2020 has been quite a momentous year, to say the least. From a destructive pandemic to the resulting economic downturn and the numerous civil rights uprisings, there is already so much that has been going that it could be hard to keep track of everything. Even so, there have been other equally profound occurrences with far-reaching impacts that have gone done since the year began.
Data breaches and hacks are not unusual despite all the efforts that are being put in place to mitigate against them. Malicious parties are always trying to gain unauthorized access to data and with more people now using the internet than ever before, it is safe to say that way more of them have been impacted. So far, there have quite a number of data hacks and breaches in 2020 each varying in magnitude. After looking into all of them, here are the tops ones:
1. The Twitter Hack
Twitter is, without a doubt, one of the most popular social platforms on the planet and this makes its security critical especially considering how valuable it is as a source of information and communication channel. In mid-July 2020, hackers breached the platform’s security, a move that targeted a total of 130 accounts including those belonging to popular personalities like Elon Musk, Bill Gates, Joseph R. Biden Jr., and Barrack Obama, among others. Fake tweets were posted from some of the compromised accounts and as a result, about $121,000 in Bitcoin was lost in nearly 300 transactions.
2. BlueLeaks and the Return of Anonymous
Anonymous, a dreaded hacktivist collective, resurfaced after nearly a decade of silence with a massive 269-gigabyte data leak. The leaks revealed, among other things, a ton of US law enforcement documents as well as intelligence documents detailing how they discuss activist groups like Antifa and how the police track protestors. Obviously, with all of the activism that we have seen in 2020, it is not too surprising that this gained so much attention.
3. 9 Dating Apps Get Hacked
Online dating is such a big deal in 2020, not just because of the COVID-19 pandemic but also because it is becoming a preferred way of meeting people especially for the younger generation. Unfortunately, it is not always as straightforward as one would hope. The risks of operating in cyberspace are largely the same. In May, some security researchers discovered that up to 854 gigabytes of data was open and accessible on the internet. While no actual hack was reported, the fact that the data was exposed cannot be taken for granted.
4. The Marriott Data Breach
Over 5 million hotel guests were compromised on March 31, 2020, the casualties of a data security breach that targeted the Marriott chain of hotels. All of the affected customers were using the company’s loyalty application and it is through the app that hackers were able to siphon data for about a month before being discovered. Some of the data were compromised during the breach included personal information, travel information as well as loyalty program information.
5. Zoom Passwords Go on Sale
With the COVID-19 pandemic forcing people to shift to working from home, Zoom quickly rose in popularity as the best virtual meeting. Its rise was so meteoric and cybercriminals were also paying attention to this. In April 2020, they succeeded at breaching the company’s security stealing passwords of over 500,000 accounts which were then put on sale on some dark web crime forums. Many organizations were affected by this breach particularly because their employees were using Zoom. These included colleges, schools, and even financial institutions.
6. The MGM Resorts Data Leak
MGM Resorts, like many other gambling companies, entertainment, and hospitality operators across the globe, has been greatly impacted by the pandemic. However, the company was already having some trouble long before that. Earlier this year in February, news of a massive data breach that occurred in 2019 surfaced. According to the reports, the breach resulted in the leak of the details of up to 142 million of the company’s customers. The company through its spokesperson assured the public that no financial, payment card, or passwords were leaked though. Still, the leak was pretty significant and certainly stands out as one of the biggest ones in 2020.
7. Nintendo Legacy Login System Gets Hacked
In later April, nearly 160,000 Nintendo users were affected by an account hijacking scheme that, as it turns out, was made possible by vulnerabilities found on a legacy login system which has since disabled. The attackers gained access to user accounts and began to fraudulently purchase games and virtual currency for Fortnite. This online video game and in-game currency shopping spree was definitely going to raise a lot of eyebrows especially with more people taking up video games as a hobby once the pandemic hit.
8. Magellan Health
In April, Magellan Health, a healthcare company and a Fortune 500 company was subject to a ransomware attack and data breach which affected over 360,000 of its patients. The well-orchestrated cyberattack was so devastating especially because of the kind of data that the hackers were able to steal. These included employee login credentials, ID numbers, patient information, Social Security numbers, and other personal information.
9. Slickwraps “Comically Bad” Breach
Slickwraps is quite popular among tech enthusiasts and people who love to design custom skins for their electronic gadgets. The company was in early 2020 warned of a vulnerability by someone who claimed to be a “white hat hacker”. They ignored this and eventually another hacker chose to exploit their vulnerabilities. This hacker then went on to send emails linking to a Medium blog post that Slickwraps had written on their experience with the first hacker. Data breaches are not funny, but this one is pretty comical, to say the least.
10. SBA’s Disrupted Activities
As part of the efforts to help businesses get through the pandemic, the US Small Business Administration (SBA) announced that it would be offering emergency business loans. As expected, lots of businesses applied for the loans but out of the total, nearly 8,000 of those that applied were affected by a data breach. As it turns out, the portal through which the applicants sought out the loan may have exposed their names, Social Security numbers, physical and email addresses, dates of birth, citizen status, and insurance information.
Summary
Cybersecurity has gotten much better over the years but cybercriminals are also always finding ways to take advantage of various vulnerabilities. By looking into some of these breaches, we not only get to understand how they happened but also how we can prevent them from playing out in the same manner again.