More Than a Billion People Were Affected by Corporate Data Breaches in 2018

blog

2018 was an alarming year signaling the need for data security after various data were exposed through cyber attacks. Billions of people data were breached in 2018, and surprisingly 765 million people were affected in April, May, and June alone.

It is believed that tens of millions of dollars were lost as per the reports of global digital security firm Positive Technologies.

The personal data of half a billion customers of the Marriott hotel groups’ Starwood Properties was exposed including those who stayed at the St Regis, Westin, Sheraton, Aloft, Le Meridien, Four Points, and W Hotel brands, and is considered the biggest breach of the year.

The Marriott corporation said hackers broke into the booking system to access the data of customers over the last 4 years, which includes name, contact details, passport numbers and much more.

Another well-known breach happened to be at Twitter when a software bug exposed password and affected 330 million users. Twitter quoted that something went wrong with their password hashing system and caused the password encryption problem.

Twitter also suggested users change their passwords while the problem was fixed.

MyFitnessPal, a food and nutrition app, was also caught up in the wave of a data breach, which leaked 150 million users’ data. While personal information was exposed and accessed by the hackers, credit card information wasn’t compromised as it was stored separately.

Under Armour who owns the MyFitnessPal app, is investigating the attack with data security firms and implementing preventive measures to avoid other break-ins.

Quora, an infamous Q&A platform was also hacked as the Quora representatives noticed that a ‘third party’ accessed sensitive information which seems to be malicious. 100 million users were affected and attacks are still under investigation.

One of the biggest breaches in 2018 was none other than Facebook, leading to a data breach of 147 million accounts.

There was much controversy when the first breach in the series of three breaches, came into light and emerged that Cambridge Analytica was granted permission to use over 50 million Facebook profiles for their research purposes.

Again, in September, Facebook observed a compromise with the security of 90 million users, when a bug was used to access users’ tokens. Hackers managed to steal personal information included on the users’ profile.

In December, a third data breach occurred when it was known that numerous third-party apps had the authorization to access photos of seven million users. It is not known if there is any misuse of the photos but definitely revealed the lack of cybersecurity at Facebook.

Event ticketing website Ticket Fly was also a victim of a data breach when a hacker who calls himself IsHaKdZ stole the data from 27 million accounts. The hacker asked for a ransom of one bitcoin which the company refused, and currently, the website is running well.

Google+ was exposed to the data breach when third-party developers have access to 500,000 accounts. The bug seemed to exist form 3 years and revealed information such as names, birth dates, gender, photos and places where they lived.

British Airways caught up with the data breach when 380,000 transactions were compromised, letting hackers to access customers’ names, addresses, emails, and payment details. Luckily, passport and travel details were not revealed.

Hackers found a loophole in BA (British Airways) booking website and inserted their malicious code to send the data of the customer to their own server.

In 2018, many large firms got caught up in the wind of data breaches and opened their eye to take significant precautions to tackle the cybersecurity. Customers find it difficult to trust even big companies with their data.

One solution to this is to take excessive precaution.

Users should try implementing the suggested steps to keep their data more secure and less prone to errors, by using techniques such as strong passwords, updating the software, carefully using their credit card and more.

And enterprises should implement layers of security, including multifactor authentication, identity access management, privileged access management, physical security of their infrastructure, and comprehensive software-based security for all networks, applications, clouds, databases and endpoints, whether mobile phones, computers, servers, Point-of-Sale systems, kiosks and more.

We’ll continue to track major breaches in 2019; with stronger measures in place, let’s make 2019 a record year of a different sort – one where incidents are thwarted and violations of consumer privacy and businesses goes down, instead of up.

Author: Evgin Duyarli