Want to know the details of the most devastating cyber attacks of 2018. Then Cybersecurity Insiders brings to you a synopsis of those which hit the headlines in this year.
Marriott Hotel Cyber Attack- In November 2018, Starwood Hotels a subsidiary of Marriott International admitted that its hotel guest database was accessed by hackers since 2014 and possibly information pertaining to over 500 million customers could have been stolen in the data breach. The statement released by the hotel and resorts giant said that the unauthorized access was detected after September 10 this year. But the company chose to disclose the news to the world after a two months gap i.e. in Nov’18.
FIFA Cyber Attack- On October 30, 2018, the football governing body FIFA revealed that its systems were hacked for the 2nd time in this year triggering concerns that the hackers might have sold the details on the dark web. The European Soccer event’s governing body fears that the attack cannot be linked to the one launched in 2017 by a Russian intelligence agency, but hasn’t ruled out the possibility that it could be the work of adversaries. Cybersecurity Insiders learned that the attack was of phishing genre where 3rd parties try to fool their targets for giving up their login credentials.
Google + Shutdown- In December this year, internet Juggernaut Google said that it was planning to shut down its Google + services from April next year as the service experienced a data breach exposing private data of hundreds of thousands of the Alphabet Inc’s subsidiary. It’s said that Google plus People APIs platform allowed 3rd party developers to access data of more than 500,000 users and that includes usernames, email addresses, occupation, date of birth, profile photos and gender-based information. As Google + servers do not keep user info for more than 2 weeks, the web search giant isn’t sure on the exact number of users who were impacted by the vulnerability.
Facebook 50m user data exposed- In September this year, social media giant Facebook announced that over 50 million accounts of its users could have been hacked due to a bug in ‘View As’ feature which was fixed after the revelation. Cybersecurity Insiders learned that the data expose took place on September 25th i.e. Tuesday while the fix was issued by late Thursday.
SHEIN hack- In August this year, reputed online fashion retailer SHEIN revealed that its user database was hacked by unknown cyber crooks who accessed personally identifiable information (PII) of almost 6.5 million customers. The largest online retailer added in its statement that the hack took place in June this year and the back door remained open to the criminals till Aug 13th of this year when the company was finally made aware of the potential theft by the IT staff.
Government Payment Service hack- The said online web portal which offers payment gateways for US populace to pay traffic citations and licensing fees disclosed in Sept this year that a data leak could give exposed data of more than 14 million customers dating back to 2012. The IT staff of the web portal which is known to serve over 2,300 government agencies in 35 states said that the hack could have leaked info such as names, addresses, phone numbers and the last 4 digits of credit cards.
Apple servers hacked- In August 2018 many media resources buzzed with the news that a Melbourne based schoolboy broke in the computer systems of Apple Inc and was nabbed by FBI based on a tip-off from the technology giant’s Australian business arm. It is learned that the teen managed to intercept the mainframe computer of Apple from his PC located in his suburban home on 2 occasions over the year and succeeded in downloading over 90GB of critical data and customer accounts.
Reddit Database hacked- In June this year; a spokesperson from Reddit disclosed to the world that its technology-based website suffered a security breach when hackers accessed a database containing user info dating back to 2007. The news was out that the hackers managed to gain read-only access to some of the systems containing backup data, source codes and internal log files along with some developer’s analysis. Though Christopher Slowe, the CTO of Reddit admitted that the hack was a serious one, he assured that its users will never-ever suffer such a hack in future.
T-Mobile hack- On August 20th, 2018, T-Mobile confirmed that a security breach was detected on its US servers resulting in the leak of personal info of up to 2 million T-Mobile customers. The access data includes customers name, billing zip codes, phone numbers, email addresses, account numbers, and account types such as prepaid or postpaid. However, the telecom giant assured that no financial info like credit card details, social security numbers or password were compromised in the incident.
Verizon faced cyber attack embarrassment due to AWS- In August this year, ZNET reported that millions of Verizon’s user accounts were compromised due to a security lapse caused due to human error. It was later revealed that the exposure error was caused when an employee from Nice Systems- an Israel based IT services provider accidentally left the data stored on Amazon S3 Storage server unprotected. As the data was downloadable to anyone, Verizon suggests that the data exposure could cause serious consequences in near future.
