2018: A Cyberyear Review

2018 was definitely an eventful year for Security and Data Breaches.
Here we look back at some of the more notable stories from the past 12 months.

Meltdown & Spectre – The hardware world was rocked at the start of the year by the discovery of a series of major vulnerabilities affecting virtually every Intel processor produced in the last twenty years, as well as AMD and ARM chips. The flaws allow for data exfiltration and snooping, making them a particular concern for businesses. It’s currently unknown whether or not Meltdown and Spectre are being exploited in the wild to target victims, but the widespread impact of the issues make it likely that it will play an ongoing role in future breaches as unpatched systems inevitably fall victim to Meltdown and Spectre-based exploits.

Google Plus unceremoniously axed – Google Plus, the company’s oft-derided rival to the likes of Twitter and Facebook, met an early (although arguably not untimely) demise towards the end of the year, after Google discovered a massive data leak in the service’s APIs that affected the personal data of up to 500,000 users.To add insult to injury, a second security flaw was discovered earlier this month – this time affecting more than 52 million users and forcing Google to shutter the platform four months earlier than it had originally intended to. An ignominious end for one of Google’s least successful projects.

Marriott’s unexpected Chinese visitors – The Marriott hotel chain found itself with some unexpected guests this year, after it discovered that hackers had been squatting on its network for at least four years. To be specific, it was the hotels in Marriott’s Starwood Group which were affected, including prestigious chains like the Sheraton, Westin and W Hotels. Hackers may have accessed the information of up to 500 million guests, including passport numbers, phone numbers and email addresses. According to investigators, the hack may have even been part of a Chinese espionage operation.

British Airways flies into trouble – Towards the end of this year, British Airways announced two separate hacks on their systems, resulting in a total of 565,000 customers having their data stolen, including payment data and personal information. Given the sensitive nature of the data handled by airlines, this breach was a particularly egregious one. It was made all the more egregious by the possibility that BA itself may have inadvertently introduced the vulnerability that led to the hack. As Barry Collins revealed, BA’s rush to address the complaints about its data gathering raised by security researcher Mustafa Al-Bassam may have accidentally led them to introduce a flawed script.

Equifax pays the piper – It’s remarkable how quickly we all seem to have forgotten about Equifax, the company that let the personal data of 146 million users across the globe get stolen out from under its nose. Although US citizens were the worst affected, brits also fell victim to the breach, with some 15 million UK users affected. Although the breach was disclosed last year, the company has only started to feel the full ramifications of its failing relatively recently. It was slapped with a top-level £500,000 fine by the ICO, and the US government pointed the finger of blame squarely at ex-CEO Richard Smith, claiming it was his aggressive expansion strategy that led to the breach in the first place.

Apple’s blunder down under – It’s one thing to get hacked, but getting hacked by a bored Aussie teenager is something else entirely. That’s the fate that befell Apple, after a Melbourne private schoolboy exfiltrated 90GB of secret data from the company’s servers. A rather embarrassing gaffe for a company that prides itself on the security of its products. This breach feels comfortably nostalgic, harking back to the teenage hackers of the 90s, rather than the Russian gangsters and state-funded cybercriminals that we’re more familiar with today. The young hacker told courts that he hacked the company because he’s such a big fan, and he stored all his custom-built intrusion tools in a folder labelled ‘hacky hack hack‘. That’s faintly charming somehow.

Reddit? Hackedit. – Social media platform Reddit is no stranger to controversy, and it made headlines yet again this year after announcing that an attack on its SMS-based two-factor authentication system (which the company admitted was “not nearly as secure as we would hope”) led to hackers making off with a huge cache of data from between 2005 and 2007. The attackers gained access to – among other things – current email addresses, old salted and hashed passwords and internal Reddit data such as config files, logs, source code and more. A relatively minor breach as far as the impact on users goes, it was another setback for an embattled company that has weathered more than its share of storms.

Dixons Carphone phones in its security – Dixons Carphone has had a rough year. The parent company behind Carphone Warehouse and Currys PC World has recently announced a £440 million loss, and back in June the company announced that it had been the victim of a breach which saw 10 million customers’ records stolen. Dixons Carphone should be bracing itself for another fine from the ICO at some point in the future; it was hit with a £400,000 fine in January this year for a breach that occured in 2015. That breach only affected three million people, though, and occured before the advent of GDPR. The fine for this year’s incident could well be significantly higher.

Government’s counter-terror Trello leak. – It’s commonly said that the only things that are certain in life are death and taxes, but there’s a strong argument for adding ‘government IT blunders’ to that list. In one of the most embarrassing screw-ups of the year, the government accidentally leaked sensitive information via project management tool Trello. In yet another case of a lack of authentication coming back to bite a forgetful admin, a Trello board including anti-terror tools, contact details for top civil servants and guides for accessing government buildings was left publicly accessible via Google search. An even more concerning detail is that this information may have been accessible for up to four years.

Zuckerberg gets egg on his Facebook – Between the Cambridge Analytica scandal, Russian information warfare and a series of painfully awkward congressional hearings, Facebook has finally started attracting the attention of lawmakers, and not in a good way. It seems the company has a slight problem with preventing exploitation of its platform, which was highlighted by the theft of 30 million users’ access tokens a few months ago. These tokens allowed attackers to access a range of personal information from victims’ Facebook profiles, including contact details and, in some cases, location information and search history. Three million EU users were affected in the breach, so it’s a virtual certainty that the company will have a rather hefty GDPR fine to deal with at some point.

Comment (46)

  • social signals service| 2nd April 2023

    social signals service

    pycthxrxd qmqva gpldxhk cpqj nfkvjmjolrwejbt

  • Penhaligon's Perfume| 3rd April 2023

    … [Trackback]

    […] Read More on on that Topic: ianoffers.com/2018-a-cyberyear-review/ […]

  • how to get cialis prescription| 3rd January 2024

    how to get cialis prescription

    how to get cialis prescription

  • where to buy cialis online| 5th January 2024

    where to buy cialis online

    where to buy cialis online

  • online pharmacy uk propecia| 8th January 2024

    online pharmacy uk propecia

    online pharmacy uk propecia

  • sildenafil 20 mg online canada| 18th January 2024

    sildenafil 20 mg online canada

    sildenafil 20 mg online canada

  • order cialis| 21st January 2024

    order cialis

    order cialis

  • sulfamethoxazole picture| 22nd January 2024

    sulfamethoxazole picture

    sulfamethoxazole picture

  • gabapentin seponering| 22nd January 2024

    gabapentin seponering

    gabapentin seponering

  • 90 day supply of rybelsus| 24th January 2024

    90 day supply of rybelsus

    90 day supply of rybelsus

  • zoloft heart palpitations| 8th February 2024

    zoloft heart palpitations

    zoloft heart palpitations

  • cat fluoxetine| 10th February 2024

    cat fluoxetine

    cat fluoxetine

  • duloxetine cap 30mg| 13th February 2024

    duloxetine cap 30mg

    duloxetine cap 30mg

  • what antibiotic is azithromycin| 15th February 2024

    what antibiotic is azithromycin

    what antibiotic is azithromycin

  • cephalexin vs cefazolin| 28th February 2024

    cephalexin vs cefazolin

    cephalexin vs cefazolin

  • bactrim vs.cipro| 28th February 2024

    bactrim vs.cipro

    bactrim vs.cipro

  • effexor horrible side effects| 22nd March 2024

    effexor horrible side effects

    effexor horrible side effects

  • flexeril and breastfeeding| 22nd March 2024

    flexeril and breastfeeding

    flexeril and breastfeeding

  • effectiveness of flomax| 22nd March 2024

    effectiveness of flomax

    effectiveness of flomax

  • does buspar cause weight gain| 28th March 2024

    does buspar cause weight gain

    does buspar cause weight gain

  • diclofenac vs celebrex| 29th March 2024

    diclofenac vs celebrex

    diclofenac vs celebrex

  • goli ashwagandha| 29th March 2024

    goli ashwagandha

    goli ashwagandha

  • repaglinide manufacturer in india| 14th April 2024

    repaglinide manufacturer in india

    repaglinide manufacturer in india

  • semaglutide 0.25 mg| 14th April 2024

    semaglutide 0.25 mg

    semaglutide 0.25 mg

  • robaxin 750 mg uses| 14th April 2024

    robaxin 750 mg uses

    robaxin 750 mg uses

  • diltiazem for esophageal spasm| 14th April 2024

    diltiazem for esophageal spasm

    diltiazem for esophageal spasm

  • remeron weight gain reviews| 14th April 2024

    remeron weight gain reviews

    remeron weight gain reviews

  • what is considered a high dose of abilify| 14th April 2024

    what is considered a high dose of abilify

    what is considered a high dose of abilify

  • actos tsr| 14th April 2024

    actos tsr

    actos tsr

  • tab acarbose| 19th April 2024

    tab acarbose

    tab acarbose

  • what is tizanidine compared to| 19th April 2024

    what is tizanidine compared to

    what is tizanidine compared to

  • spironolactone name brand| 19th April 2024

    spironolactone name brand

    spironolactone name brand

  • levitra 20 mg| 13th May 2024

    levitra 20 mg

    levitra 20 mg

  • sildenafil india price| 17th May 2024

    sildenafil india price

    sildenafil india price

  • stromectol ebay| 17th May 2024

    stromectol ebay

    stromectol ebay

  • buy oral ivermectin| 17th May 2024

    buy oral ivermectin

    buy oral ivermectin

  • where to buy teva tadalafil| 18th May 2024

    where to buy teva tadalafil

    where to buy teva tadalafil

  • vardenafil hcl 20mg tab reviews| 18th May 2024

    vardenafil hcl 20mg tab reviews

    vardenafil hcl 20mg tab reviews

  • tamoxifen 20 mg bodybuilding| 26th June 2024

    tamoxifen 20 mg bodybuilding

    tamoxifen 20 mg bodybuilding

  • pregabalin 100 mg| 26th June 2024

    pregabalin 100 mg

    pregabalin 100 mg

  • can dogs have amoxicillin| 27th June 2024

    can dogs have amoxicillin

    can dogs have amoxicillin

  • does keflex make you tired| 27th June 2024

    does keflex make you tired

    does keflex make you tired

  • ampicillin sulbactam oral india| 28th June 2024

    ampicillin sulbactam oral india

    ampicillin sulbactam oral india

  • trazodone 50mg tablets| 29th June 2024

    trazodone 50mg tablets

    trazodone 50mg tablets

  • lisinopril and erectile dysfunction| 29th June 2024

    lisinopril and erectile dysfunction

    lisinopril and erectile dysfunction

  • doxycycline hyclate 50 mg| 30th June 2024

    doxycycline hyclate 50 mg

    doxycycline hyclate 50 mg