2018 was definitely an eventful year for Security and Data Breaches.
Here we look back at some of the more notable stories from the past 12 months.
Meltdown & Spectre – The hardware world was rocked at the start of the year by the discovery of a series of major vulnerabilities affecting virtually every Intel processor produced in the last twenty years, as well as AMD and ARM chips. The flaws allow for data exfiltration and snooping, making them a particular concern for businesses. It’s currently unknown whether or not Meltdown and Spectre are being exploited in the wild to target victims, but the widespread impact of the issues make it likely that it will play an ongoing role in future breaches as unpatched systems inevitably fall victim to Meltdown and Spectre-based exploits.
Google Plus unceremoniously axed – Google Plus, the company’s oft-derided rival to the likes of Twitter and Facebook, met an early (although arguably not untimely) demise towards the end of the year, after Google discovered a massive data leak in the service’s APIs that affected the personal data of up to 500,000 users.To add insult to injury, a second security flaw was discovered earlier this month – this time affecting more than 52 million users and forcing Google to shutter the platform four months earlier than it had originally intended to. An ignominious end for one of Google’s least successful projects.
Marriott’s unexpected Chinese visitors – The Marriott hotel chain found itself with some unexpected guests this year, after it discovered that hackers had been squatting on its network for at least four years. To be specific, it was the hotels in Marriott’s Starwood Group which were affected, including prestigious chains like the Sheraton, Westin and W Hotels. Hackers may have accessed the information of up to 500 million guests, including passport numbers, phone numbers and email addresses. According to investigators, the hack may have even been part of a Chinese espionage operation.
British Airways flies into trouble – Towards the end of this year, British Airways announced two separate hacks on their systems, resulting in a total of 565,000 customers having their data stolen, including payment data and personal information. Given the sensitive nature of the data handled by airlines, this breach was a particularly egregious one. It was made all the more egregious by the possibility that BA itself may have inadvertently introduced the vulnerability that led to the hack. As Barry Collins revealed, BA’s rush to address the complaints about its data gathering raised by security researcher Mustafa Al-Bassam may have accidentally led them to introduce a flawed script.
Equifax pays the piper – It’s remarkable how quickly we all seem to have forgotten about Equifax, the company that let the personal data of 146 million users across the globe get stolen out from under its nose. Although US citizens were the worst affected, brits also fell victim to the breach, with some 15 million UK users affected. Although the breach was disclosed last year, the company has only started to feel the full ramifications of its failing relatively recently. It was slapped with a top-level £500,000 fine by the ICO, and the US government pointed the finger of blame squarely at ex-CEO Richard Smith, claiming it was his aggressive expansion strategy that led to the breach in the first place.
Apple’s blunder down under – It’s one thing to get hacked, but getting hacked by a bored Aussie teenager is something else entirely. That’s the fate that befell Apple, after a Melbourne private schoolboy exfiltrated 90GB of secret data from the company’s servers. A rather embarrassing gaffe for a company that prides itself on the security of its products. This breach feels comfortably nostalgic, harking back to the teenage hackers of the 90s, rather than the Russian gangsters and state-funded cybercriminals that we’re more familiar with today. The young hacker told courts that he hacked the company because he’s such a big fan, and he stored all his custom-built intrusion tools in a folder labelled ‘hacky hack hack‘. That’s faintly charming somehow.
Reddit? Hackedit. – Social media platform Reddit is no stranger to controversy, and it made headlines yet again this year after announcing that an attack on its SMS-based two-factor authentication system (which the company admitted was “not nearly as secure as we would hope”) led to hackers making off with a huge cache of data from between 2005 and 2007. The attackers gained access to – among other things – current email addresses, old salted and hashed passwords and internal Reddit data such as config files, logs, source code and more. A relatively minor breach as far as the impact on users goes, it was another setback for an embattled company that has weathered more than its share of storms.
Dixons Carphone phones in its security – Dixons Carphone has had a rough year. The parent company behind Carphone Warehouse and Currys PC World has recently announced a £440 million loss, and back in June the company announced that it had been the victim of a breach which saw 10 million customers’ records stolen. Dixons Carphone should be bracing itself for another fine from the ICO at some point in the future; it was hit with a £400,000 fine in January this year for a breach that occured in 2015. That breach only affected three million people, though, and occured before the advent of GDPR. The fine for this year’s incident could well be significantly higher.
Government’s counter-terror Trello leak. – It’s commonly said that the only things that are certain in life are death and taxes, but there’s a strong argument for adding ‘government IT blunders’ to that list. In one of the most embarrassing screw-ups of the year, the government accidentally leaked sensitive information via project management tool Trello. In yet another case of a lack of authentication coming back to bite a forgetful admin, a Trello board including anti-terror tools, contact details for top civil servants and guides for accessing government buildings was left publicly accessible via Google search. An even more concerning detail is that this information may have been accessible for up to four years.
Zuckerberg gets egg on his Facebook – Between the Cambridge Analytica scandal, Russian information warfare and a series of painfully awkward congressional hearings, Facebook has finally started attracting the attention of lawmakers, and not in a good way. It seems the company has a slight problem with preventing exploitation of its platform, which was highlighted by the theft of 30 million users’ access tokens a few months ago. These tokens allowed attackers to access a range of personal information from victims’ Facebook profiles, including contact details and, in some cases, location information and search history. Three million EU users were affected in the breach, so it’s a virtual certainty that the company will have a rather hefty GDPR fine to deal with at some point.
Comment (46)
social signals service| 2nd April 2023
social signals service
pycthxrxd qmqva gpldxhk cpqj nfkvjmjolrwejbt
Penhaligon's Perfume| 3rd April 2023
… [Trackback]
[…] Read More on on that Topic: ianoffers.com/2018-a-cyberyear-review/ […]
how to get cialis prescription| 3rd January 2024
how to get cialis prescription
how to get cialis prescription
where to buy cialis online| 5th January 2024
where to buy cialis online
where to buy cialis online
online pharmacy uk propecia| 8th January 2024
online pharmacy uk propecia
online pharmacy uk propecia
sildenafil 20 mg online canada| 18th January 2024
sildenafil 20 mg online canada
sildenafil 20 mg online canada
order cialis| 21st January 2024
order cialis
order cialis
sulfamethoxazole picture| 22nd January 2024
sulfamethoxazole picture
sulfamethoxazole picture
gabapentin seponering| 22nd January 2024
gabapentin seponering
gabapentin seponering
90 day supply of rybelsus| 24th January 2024
90 day supply of rybelsus
90 day supply of rybelsus
zoloft heart palpitations| 8th February 2024
zoloft heart palpitations
zoloft heart palpitations
cat fluoxetine| 10th February 2024
cat fluoxetine
cat fluoxetine
duloxetine cap 30mg| 13th February 2024
duloxetine cap 30mg
duloxetine cap 30mg
what antibiotic is azithromycin| 15th February 2024
what antibiotic is azithromycin
what antibiotic is azithromycin
cephalexin vs cefazolin| 28th February 2024
cephalexin vs cefazolin
cephalexin vs cefazolin
bactrim vs.cipro| 28th February 2024
bactrim vs.cipro
bactrim vs.cipro
effexor horrible side effects| 22nd March 2024
effexor horrible side effects
effexor horrible side effects
flexeril and breastfeeding| 22nd March 2024
flexeril and breastfeeding
flexeril and breastfeeding
effectiveness of flomax| 22nd March 2024
effectiveness of flomax
effectiveness of flomax
does buspar cause weight gain| 28th March 2024
does buspar cause weight gain
does buspar cause weight gain
diclofenac vs celebrex| 29th March 2024
diclofenac vs celebrex
diclofenac vs celebrex
goli ashwagandha| 29th March 2024
goli ashwagandha
goli ashwagandha
repaglinide manufacturer in india| 14th April 2024
repaglinide manufacturer in india
repaglinide manufacturer in india
semaglutide 0.25 mg| 14th April 2024
semaglutide 0.25 mg
semaglutide 0.25 mg
robaxin 750 mg uses| 14th April 2024
robaxin 750 mg uses
robaxin 750 mg uses
diltiazem for esophageal spasm| 14th April 2024
diltiazem for esophageal spasm
diltiazem for esophageal spasm
remeron weight gain reviews| 14th April 2024
remeron weight gain reviews
remeron weight gain reviews
what is considered a high dose of abilify| 14th April 2024
what is considered a high dose of abilify
what is considered a high dose of abilify
actos tsr| 14th April 2024
actos tsr
actos tsr
tab acarbose| 19th April 2024
tab acarbose
tab acarbose
what is tizanidine compared to| 19th April 2024
what is tizanidine compared to
what is tizanidine compared to
spironolactone name brand| 19th April 2024
spironolactone name brand
spironolactone name brand
levitra 20 mg| 13th May 2024
levitra 20 mg
levitra 20 mg
sildenafil india price| 17th May 2024
sildenafil india price
sildenafil india price
stromectol ebay| 17th May 2024
stromectol ebay
stromectol ebay
buy oral ivermectin| 17th May 2024
buy oral ivermectin
buy oral ivermectin
where to buy teva tadalafil| 18th May 2024
where to buy teva tadalafil
where to buy teva tadalafil
vardenafil hcl 20mg tab reviews| 18th May 2024
vardenafil hcl 20mg tab reviews
vardenafil hcl 20mg tab reviews
tamoxifen 20 mg bodybuilding| 26th June 2024
tamoxifen 20 mg bodybuilding
tamoxifen 20 mg bodybuilding
pregabalin 100 mg| 26th June 2024
pregabalin 100 mg
pregabalin 100 mg
can dogs have amoxicillin| 27th June 2024
can dogs have amoxicillin
can dogs have amoxicillin
does keflex make you tired| 27th June 2024
does keflex make you tired
does keflex make you tired
ampicillin sulbactam oral india| 28th June 2024
ampicillin sulbactam oral india
ampicillin sulbactam oral india
trazodone 50mg tablets| 29th June 2024
trazodone 50mg tablets
trazodone 50mg tablets
lisinopril and erectile dysfunction| 29th June 2024
lisinopril and erectile dysfunction
lisinopril and erectile dysfunction
doxycycline hyclate 50 mg| 30th June 2024
doxycycline hyclate 50 mg
doxycycline hyclate 50 mg