They say that it’s better to learn from the mistakes of others than your own. The advice that’s given to many, but mostly disregarded ‘til something irrevocable happens. As a rule – most people think that their personal data is of no interest to others. The same can be said about the businesses around the world – although, most are keeping up with their security diligently, mistakes, and mishaps happen. So in this week’s blog, we’re taking a walk through history reviewing the biggest data breaches of this century, how they happened and what to do to avoid the same fate happening to you.
It came as no “woo-hoo” for Yahoo
What happened. So you may have heard of Yahoo – in its prime days the company was considered a leading email services provider worldwide. That is until Gmail came into the picture. However, what you may or may not know is that in 2013 Yahoo experienced a gigantic data breach resulting in the exposure of 3 billion user accounts. And although it happened in 2013, information about the breach was disclosed only in 2016, resulting in substantial losses for the company.
How it happened. Basically, the hack began with a singular employee from Yahoo’s corporate office. The said person received a spear-phishing email with a link that once clicked downloaded malware on the network. Then the Russian hacker Belan created a backdoor on the server and gained control over their account management tools. Afterward, all he did was make a copy of Yahoo’s user database, and voilà – one of the biggest hacks in history came to fruition.
How to avoid it. Not to open suspicious emails or click on their links even if they appear to be sent from a trusted source. That goes for the private users out there. As for companies, they should invest in risk training of their employees, to make sure that they are conscious of actions in the office setting or while working from home.
Sina Weibo – Chinese Twitter story
What happened. Just last March Sina Weibo – the Chinese micro-blogging equivalent of Twitter, announced the exposure of 538 million accounts when they appeared on the dark web. The breached records included the real names, site usernames, gender, location of the website’s users. Weibo acknowledged the breach and according to them the hacking itself happened in late 2018. However, the manner of how this data was obtained remains up for debate.
How it happened. The official version of the company is that it happened during a dictionary attack when the hacker tried to match contact information with the site’s address book API. They also reported their engineers noticing users uploading large batches of contacts, however, the jury’s still out on this one, as Chinese security experts detected technical irregularities with the company’s claims. A definite conclusion hasn’t been reached yet, and the official version remains the same.
How to avoid it. A dictionary attack happens when a hacker attempts to match the data, e.g. passwords, with a predefined list of data (a list of possible passwords). There are a few ways how to cyberproof a website from this type of malicious activity:
- Slow down repeated logins;
- force captchas after multiple failed logins;
- lock the accounts after multiple failed logins;
- ask to refresh passwords regularly;
- monitor for suspicious activity.
How a merge failed Marriott International
What happened. In 2018 Marriott International announced the breach that resulted in the theft of approximately 500 million customers’ personal data. It was reported that the incident happened on systems supporting Starwood hotels, acquired by Marriott back in 2016. The hacked information included contact information, passport number, Starwood Preferred Guest numbers, travel details, and more. It’s believed that around 100 million customers had their credit card info exposed. Marriott officials claimed that they were doubtful whether attackers had been able to decrypt the information.
How it happened. After the acquisition of the Starwood hotels, Marriott failed to migrate their newly purchased hotels to their reservation system and kept on using their IT infrastructure. It’s believed that their system has been compromised back in 2014. After the attack investigators began scouring for weak points and discovered a Remote Access Trojan as well as a specific tool used for compromising username and password combos.
How to avoid it. A trojan is a malicious software that runs on your computer once installed. What’s specific about trojans is that they need permission to run on your computer. So the lesson to learn here is to not download suspicious files or software at home or in the workplace.