Posts

The Master List of 2018 Breaches

The Master List of 2018 Breaches

2017 was a record setting year for data breaches, but we might have to call 2018 “The Year of the Breach.”

According to Verizon, there have been more than 2200 data breaches across the globe, and about 68 percent of these breaches were not detected for months. This is not good news for any business or organization.

Here are some of the major breaches of 2018:

Facebook

Facebook is part of the list of 2018 breaches but NOT because of the Cambridge Analytica scandal. Instead, it’s because of the breach that occurred in late September, when about 50 million people had their data exposed. This hack took advantage of vulnerabilities in Facebook’s code, and hackers were able to control the accounts of
users.

Department Store Hacks

Several department stores were also hacked this year including Saks Fifth Avenue and Lord & Taylor, which were hacked in April. These stores had their customer payment cards compromised. Macy’s also was hacked. This time, it was the names and passwords of its customers that hackers obtained.

The Master List of 2018 Data Breaches Hacks Robert Siciliano Safr.me

Fitness Hacks

There were also hacks against fitness companies like Adidas and Under Armour. In the case of Adidas, hackers accessed the data of several million customers. In the case of Under Armour, the hackers targeted the brand’s app, MyFitnessPal, and were able to access the information from about 150 million users. In neither case were Social Security numbers, payment information, nor driver’s license numbers accessed.

Exactis Hack

The biggest hack of the year was also the one that most people don’t even know about. You probably don’t even recognize the name Exactis, but it is a marketing and data aggregation firm. In June, the company leaked the data of more than 340 million Americans. In this case, the company did not secure its database, and this left records
open to anyone who wanted them. Not only were people affected here, but so were businesses. Phone numbers, emails, addresses, and even interests of these people were exposed.

Marriott

Marriott also makes the list of the major breaches of 2018 (but it originated as early as 2014), and in this case, about 500 million people were affected. This hack was done through the Starwood Hotels guest database. It was later realized that the hackers who did this were very likely working for the Chinese government, which was trying to gather intelligence. China has denied being involved in the hack, but experts claim that the methods used in the hack and evidence found all point towards the Chinese government.

Google

There were a few other hacks that are worth mentioning too. Google, for instance, though not technically hacked, did expose data of its users thanks to a security bug. In this case, about 50 million accounts were compromised.

We hope, of course, that lessons were learned in 2018 so that 2019 looks a bit more promising, but as most security professionals know, hackers like to stay one step ahead. So keep your data as safe as possible.

What can you do? Move to Montana, find a cave, live in it. Toss your mobile, PC and credit cards and eat off the land.

Or…

Foreign Bad Actors Hacked Marriott

You have probably heard about the latest major data breach, right? The Starwood hotel chain, which is owned by Marriott, was hacked. More than 500 million people were affected by it, and now, we have learned that a hostile, foreign intelligence service is likely behind it.

Most of the data that was compromised is unsurprising, such as emails and names, but other information that was accessed is a bit puzzling. This includes passport information and where people traveled. A U.S. intelligence official, who does not want to be identified, has said that this breach fits the mold of China being behind it.

Though there is nothing specific to point the finger at China, the techniques, tools and procedures that were used are commonly being used by hackers who work for the Chinese government. However, it is important to keep in mind that other hackers would also have access to these tools.

For now, the investigation is continuing into the data breach, and nothing official has been released. The FBI continues to remain on the case, and Marriott has said that it has no idea who or what is behind this hack. At this point, they are choosing not to speculate.

Robert Siciliano Marriott

The hotel chain has both internal and external teams working on exposing the hackers, and the main clue they are focusing on is the type of data that was accessed, such as passport numbers and the times and dates that people checked in and checked out of the hotel. This information could be very valuable to foreign countries, including China, who might want to create counterfeit passports. The State Department, however, has told NBC News that a new passport could not be made by using passport numbers alone.

This hack is part of a series of hacks that have plagued businesses over the past few years and recent months. In fact, this hack went on for four years before Starwood even realized that it was getting hacked! This is a pretty long time when you consider that the average hack goes on for 101 days before it’s discovered. What’s even more disturbing is the fact that the company knew about this hack since September, but it didn’t announce it until the beginning of December.

Marriott has responded to this. It says that it is improving the way it deals with cyber security, and, in addition to working out what happened in this hack, it is analyzing how it can improve the way it deals with customer data.