Compromised Conversations: The Latest Social Media Data Breaches
Social media has become a hotbed for many cybercriminal activities in recent years. Attackers and hackers are attracted to such platforms as they make finding and engaging targets insignificant, are cheap and simple to use, are easy to make fraudulent accounts, and enable the distribution of malicious content at an unprecedented efficiency and scale. Advanced and big-scale cybercrime on social media platforms has become mainstream, from the Russian operatives using Twitter to spear phish and dispense malware to a Vevo breach attack stemming from a LinkedIn phishing attack. The worst social media data breaches are getting more frequent and more dangerous. This post collected a list of the worst and damaging social media attacks of all time to show the increasing need for protecting these platforms. Vevo hacked through a targeted LinkedIn phishing attack, approximately 3.12TB exfiltrated The streaming platform Vevo encountered a data breach in 2017 when one of its staff was phished through LinkedIn. Fraudsters obtained and publicly released 3.12TB worth of the firm’s sensitive and confidential data. The professional social network enables attackers to quickly determine their target at a certain company and send them a bespoke message, all under the auspices of professional recruitment or networking. Phishing Twitter direct messages sent to customers from a compromised bank account In 2011, an Australian bank encountered the worst-case scenario for an account takeover. Criminals didn’t vandalize the account or post seditious messages. As an alternative, they send direct messages to Twitter followers asking them to disclose sensitive financial institutions. Most account hacks are embarrassing and expensive from a brand and public relations perspective. However, they can also be utilized for big-scale cyber attacks against a brand’s most engaged and loyal followers. LinkedIn breached, exposing 117 million accounts In 2016, the social network itself got breached. The LinkedIn data dump was the seventh biggest in history by a sheer number of compromised items. That data breach that originally happened in 2017 lead to an eventually 117 million exposed email address and password combination. All of these were sold on the dark web for 5 Bitcoin. Financial corruptions run widespread on social media In August 2016, ZeroFOX researchers disclosed the massive underground world of financial misconduct on social media. Scammers always prey on verified banks’ followers with fraudulent financial service offerings like money flipping and card cracking. The issue’s scale is substantial, with at least a quarter-million posts for a single form of scam on a single social network. The issue was discovered on each major social media network and led to hundreds of yearly losses. HAMMERTOSS malware utilizes social media as Command and Control device In July 2015, the Hammertoss malware searched social media networks for commands posted by attacker profiles. This enables fraudsters to control the malware through social media posts. Furthermore, the attacker group behind the malware is accountable for the attacks against the White House, the State Department, the Joint Chiefs of Staff, and other nation-state governments like Norway. The approach to weaponizing social media proves the need to assess and investigate social media as a full lifecycle attack vector. Fake social media personal delivers malware to employees through social media In 2017, attackers made a convincing fake persona—a London-based photographer named Mia Ash connected with corporate staff. The attacker distributed a Remote Access Trojan (RAT) known as PupyRAT through the social media honeypot accounts to take over the controls of victims’ devices. The persona obtained accounts across numerous social media networks. Third party app results to hundreds of high-profile account compromises TwitterCounter, a third-party app, allowed Turkish-language attackers to take over controls of high-profile accounts. They posted destructive messages over the Netherlands after a antagonistic week of failing relations between Turkey and the Netherlands and essential elections in both nations. The breached accounts included a series of global brands and well-followed verified accounts such as Amnesty International, UNICEF, the European Parliament, Starbucks, the official Bitcoin Blockchain account, and Forbes. Twitter spear-phishing outbreak nets word leaders In July, the Twitter accounts of some of the most influential individuals in the world like Kanye West, Joe Biden, and Barack Obama all posted malicious tweets requesting Bitcoin. The hack encouraged immediate questions and panic about how numerous high-profile accounts were hijacked. The master turned out to be a 17-year-old guy from Florida who was immediately detained, together with some associates. The fraudsters scammed Twitter users out of a little over $100,000 but caused a massive scandal. Zoom encounters scrutiny after series of attacks Cybersecurity problems of Zoom are numerous stories rolled into one. In April 2020, half a million Zoom passwords were discovered being sold on the dark web. Hijackers gathered such passwords through credential stuffing and packaged the compromised accounts into a new database. Hackers utilized advanced bots to get around Zoom’s instinctive force protections, testing filched data until they discovered matches. Google+ shuttered over data breach risk Most were surprised to find that the social media platform Google+ was shuttering as it had started to take off. Google discovered that a bug in the system unveiled more than 500,000 user’s information. The company was further worried that it had taken them more than two years to see the bug. Google does not think the data breach led to anyone using data to hurt people. However, they decided the risk was too massive. Hence, they shut the entire thing down instead. 87 million Facebook data breach In 2018, Facebook finished its comprehensive investigation into the Cambridge Analytica data breach. It had gone back years when a Cambridge University researcher made a 3rd party personality app. More than 300,000 Facebook users installed it and volunteered their personality data on both themselves and others, which extend the breach’s reach. The app later supposedly sold the results to Cambridge Analytica, an activist group. Social media data breaches are not an unlikely event. While these platforms take them seriously and work to safeguard their users, data breaches are unavoidable.
BIG DATA BREACHES: Why Cybersecurity is the Key to Data Protection
In the modern age of digitalization, data protection is integral for every organization. In 2020, people witnessed that if data protection isn’t done right, companies will experience massive impacts in ransomware, phishing, hacking, and more. Unluckily, this dangerous trend isn’t going to stop but will stay for a longer time. Considering the value of cybersecurity, the good thing is that many organizations have started to take precautionary measures. For instance, they use cybersecurity tools such as VPNs to help them safeguard their customers’ data. That way, they can also protect their employees’ digital footprints working remotely from anywhere. Further, they can avoid different cyber risks proactively. The Importance of Data Protection Whether big or small, organizations and companies can’t flourish without protecting their vital business data these days. The following are the three major reasons why organizations should safeguard their business data accordingly. Protect against data breaches and other problems Did you know that data protection strategies enable companies to protect themselves from different concerns? That includes legal problems related to breaches, damaged brand reputation, loss of public trust, impact on future growth in terms of expansions and profits, and financial costs, among other problems. Avoid unauthorized access Imagine if companies can protect their resources such as laptops, computers, and other smart devices? They can easily keep several notorious elements at bay online. What’s more, they must safeguard their other sensitive assets such as personally identifiable information of their staff, official websites, and more, accordingly. Thus, hackers and other cyber goons can’t access such essential info, and organizations can work based on their long-term vision or goals without any problem. Guarantee business continuity There’s no doubt that business continuity is massively reliant on data protection. Organizations using security measures like advanced security tools like email encryption, update of corporate device security-wise, and data backup allows them to easily secure their core business functions and continue doing their regular operations in the most efficient and right way. In short, data has become a lifeline for companies. Without protecting it properly, they can’t grow in the future efficiently and successfully. Which Information Must be Protected? Organizations typically store various information connected to their customers, such as customer details. These details normally include personal data like contact number, email address, bank account number, and more. They need to safeguard their patrons’ valuable data, so they don’t need to deal with online frauds like identity theft, phishing scams, and more. Below is the list that comprises common data businesses store in their databases: Name Financial data like credit card details, account number, and bank name Email address Residential address Other miscellaneous data What Organizations Can Do to Fulfill their Role with Data Protection? Various data protection laws such as CCPA, LGPD, GDPR, and more have compelled companies and businesses to give utmost importance to their clients’ data a much as they can. Nonetheless, they can still take various cybersecurity measures to safeguard their customers’ data. Some of these steps are as follows: Consider cybersecurity as a long-term activity Businesses must not think of cybersecurity as only a one-time activity. As an alternative, they must ready themselves to come across different cybersecurity problems such as ransomware, phishing attacks, data theft, and so much more. Cyber problems aside, they could lose a substantial amount of money if they keep doing cybersecurity occasionally. Update every official device regularly Keep in mind that there’s no damage if companies update their devices like laptops, desktops, and other smart devices as and when needed. This will help businesses keep their official resources safe and safeguard them from various cyber threats. Enhance endpoint security business-wide In case you didn’t know, endpoint security is a procedure by which organizations can safeguard endpoints of their official devices like tablets, laptops, and desktops from the prying eyes of scammers, hackers, and other cybercriminals. Remember that this activity must be done throughout the company and without any judgment. Offer essential cybersecurity to every employee For employers out there, you are supposed to train your staff when it comes to cybersecurity. You can ask your IT department to play its role diligently. This specific department must help your employees utilize encryption software to prevent their laptops, computers, and other devices from being hacked, malware, privacy invasion, and other risks. How Can Big Data Help? Cybersecurity requires the actionable intelligence and risk management that is common for big data analysis. It’s good to have tools that can assess data. However, the solution is to automate tasks so the data is accessible fast and the analysis is delivered to the right people at the right time. That will enable an analysis to categorize and group cyber threats without the lengthy delays that could make data irrelevant to the cyber threat or attack at hand. You see, big data will help analysts to envisage cyberattacks by taking the complexity from different data sources and streamlining the patterns into visualizations. Using the data in its raw format enables disparate data to be helpful not just with what’s taking place but also with historical data. The historical data enables businesses to make statistical baselines to determine what’s considered normal. They will then identify when the data deviates from the norm. Often, it is simple to miss indicators if they’re given in real-time. Nonetheless, they may have new definitions when they’re viewed over time. That historical data can also produce new opportunities for machine learning, statistical models, and predictive models, enabling the ability to foresee future events. Final Thoughts Data protection is crucial when we talk about expanding businesses online. Business leaders can’t underestimate the importance of cybersecurity at any cost. That’s because consumers prefer to purchase products and services from organizations committed to data protection. In a nutshell, data protection has become the need of the hour. Otherwise, organizations won’t grow or achieve success in the future. What are your thoughts about this post? Share your insights with us by leaving your comments below!
The End of Privacy: The Most Damaging Privacy Leaks of the 21st Century
Data is transforming to one of the most important assets in the digital realm. The tech giants monopolizing data are considered the most powerful organizations on the planet. Nonetheless, they are often becoming vulnerable to a data breach epidemic despite the overflowing value of data monitored by such entities. A data breach is an information security breach where personal data is exposed publicly without approval. When giant firms such as Yahoo and Facebook have gotten comprehensive attention for the outcome of a data breach, small companies are no escape. Take note that data breaches can impact businesses of all sizes in many different ways. They are challenging to determine, expensive to address, and can cause massive reputational damage that some enterprises never recover. Nevertheless, the only thing organizations can do in such scenarios is to mitigate the consequences of a breach to execute a detailed risk management practice for a recognition, restraint, and communication in the aftermath of a data breach. Below is the list of the well-known and biggest data breaches in the 21st century. FriendFinder Networks Data Breach Occurred in October 2016 and affected 400 million accounts This company suffered one of the major and most damaging data breaches in history in 2016. FriendFinder Network Inc. jeopardized 400 million accounts, with most of them coming from AdultFriendFinder.com. Did you know that every database involved in the breach is composed of usernames, email addresses, and passwords kept in plain text? Marriott International Data Breach Occurred in September 2018 and affected 500 million guest records. On September 8, 2018, a security tool flagged a suspicious effort to access a guest reservation database for Marriott’s Starwood brands. It was found out that the Starwood network was compromised in 2014 when the international corporation started an investigation. The data breach happened when it was still a separate company before merging with Marriott. In 2016, Marriott acquired Starwood but failed to incorporate the firm with its reservation system. Starwood was still utilizing its preceding IT infrastructure, which resulted to an attack. The record of five hundred million guests was washed out from the Starwood systems by the hacker. The cybercriminals utilized Trojan Horse software to access the accounts Facebook Data Breach Occurred in September 2019 and affected 400 million users This is one of the recent data breaches of today. The giant social media platform, Facebook, reported a series of security breaches in the past. Nevertheless, the data breaches that happened in 2019 were big. The company disclosed that millions of Instagram passwords had been kept online in plain text. After that, other problems, such as technical flaws allowing kids to chat with strangers online, undiscovered to their parents. News emerged of a data leak in September 2019 that uncovered the phone numbers of at least 400 million Facebook users. That database comprises records throughout numerous geographic locations, consistent with 133 million Facebook users in America, 50 million in Vietnam, and 18 million in the United Kingdom. The database in question was discovered to be unsecured by password or any form of encryption. Anyone searching the web could find and access that data. First Americans Financial Corporation Data Breach Occurred in May 2019 and affected 885 million users American journalist Brian Krebs reported the big data breach of financial records from the company in 2019. The breach leak digitalized documents which go back to 2013. A few of the most important data stolen during the incident were drivers’ license images, wire transaction receipts, social security numbers, mortgage and tax records, bank statements, and bank account numbers. What’s more, the breach was started from an authentication mistake. No verification was needed to access the files that make them accessible to anyone with a browser. Any individual with the link can access data, and with a change of one digit, it was simple to find other documents with the same URLs. The company encountered a common web designer error referred to as Direct Object Reference (IDOR). A web page with sensitive data is made so a certain party will only view it. Nonetheless, the table turned as there’s no other way to determine the person seeing it. Anybody who types the link could easily and directly access the web browser. Cybercriminals and hackers used Advanced Persistent Bots (APBs) to gather and index the remaining documents. This data breach proved that companies could not massively depend on unique links to protect data. As an alternative, documents must be safeguarded with passwords and multi-factor authentication. Yahoo Data Breach Occurred in October 2017 and affected three billion accounts Yahoo suffered the biggest and most detrimental breach in history in 2013. However, it took another 3-4 years to find the accident. The Chief Intelligence Officer of InfoArmor, Andrew Komarov, discovered the data breach when he’s assisting the firm in responding to another data attack in 2016. He unraveled hints of the 2013 breach while trying to take down the stolen information. He observed a dark web seller providing close to $300,000 for a list of over a billion Yahoo accounts in August 2015. Yahoo experienced a hot in its income when it went public along with the massive data breach. The organization alerted its users to reset all their passwords and restart their security questions. News of the breach declined Yahoo’s value by $350 million, not to mention the stock price drop by three percent. The security breach led the company to long-term effects. What’s more, the company ran into different civil and regulatory complainants, as it failed to disclose the breach timely. It is expected that most of their post-breach injuries could have been prevented had it been assessed and revealed the breach sooner. There you have it! These are the top five of the biggest and most damaging data breaches in the 21st century. What are your thoughts about this post? Share your insights with us by leaving your comments below!
The Importance of Data Encryption in Cybersecurity
Used in different security solutions, data encryption keeps unwelcomed visitors away, so they can’t get into your important data.
