Since the COVID-19 pandemic has forced companies to move their business to remote operations, there has been a significant increase in the number of data breaches.
A recent Kaspersky report suggested that as many as 726 million reported cyber-attacks had occurred since the start of the year, putting 2020 on track to rack up somewhere in the region of 1.5 billion cyber-attacks per year.
Each of the data breaches in this article has something to teach companies and customers on how the most likely can exposure to confidential data is in 2020.
Cybercriminals are currently exploiting the COVID-19 pandemic problem to initiate extremely advanced cyber-attacks on any potential industry. During the first six months of 2020, different Fortune 500 businesses were the victim of major data breaches that hackers sold account credentials, sensitive data, confidential and financial records from cybercriminal platforms of these organizations.
Here are 7 major breaches that happened in 2020:
1 – Nintendo data breach
Nintendo revealed in April 2020 that it was attack by cybercriminals and 160,000 accounts have been compromised. Hackers had evidently used the stolen accounts to purchase valuable digital items.
Nintendo ended the tradition of allowing users to log in using their Nintendo Network ID (NNID) as a result of this attack. The company also suggested that users secure their data by using two-factor authentication mechanisms.
Nintendo is also the most recent victim of digital media targeting credential. In recent months Netflix, Spotify and Disney+ have all faced similar issues.
2 – Twitter spear phishing attack
On July 15, a Tweet was shared on a variety of high-profile pages, including Barack Obama, Joe Biden, Bill Gates and Elon Musk. “I’m giving back to the community. All bitcoin sent to the address below will be sent back doubled! If you send $1000, I will send back $2000. Only doing this for 30 minutes,” it reached more than 350 million people and resulted in the recovery of £86,800 in stolen ‘donations’ within hours.
According to the announcement made by Twitter, “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems”
While the attack targeted 130,000 public figures and profiles, the attackers made $121,000 bitcoin donations after the attack.
3 – Easy Jet data breach
EasyJet, a low-cost airline that is based in the UK recently reported that 9 million data records and as well as 2,200 credit card information of their customers were stolen by cybercriminals. Due to the strict GDPR rules in Europe, it’s only natural for a Company like EasyJet to get fined and to pay compensation to the affected customers.
EasyJet has not revealed any information as to how the databases had been hacked, except to say that the hacker appeared to be targeting the company’s intellectual property, as opposed to the personal data of its client.
Even though EasyJet reported the matter immediately to the information commissioner’s office and other regulatory authorities, critics claim that customers were only notified four months after the incident took place.
EasyJet could face penalties amounting to tens of millions of pounds due to the breach of the General Data Protection Regulation, so hard times await the EasyJet. In addition to this, last month the low-cost carrier unveiled plans to reduce up to 30% of its 15,000 employees as it became the latest airline to note that the aviation industry is facing a slow recovery from the collapse of the coronavirus pandemic.
4 – CAM4 data breach: 10.88 billion records
Nearly 11 billion records were exposed to recent CAM4 data leakage. A team of researchers uncovered the leak from CAM4, an adult entertainment platform. Details exposed in the CAM4 data leakage contained full names, email addresses and payment records. The database was subsequently taken down by the parent company Granity Entertainment after the CAM4 data exposure was discovered. However, the logs seem to have been released since 16 March.
The database also included information such as username, user messages, sexual preferences, gender identity, device details, IP addresses, email communications, and chat records between users and CAM4.
Cybercriminals can use this data to target emails to extort money or for spear-phishing attacks. This is a highly sensitive issue for adult sites as most members prefer to stay anonymous.
5 – Marriott data breach
The hotel chain Marriott announced a security breach on March 31, 2020, that impacted data from more than 5.2 million hotel guests who used the loyalty application of their company.
Cybercriminals stole login credentials of two Marriott employee accounts which had access to customer details about the Marriott’s loyalty application. A month before the breach was detected, they used the information to leak the data.
According to reports, the attacker has obtained a wide range of sensitive data, including contact numbers, personal details such as gender and birthday, and linked account data such as airline loyalty programs.
6 – Zoom credentials hack
In a world that is changing globally with COVID-19 pandemic, Zoom has increased in popularity with the move of both the education and the organizations to the home-office model.
The Zoom video conferencing software has become the most commonly used virtual meeting application and has also become popular with cybercriminals. In a short period of time, the software became vulnerable to multiple security threats and ultimately became a victim of a data breach. In the first week of April 2020, reports of more than 500.000 stolen Zoom passwords available for sale in dark web crime markets shook the users of the application.
Cybercriminals then sold login credentials to those accounts on the dark web, allowing pranksters and criminals to login and attend mid-stream meetings. They were also able to obtain personal details from Zoom participants, including email addresses and other contact details.
7 – Antheus Tecnologia biometric data breach
Security researchers have uncovered a massive data breach at the Brazilian company Antheus Tecnologia, which produces and sells biometric solutions both in Brazil and internationally.
The data was discovered on an unsecured server including 76,000 unique fingerprints, emails from company employees, telephone numbers and more. The server did not store direct fingerprint scans, but the binary code that hackers might use to recreate them, with potentially harmful results.
Antheus Tecnologia stated in response to the report that the exposed fingerprints are public. However, they claimed that the captured data had been hashed, but that was not the case.