2017 isn’t over yet but cyberbreaches are already approaching last year’s level, where billions of records were leaked and caused terrible headaches for the affected parties. So if you thought that was bad, you may have to think again; there’s still some time to go until the end of the year, and we’ve already seen hacks, ransom attacks, and leaks of gigabytes of data. Millions of records have been stolen, and an abundance of classified hacking tools set free into the wild, which has led to its own set of issues. So without further ado, here are five of the biggest leaks of 2017…
Cloudflare Leaks Info for Months
A researcher on Google’s Project Zero, Tavis Ormandy, has uncovered a bug in Cloudflare’s internet infrastructure service that was leaking confidential information such as private messages on dating sites, user identity information, and (potentially) protected health information, passwords, API keys, authentication tokens, and much more. Cloudflare has more than two million sites in its network, including major services such as Uber, Fitbit, and OkCupid.
When notified about the flaw, Cloudflare reacted promptly and had mitigation in place within an hour, but what made things more severe was the fact that search engines were caching the leaked information. The flaw had been leaking data since September 2016, but Cloudflare did not find out about it until February 2017, so the damage is yet to be fully determined.
Onliner Spambot Leaks 700 Million Email Addresses
In August 2017, security researcher Benkow discovered Onliner Spambot exposing a huge number of files containing personal information. Troy Hunt, the author of the HaveIBeenPwned site, wrote that the massive data leak contained 711 million unique email addresses, many of which were also accompanied by corresponding passwords. Troy even found his own real email address there, so there is a slight chance that yours could be there as well. Maybe it is a good time to change your email password?
Deloitte Embarrasses Itself
Can the world’s top cybersecurity consultant fail miserably in protecting the highly sensitive data of its customers? Yes, it seems it can, as this hack against the New York–based financial services company shows. Deloitte discovered the leak in March 2017, but some believe the attackers have been able to access sensitive data since fall 2016.
That’s a massive problem considering that Deloitte had high-profile clientele earning the company $37 billion in 2016. Apparently, a company employee felt so safe that they didn’t enable two-factor authentication, which allowed the hackers to access the data. The damages are yet to be fully determined.
SVR Has Vehicle Records Exposed
More than half a million records belonging to vehicle recovery company SVR Tracking were leaked in 2017, as discovered by the Kromtech Security Center. The exposed data included email addresses, passwords, license plates and vehicle identification numbers (VINs), as well as 339 logs containing vehicle records and contacts with more than 400 car dealerships using SVR’s service. SVR fixed the repository configuration vulnerability identified by Kromtech and started its own investigation.
Zomato Loses 6.6 Million Password Hashes
About 17 million user records – user IDs, names, usernames, email addresses, and password hashes – were stolen from Zomato’s database, as discovered by the company’s security team. The leaked data contained 6.6 million users’ password hashes, which can be cracked using brute-force algorithms. Zomato says it has reached out to these users and prompted them to change their passwords on all services where they might have used the same password.
What Have We Learned from This?
What really raises eyebrows, however, is how enabling two-factor authentication might have prevented some of these breaches. Still, while reading about these gigantic leaks, just take a moment and consider once again if you took the minimum steps to protect your account? Did you enable two-factor authentication? Remember, it’s not the same as two-step verification.
It’s easy to lose faith in technology when you hear about the frequency of security breaches, and knowing that you could be the next target is enough reason for concern. But unless you burn all the bridges to your digital life this struggle will always remain, and the best thing to do is to protect those online accounts with strong passwords, encrypt the data and use a password manager. It’s up to you to decide, however, what data to throw into the secure basket.
Best Password Managers of 2018