2016 saw a rise in historic data breaches being disclosed - the hacks aren't set to stop in 2017
Yahoo, Adult Friend Finder, LinkedIn, Tumblr and Daily Motion all have something in common: in 2016, details of massive hacks perpetrated against the companies were disclosed. The firms represent a handful of the companies and public bodies around the world that suffered at the hands of hackers last year. Data compromised usually included names, emails, and physical addresses, and even personal bank details, ethnicity data, and phone numbers.
And the hacks aren't stopping anytime soon. 2017 has already been dominated by numerous data breaches and the most recent affects the Association of British Travel Agents, commonly known as ABTA.
To keep you in the loop on data breaches this year, WIRED will keep a running tally of successful hacks. The below list will be updated each time a hack is verified and will include historic hacks only just discovered in 2017.
When you're finished with the list, here are the best iOS and Android security apps to help keep your data safe and secure.
Association of British Travel Agents
The abta.com web server for the Association of British Travel Agents (ABTA) was recently hacked by "an external infiltrator" who exposed the details of 43,000 individuals. Around 1,000 of these included files that could include personal identity information of customers of ABTA members uploaded since 11 January 2017, while around 650 may also include personal identity information of ABTA members. As the UK’s largest travel association, ABTA's members include travel agents and tour operators.
The unauthorised access was said to be possible due to a system vulnerability "that the infiltrator exploited" to access some data provided by some customers of ABTA Members and by ABTA Members themselves. On immediate investigation, ABTA said it identified that although ABTA’s own IT systems remained secure, there was a vulnerability to the web server managed for ABTA through a third-party web developer and hosting company.
"This, unfortunately, means some documentation uploaded to the website, as well as some information provided by customers, may have been accessed," ABTA's CEO, Mark Tanzer said. As a precautionary measure, it has taken steps to warn its members and customers of ABTA members who have the potential to be affected. The group has also alerted the relevant authorities, including the Information Commissioner (ICO) and the police.
Cellebrite
In March 2016, Israeli company Cellebrite was linked to the FBI's hacking of San Bernardino terrorist Syed Farook's iPhone 5C.
It's now been revealed that Motherboard was sent 900GB of the firm's data. This includes customer information, internal databases, and technical data on the company's mobile phone hacking products.
The data is said to have been taken from the servers of Cellebrite's website and also includes usernames and passwords to log into the my.cellebrite website.
Esea
On January 8, the E-Sports Entertainment Association League (Esea) published a statement saying it believed that user data recently posted online belonged to the company, even though its authenticity had not yet been confirmed.
"We notified the community on December 30th, 2016 about the possibility this could happen," Esea said. Overall, it is believed 1.5 million user profiles (with names, email addresses and more) were posted online.
The company continued: "We have been working around the clock to further fortify security and will bring our website online shortly when that next round is complete."
Supercell
On January 18 staff at Supercell warned users of their forum should change their passwords following a data breach.
The data grab happened in September 2016 and relates to third-party forum software. Motherboard initially reported the issue and verified the customer data and it is claimed the dataset being sold online has more than one million account details.
"We take any such breaches very seriously and we follow very strict policies when it comes to security," Supercell's statement said. "Please note that this breach only affects our Forum service. Game accounts have not been affected."
Freedom Hosting II
The web host has details on around 20 per cent of all sites on the dark web. In February the firm was hit by a hacker who swiped the company's database of customers.
In total, 74GB of data stored on servers was reportedly taken, with some of this being child pornography. As well as the files, a 2.3GB database of customer information was also taken. 381,000 email addresses were included in the MySQL database. It is said the dataincluded "thousands" of .gov email addresses.
PlayStation and Xbox forums
More than 2.5 million gamers that use the XBOX360 ISO and PlayStation's PSP ISO forums had their account details compromised. The details taken include email addresses, passwords and IP addresses.
The Telegraph reported the data breach happened in 2015 but has only just been found and made public. PSP ISO had 1.3m account details taken and Xbox360 ISO had 1.2m accounts hit.
Cloudflare
Personal messages sent on dating websites, Uber trips, and more were all leaked online after a problem with internet company Cloudfare's software. A bug in the software, which is used by millions of websites, meant that unhashed and plaintext information was being published to the web between September 2016 and February 2017.
While technically not a hack, the passwords and sensitive personal information of customers who use the websites affected were cached by search engines after they were published online. It is not known how much personal data was leaked in the incident that has been dubbed Cloudbleed.
CloudPets
In 2016, more than 727,000 UK children had their information compromised following a cyberattack on VTech. Now, another internet connected range of children's toys has been found to be exposing the personal details of children.
CloudPets, the maker of Internet of Things teddy bears, left more than two million voice recordings from children online without any security protections. Ars Technica reported the company had been contacted about the vulnerability multiple times but had not responded.
While not directly a hack, the information has been able to be accessed by those who may want to misuse it. A MongoDB database of 821,296 account records, stored by a Romanian company, was accessible online.
Wishbone
Wishbone is a social app that allows its users to create polls and get feedback on their ideas. More than two million email addresses and 287,000 mobile phone numbers were stolen from the site, Motherboard has reported.
A group of "unknown hackers" is reported to have taken the emails, phone numbers, names, birthdates and genders from an unprotected database from the Wishbone app. Security researcher Troy Hunt was provided with the data, which had 2,247,314 unique email addresses. Science Inc. the company that owns Wishbone told Motherboard hackers "may have had access to an API without authorisation".
Shared Documents Afreen Resources Sdn Bhd (Malaysia). Additions by: Khanztuto.
Thank you.
0 comments:
Post a Comment