Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
Cyberattack

The 10 Biggest Data Breaches that grabbed attention in 2020

Aggrey AeraBy Aggrey AeraUpdated:December 24, 2020 on December 24, 2020
Top data breaches
Image credit: Morning Tick
Share
Reddit Facebook Twitter LinkedIn Pinterest WhatsApp Email

Indeed, 2020 has been a soul-destroying year and a bitter pill to swallow. Actually, none of us has escaped the year unscathed by the coronavirus pandemic that has completely altered the way we do things. People have lost loved ones, jobs, and some have lost their minds. Importantly, remote working has become more widespread as companies try to implement social distancing to minimize the spread of the Covid 19 pandemic.

Despite the increased numbers of remote workers, something devastating has grown – cybercrime. An INTERPOL assessment of the impact of COVID-19 on cybercrime showed that cybercriminals are increasingly targeting larger corporations. A Europol report published in October also confirms that the pandemic has ignited an upward trend on cybercrime. In the UK alone, there was a 31% increase in cybercrime during the pandemic. A report by RiskIQ revealed that by the year 2021, cybercriminals will skim the world $11.4m per minute. With such glaring statistics, the internet is no longer a safe place. Unless companies enforce serious cybersecurity measures, they will continue to lose more yearly.

As we close the curtain of 2020, we will review the top 10 data breaches of the year to learn from the mistakes made. Probably, we may get more insights on how to handle cybersecurity issues in 2021. Here we go!

1. Marriott Data Breach

If you remember, Marriot was a victim of a data breach in 2018 in which hackers accessed the personal details of its 500 million Starwood guest reservation base. Actually, the hackers managed to access names, payment information, email contacts, passport numbers, and email addresses. Come January 2020, the international hotel was again a victim of a security breach. This time 5.2 million guests’ personal details were accessed.

The hackers obtained the login credentials of the hotel’s employees and used them to access the guests’ details. Specifically, the cybercriminals accessed names, mailing addresses phone numbers, email addresses, loyalty account details, and additional details such as birthdays, affiliations, and related information.

In October this year, the UK private data agency- Information Commissioner’s Office (ICO) – fined Marriot £18.4m for the latest data breach.

2. Tetrad Data Breach

In February, the culprit of a data breach was a renowned Australian market analysis firm, Tetrad. Actually, it was on February 3, 2020, that a researcher from UpGuard downloaded the Amazon S3 storage only to realize that Tetrad had left data belonging to 120 million Americans exposed. The data varied with business type but it was made up of Tetrad’s clients. It’s not very clear for how long the data was exposed, upon being notified, Tetrad closed access to the details within a week of being notified.

3. MGM Hotel Data Breach

Imagine visiting a hotel only to, later on, find your personal data in some shadowy online site? And it’s not one person – we are talking of personal details of 10,683,188 former hotel guests. Yes, it happened in February when hackers posted data they had obtained in July 2019 from MGM hotel online.

To make matters worse, data included personal details such as full names, dates of birth, phone numbers, home addresses, and emails. And it wasn’t just the regular tourists who were affected. Government officials, celebrities, reporters, and other prominent personalities were the victims of the data shared on the dark web.

4. Keepnet Labs Data Breach

In March, UK-based security company Keepnet Labs was a victim of one of the largest data breaches of the year. The company gathers historic online data from “online public resources” and notifies its clients on the security of their business domains.

But in March, a security expert, Bob Diachenko noted a leaky Elasticsearch database that exposed 5,088,635,374 records and another one that revealed over 15 million records, with the latter being constantly being updated. Specifically, the collections were composed of data leaks that occurred during 2012-2019. Moreover, the security researcher observed that the data was “very well structured”, containing hash type, leak date, password, email, email domain, and source of the leak.

Following the revelation of the massive data breach, a security expert and blogger who published the leak was threatened with legal action. It is only in June that Keepnet Labs confirmed through a statement that indeed there was a data leak. They actually blamed the contractor who was performing serviced maintenance for the leak.

5. CAM4 Data Breach

CAM4, an adult live streaming platform owned by Irish company Granite Entertainment faced a serious data leak from March 16, 2020, and the figures increased daily to 10.88 billion records. The massive data leak took place by a group of researchers led by Anurag Sen during a search on the Shodan engine to detect any unsecured databases.

Out of the 10.88 billion records that were exposed, 11 million contained email addresses, while an alarming 26,392,701 had password hashes for web systems and CAM4 users. If someone managed to dig into the data, he/she could have obtained very sensitive information about sexual preferences of CAM4’s users and, probably, use it for blackmail.

It’s not possible to tell whether the database was hacked, or if malicious actors infiltrated the database, but that doesn’t mean it wasn’t. The company replied in a
statement saying, “The team concluded without any doubt that absolutely no personally identifiable information, including names, addresses, emails, IP addresses or financial data, was improperly accessed by anyone outside the SafetyDetectives firm and CAM4’s company investigators,”

6. Magellan Health Data Breach

In April 2020, Megan Health was a victim of a ransomware and data breach. The healthcare behemoth discovered a breach to its systems after hackers used malware to steal an employee’s login details. The cybercriminals then used the credentials to engage in phishing activities to gain more access to the healthcare body’s systems.

After accessing the system, they deployed a ransomware attack on the health service provider. Megan Health confirmed that 365,000 patients were affected by this bold attack. But after some months, the number of people affected is said to be circa 1.7 million.

7. Zoom Data Breach

April was not the best of months for Zoom. News broke out that 500,000+ Zoom accounts passwords were on sale on the dark web. Interestingly some were shared for free with others going for less than a penny.

But how did hackers infiltrate these accounts? Well, IntSights researchers established that they used a technique called credential stuffing attacks. It all began when the hackers visited online hacker forums to collect usernames and passwords of previously hacked accounts.

With the habits of people reusing passwords, it wasn’t difficult for the cybercriminals to find successful logins, which were compiled and sold, with others given free.

8. Nintendo Data Breach

April was also not very good for Japanese gaming giant, Nintendo. Specifically, the day was on April 21 when the first report of a hack was made. On April 24, Nintendo confirmed that indeed 160,000 Network ID accounts had been hacked. Later the company confirmed that the number was actually 300,000.

The company did not confirm how the hack took place, but there was a clear mention of the same password across both the Nintendo Network ID and Nintendo accounts, which is clearly a hack through the use of unauthorized logins.

9. Bluekai Data Breach

BlueKai, a division of technology giant BluKai faced one of the most embarrassing and largest data breaches in 2020. Acquired by oracle in 2014, BlueKai uses cookies to track web users and had the largest trove of web users’ data. But in June, a security researcher discovered that one of the tech’s servers was lying unsecured, without a password. The data breach exposed names, email addresses, home addresses, and other personal information of billions of people. Additionally, the breach revealed web browsing activity and newspaper unsubscribe.

10. Twitter Data Breach

On July 15, 2020, microblogging site, Twitter was a victim of a cyber attack in which 130 accounts were infiltrated. The cybercriminals used a phone spear-phishing attack to obtain credentials of the 130 employees and then proceeded to tweet from 45 accounts. Ultimately, they managed to access the DM inbox of 36 accounts and downloaded Twitter data from 7 accounts.

Twitter admitted there was a breach and replied, “the attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”

Cyberattack Cybercrime Data Privacy Featured Security
Disclaimer
Read More Read Less
The information provided on this website shouldn’t be considered as investment, tax, legal, or trading advice. Morning Tick is not an investment advisory platform, nor do we intend to be. The publication, its’s management team, or authored-by-line doesn’t seem liable for your personal financial losses, which may be due to your panic decisions based on the content we published. We strongly recommend considering our stories as just a piece of information, unlike advice, recommendations, or requests. Some of the contents may get outdated, updated, or inaccurate despite our profound editorial policies. We urge readers to do their due diligence before making any investments decision with ongoing IDOs, ICOs, IEOs, or any other kind of financial offerings. Few outbound links may be commissioned or affiliated, which helps us grow financially and maintain healthy editorial norms. For more information, visit disclaimer page.
Share. Facebook Twitter Pinterest LinkedIn Email Reddit WhatsApp
Previous ArticleHere’s why Ripple’s CEO believes Bitcoin is Chinese-controlled
Next Article Here’s what Ripple’s key partner MoneyGram said after SEC’s lawsuit
Aggrey Aera
  • Twitter

Aggrey Isoe Aera is B.A. Economics graduate and certified Accountant with interests in emerging technologies, and their disruptions in everyday lives. He is particularly interested in AI, Big Data, 5G, Blockchain, Machine Learning, Fintech, cashless payments, and anything crypto.

Recommended Posts

Introducing Lucky Mystery Box, Crypto lottery based on TRON with a prize pool of 1M USDT

2 months ago

GlobalDots joins forces with Coralogix to save companies 40-70% on full-stack observability costs, launching a debut CDN log management solution

3 months ago

Unplugged launches its mobile App Suite to help consumers reclaim their privacy

5 months ago

Oxford United FC joins the mental health conversation through new sponsorship

6 months ago
Add A Comment

Comments are closed.

Latest

Introducing Lucky Mystery Box, Crypto lottery based on TRON with a prize pool of 1M USDT

2 months ago

GlobalDots joins forces with Coralogix to save companies 40-70% on full-stack observability costs, launching a debut CDN log management solution

3 months ago

KX.finance announces upcoming DeFi/DEX aggregator launch on APTOS/SUI blockchain

5 months ago

HyperBC Group unveils Zero interest Crypto Credit Card HyperCard, obtains Lithuanian Financial License

5 months ago

Unplugged launches its mobile App Suite to help consumers reclaim their privacy

5 months ago
Morning Tick
Facebook Twitter Instagram Pinterest RSS
  • About Us
  • Press Toolkit
  • Disclaimer
  • Contact Us
  • Privacy Policy
  • Sitemap
© 2023 Morning Tick. Disclaimer: The information provided on this website shouldn't be considered as investment, tax, legal, or trading advice.

Type above and press Enter to search. Press Esc to cancel.