hacked. The Quora representatives noticed that a ‘third party’ accessed sensitive information, which seems to be malicious. 100 million users were affected, and attacks are still under investigation.
One of the biggest breaches in 2018 was none other than Facebook, leading to a data breach of 147 million accounts.
There was much controversy when the first breach in a series of three breaches came into light, and it emerged that Cambridge Analytica was granted permission to use over 50 million Facebook profiles for their research purposes.
Again, in September, Facebook saw the security of 90 million users jeopardized when a bug was used to access users’ tokens. Hackers managed to steal personal information included on the users’ profile.
In December, a third data breach occurred when it came to light that numerous third-party apps had authorization to access the photos of seven million users. It is not known if there was any misuse of the photos, but the incident definitely revealed the lack of cybersecurity at Facebook.
The event ticketing website Ticket Fly was also a victim of a data breach when a hacker who calls himself IsHaKdZ stole the data of 27 million accounts. The hacker asked for a ransom of one bitcoin, which the company refused, and currently, the website is running well.
Google+ was exposed to a data breach when third-party developers got access to 500,000 accounts. The bug seemed to exist for 3 years, and revealed information such as names, birth dates, gender, photos, and places where they lived.
British Airways suffered a data breach when 380,000 transactions were compromised, allowing hackers to access customers’ names, addresses, emails, and payment details. Luckily, passport and travel details were not revealed.
The hackers found a loophole in the BA (British Airways) booking website and inserted their malicious code to send the customers’ data to their own server.
In 2018, many large firms got caught up in this wave of data breaches and were forced to take significant precautions to tackle their cybersecurity vulnerabilities. Regardless, customers still find it difficult to trust companies, large or small, with their data.
One solution to this is to take excessive precaution.
Users should implement widely recommended security measures to keep their data secure and less prone to errors, by using techniques such as strong passwords, updating the software, carefully using their credit card, among others.
And enterprises should implement layers of security, including multifactor authentication, identity access management, privileged access management, physical security of their infrastructure, and comprehensive software-based security for all networks, applications, clouds, databases, and endpoints like mobile phones, computers, servers, Point-of-Sale systems, kiosks, and more.
We’ll continue to track major breaches in 2019. With stronger measures in place, let’s make 2019 a record year of a different sort – one where incidents are thwarted and violations of consumer privacy and businesses goes down, instead of up.
Author: Evgin Duyarli
Elevating Privileged Access Management with Kron PAM and Microsoft Entra ID Integration
May 23, 2024
Enhancing Security with Kron PAM's Multitenancy: A Game-Changer for Large Organizations
Jun 10, 2024