With 2016, just a few days away, let’s have a flashback of the top 15 security incidents that took place this year.
Hacking Team
In June, the hacking team (a security exploit vendor) faced a data breach from an unknown hacker, who leaked their database, internal emails and their source code developed for the spying toolkit on GitHub.
What made this leak so massive for the hackers is that in the leaked data they found zero-day bugs which they used in their own attacks. Most media agencies didn’t realize this and when the hack took place, kept on criticizing the company for selling spying tools to third world governments.
What was even worse is that even after knowing about the hackers trying to exploit zero-day vulnerabilities, Adobe took several days to fix their zero-day flaws in Flash. During that time, most people had already disabled Flash. Even Chrome and firefox disabled flash due to constant reports of users not satisfied with flash.
Comcast:
Comcast Corporation, an American multinational mass media company found its users’ login credentials sold on the dark web. The company confirmed that over 200,000 users were affected from the breach. However, the company failed to catch the culprit behind the breach.
Ashley Madison
Back in July, hackers breached the security of the online dating portal “Ashley Madison”. The hackers were able to leak data from the site including site’s database, internal emails and source code in relation to some of their internal apps.
Once the data on the site was published online by the hackers, it had severe consequence; even some of the site’s users tried to commit suicide due to the threats from crooks for having extra-marital relationships.
The site in late summer received another breach in which passwords belonging to 11 million accounts were cracked by a group of hackers.
VTech
VTech is a Chinese company which builds and develops learning toys faced a data breach that leaked private information of 4.8 million parents and 200,000 children. Those numbers increased later on to 6.7 million.
This was a massive breach because it involved personal details of so many children which can be used by hackers later for hiding their identities.
Hello Kitty
Just like VTech, the Hello Kitty toy manufacturer also faced a massive data breach in which personal information of 3.3 million customers was leaked. The company was unaware of the breach until a security researcher brought the issue the attention of related authorities.
OPM
OPM (Office of Personnel Management) manages records for all government employees including military personnel in the US.
The data breach of OPM took place in March but came to light in June and investigations showed an increase of 4 million breached records to what initial investigations suggested was18 million. Later in July, it further grew to 21 million records. On top of that, investigators found 5.6 million employees’ fingerprints stolen from the database.
U.S. accused China of these hacks and Chinese officials accepted the responsibility but said it was another group of hackers that is not associated with the government; Chinese government arrested the hacking group in September as part of their upcoming China-US spying pact.
Juniper
Juniper is the latest in the list of security breaches; it was found that Juniper’s NetScreen firewall equipment running ScreenOS operating system had hidden backdoor.
Furthermore, the investigation revealed “unauthorized code” programmed inside the ScreenOS code, this was, in reality, a backdoor that allowed the hackers access the devices and even decrypt the VPN traffic.
The source of the backdoor is still unknown but some blame China and some NSA. Maybe next year we will have better evidence on who the culprit was.
Gemalto
This was basically an attempt to hack cryptographic key that was assigned to over 400 mobile and wireless carriers in over 85 countries.
Gemalto, a Dutch maker of SIM cards revealed these attacks and told if these keys would have got to NSA or Britain’s GCHQ all the encrypted communications on the internet and mobile phones might have been decrypted.
LastPass
LastPass is one of the most used password managing portals that faced data breach in June when unknown hackers managed to steal some email addresses and encrypted passwords and hints for these passwords.
Though, all the passwords were hashed and sorted which would have allowed for most of the passwords to have been changed.
This hack was significant because this was the first time a hacking group has attacked password management service and again sheds light on the fact that nothing is safe online.
T-Mobile via Experian
This was an unusual hack because the company itself (in this case T-mobile) didn’t have a data breach rather Experian (a credit reporting company) had a data breach which leaked T-mobile’s consumers’ data.
Experian had the data for checking credit position of people requesting credit for buying devices from T-mobile’s shops. According to the reports, over 15 million records were leaked from Experian containing sensitive details in relation to the customers.
TalkTalk
TalkTalk faced the data breach not once, not twice but thrice in the year starting from February when the company lost 4 million user data, then on October 4 million and another 2.4 million in August when company’s subsidiary, Carphone Warehouse, faced a data breach.
In total the company faced a total of 10.4 million user records breach and if the company does not fire its CSO for such a massive data leak then users should find another ISP.
CIA Director John Brennan
This is one of the high-profile and amazing hacks of the year because three teenagers calling themselves CWA (Crackas With Attitude) hacked personal email address of the CIA director John Brennan with simple social engineering techniques.
With that, the hacking group hacked FBI Deputy Director Mark Giuliano’s and his wife’s email accounts. They even got access to JABS (Joint Automated Booking System), an application for managing all the arrest of U.S. citizens.
So far the teenage hacking group has kept law enforcement agencies at bay and it would be interesting to see if the agencies can get at them next year!
MacKeeper:
MacKeeper, a utility software suite for Mac OS X faced a data breach which has exposed details in relation to its 13 million customers. The company was unaware of the breach until a whitehat hacker brought the issue was brought to the attention of related authorities.
Japan Pension Service Hack
In May, Japan’s national pension system was hacked due to which personal data of 1.25million people got leaked. The scandal exposed the nation’s botched handling of the pension records of its citizens. According to funds’ officials, the hack leaked pension IDs. Names, birth dates and addresses of people by gaining illegal access to personal computers of their workers.
World Trade Organization:
The only hacktivist Anonymous conducted a massive cyber attack on the official website of World Trade Organization and leaked personal data of about 53,000 users by exploiting a simple SQL vulnerability.
Now that 2015 is almost over one can only hope for a better 2016 when it comes to online or offline security. Stay safe and stay tuned for more exclusive work from HackRead.