Top 5 Data Breaches In Recent Times
BY GOBIND PREET SINGH
1. Marriotts Credential-Based Breach
On March 31, 2020, Marriott posted an announcement that "an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property." That "unexpected amount" turned out to be the data of 5.2 million guests.
This news is particularly unfortunate for Marriott since it's only been two years since it discovered another massive breach, stemming from its acquisition of Starwood Hotels.
2. Slickwraps and the Case of the "White Hat" Hacker
Slickwraps, a company that lets users design custom skins for their electronics, was embroiled in a data breach story The Verge called "comically bad." The breach started when someone claimed to be a "white hat" hacker who tried to alert the company about its "abysmal cybersecurity."
Unfortunately, Slickwraps ignored them, so the hacker published a now-deleted Medium post about the experience. A second hacker read this post and exploited Slickwraps' vulnerability, hacking the company. In a particularly egregious touch, the hacker then emailed all the customers to notify them that their data had been compromised.
3. Antheus Tecnologia Biometric Data Breach
In March 2020, SafetyDetectives -a pro bono team of security researchers- revealed a breach in the data of Antheus Tecnologia, a Brazilian biometric solutions company. The company had left sensitive information, including data on 76,000 fingerprints, exposed on an unsecured server.
The server didn't store direct scans of fingerprints, but binary code that hackers could use to recreate them, with potentially disastrous consequences.
4. LiveJournal Data Breach
Back in the early days of blogging, millions of people took to LiveJournal to air their secrets, form communities, and write reams of fanfic. In May, many of those users had an unpleasant shock when Bleeping Computer reported that hackers were passing around a database containing 26 million login credentials.
The most damning part of this story is that rumors about this leak had been circulating since 2014. LiveJournal has still not publicly acknowledged the breach. That left users vulnerable, and Threatpost reports that hackers have been using the information for both credential stuffing and targeted email-based extortion.
5. Wishbone Data Breach
Wishbone is a popular social app, especially
among young teens. In May, cybersecurity researchers discovered that hackers
were selling a database with over 40 million user records on the dark web. This
incident is particularly troubling given the young age of many of Wishbone's
users and the apparent lack of appropriate safeguards for their data.