未加星标

Data breaches affected more than a billion people in 2018

字体大小 | |
[网络安全 所属分类 网络安全 | 发布者 店小二05 | 时间 2019 | 作者 红领巾 ] 0人收藏点击收藏

More than one billion people were affected by the loss of personal data through 13 data breaches at 11 different companies in the past year, according to personal virtual private network service provider NordVPN.

The biggest breach of the year exposed the data of half a billion customers of the Marriott hotel group’s Starwood properties , including the St Regis, Westin, Sheraton, Aloft, Le Meridien, Four Points and W Hotel brands.

Marriott said hackers had broken into its booking system and accessed customer data over the past four years. Stolen data included customers’ names, addresses, phone numbers, card numbers, passport numbers and even information about where and who they were traveling with.

“Because this information wasn’t used for any known financial gains or identity thefts, there are rumours that it could have been a state-sponsored attack,” said Daniel Markuson, digital privacy expert at NordVPN

“As a former British intelligence officer said, the aim of this attack could have been to get valuable information on spies, diplomats and military officials who have stayed in Marriott hotels over the years. It is strange that the attack remained unnoticed for such a long time and that none of the information was monetised.”

The second largest breach was at Twitter, affecting 330 million users when a software bug exposed passwords in plain text.Twitter said there was an issue with its password hashing system, which failed to encrypt passwords and was saving them in plain text.

“Twitter’s investigators claimed that no one had actually accessed the data, but if any of the affected accounts had been hacked, their passwords would have been visible to the attacker,” said Markuson. “Their information could then be used to access other accounts.”

Twitter advised a number of users to change their passwords as a precaution and said the bug had been fixed.

Next up is My Fitness Pal , a food and nutrition app owned by Under Armour, which leaked the data of 150 million users.

“Once the company noticed the breach, it notified its users in almost record time compared with other companies of just four days,” said Markuson.

Under Armour said hackers accessed usernames, email addresses and hashed passwords, but other information, such as credit card numbers, was not compromised because it was stored separately from generic user information.

It is still unknown how hackers broke into the systems, but Under Armour said it was working with data security firms to investigate the attack and take precautionary measures to avoid further break-ins.

Firebase, a Google-owned development platform, leaked the sensitive information of over 100 million users during the year. “The platform might not be well known to everyone, but it is widely used by mobile developers,” said Markuson.

Appthority researchers scanned 2.7 million iOS and Android apps that connect to, and store, their data on Firebase. They found that more than 3,000 of those apps were connected to a misconfigured database that could be accessed by anyone.

“These apps with ‘leaky back-ends’ had been downloaded on the Google Play Store over 620 million times and could have exposed highly sensitive data, including user IDs, plaintext passwords, users’ locations, bank details, bitcoin transactions, social media accounts and even health records,” said Markuson.

The question-and-answer website Quora was also hacked, putting 100 million users at risk . Quora representatives said they had noticed that a “malicious third party” had accessed sensitive information on the database. Compromised data included users’ names and IP addresses to their Q&A history, access tokens and private messages.

“Quora claimed that none of its partners’ financial information or any anonymous Q&As had been affected,” said Markuson. “The attack is under investigation, and no further comments have been made by the company.”

My Heritage, a company that can test people’s DNA to find their ancestors and build their family trees, leaked the email addresses and hashed passwords of more than 92 million users.

The attack was noticed in June when the company’s security researcher found users’ data sitting in a private server that does not belong to the company.

My Heritage said the most sensitive user data, such as DNA information and family trees, is stored on separate systems that were not compromised.

Facebook breaches

One of the biggest brands hit by data breaches in 2018 was Facebook, with 147 million accounts exposed in three breaches.

The first came to light in March, when it emerged that political consulting firm Cambridge Analytica was given permission to use more than 50 million Facebook profiles for “research purposes”, but instead collected user information to create psychographic profiles to influence the US presidential campaign in 2016.

“This data mining and data analysis company was employed by Donald Trump and helped him shape and predict the votes,” said Markuson.

Then, in September, Facebook hit the headlines again when it compromised the security of almost 90 million users . A bug in Facebook’s “View As” feature was discovered that could be used to steal users’ access tokens, which keep the user logged into a website or an app during a browsing session.

“Access tokens do not save the user’s password, so Facebook logged out everyone potentially affected to restore the security,” said Markuson. “However, hackers still managed to steal usernames, genders, and information about their home towns.

“Facebook claims that, so far, it has not noticed any suspicious behaviour on compromised accounts. However, this doesn’t mean this data won’t be used at a later date.”

In December, user confidence in Facebook was shaken even further when another bug was announced.“It appears that hundreds of third-party apps had unauthorised access to seven million users’ photos,” said Markuson. “Worst of all, these included pictures people might have started uploading but never posted.

“It is unknown whether anyone had seen these photos or used them in any malicious way. However, this shows how much data Facebook collects and how little control they have over their cyber security.”

Hefty fines for Uber

Although Uber admitted in November 2017 that it had covered up a data breach in 2016 that affected 57 million customers and drivers , Markuson said the company is worth a mention because of the resultant fines in 2018.

“Lack of communication with its users and failing to follow the procedures of the ‘bug bounty reward scheme’ resulted in Uber receiving a hefty fine of$148m in the US and385,000 in the UK,” he said.

Also in 2018, event ticketing websiteTicket Fly was bre

本文网络安全相关术语:网络安全工程师 网络信息安全 网络安全技术 网络安全知识

代码区博客精选文章
分页:12
转载请注明
本文标题:Data breaches affected more than a billion people in 2018
本站链接:https://www.codesec.net/view/628583.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 网络安全 | 评论(0) | 阅读(851)