2019 is only seven months old, and billions of people have already suffered from data breaches this year. The US remains the most popular target country for data breaches and hacks, but they’ve been happening all over the world.
It’s safe to assume that if you are online, your data has already been leaked in one way or another. This may include your phone number, usernames and password combination, photos, addresses, and even your medical records. The important thing is to stay aware and to secure yourself when a breach does happen.
1. Collections #1-5 (approx. 3 billion accounts)
Collections #1-5 was a megaleak containing around 3 billion users’ records. Cybersecurity researcher Troy Hunt discovered links to all these databases being shared on a hacking forum. This is the biggest selection of compromised data ever, collected over time from several other breaches.
2. Cloud service leak (2.3 billion files)
At the end of May, researchers from the Photon Research Team at Digital Shadows discovered that 2.3 billion files were accessible online due to configuration errors. The data was public across data-sharing and cloud services, online storage services, and companies’ servers. These files included medical scans, credit card details, payroll files, intellectual property patents, and at least 11 million photographs, many of which were considered private images. They went public on a Japanese photo-sharing platform called Theta360. Fortunately, the company reacted quickly and sealed the leak over the next 24 hours.
3. Facebook, WhatsApp, and Instagram (2.1 billion users)
This list would not be complete without Facebook and its companies. They are responsible for a whopping 2.1 billion users’ data getting breached or leaked.
4. Internet of Things: Orvibo (2 billion records)
The most recent breach on the list happened at the beginning of July. Noam Rotem and Ran Locar, researchers from vpnMentor, discovered that a user database belonging to a Chinese company called Orvibo was left openly accessible online. Orbivo runs an Internet of Things management platform. Its database contained over 2 billion logs, including, among other things, users’ passwords, email addresses, geolocation details, and, most disturbingly, reset codes. They could be used to reset passwords and email addresses – leaving the users locked out of their accounts forever.
A hacker called Gnosticplayers has been putting batches of hacked data on a darknet website called Dream Market since mid-February. He stole 1.071 billion credentials from 45 companies by the end of May, a goal he was aiming for.
The hacker requested varying sums of bitcoin in exchange for the stolen info and promoted the data in the mass media. He claimed that his two main goals are money and the “downfall of American pigs.”.
Gnosticplayers released the stolen information in six rounds, which varied in size and price. It contained data from various apps and companies and included users’ full names, email addresses, passwords, location data, social media pages, etc. Some of the affected companies paid fees so that their information would not be released.
One of the largest Australian tech companies, Canva, was affected the most. The company did spot the hacker and managed to close their database server, but not before he stole 139 million users’ data – login information, real names, addresses, etc. 61 million of the passwords were hashed with the bcrypt algorithm, one of the most secure algorithms today. The remaining 78 million accounts used Google tokens, which let users sign up for the service without a password.
Why did he do it? According to the hacker himself, sometimes he put the data for sale just because the companies didn’t encrypt their users’ passwords. “I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry,” the hacker told ZDNet.
“I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry”
It was a difficult half-year for medical and financial institutions as well. A lot of security incidents were relatively small, but the overall number raises concerns.
Unfortunately, a lot of financial institutions also suffered from similar attacks.
These breaches and leaks are more dangerous than they might seem at first. The frequent cyber-attacks could be numbing the public to the privacy risks they represent. This may lead to a careless attitude towards their own safety.
Billions of people were affected only this year. It’s evident that internet users can’t trust companies and even government agencies to keep their data safe. Therefore, they must take cybersecurity into their own hands.