In the unpredictable situation of COVID-19, organizations and businesses are among the most affected sectors that have faced unimaginable decisions. The pandemic condition has caused organizations and businesses to make transitions in their working formats by adopting remote working, using digital tools. Sources indicate that 94% of enterprises already use a cloud service, and 83% of enterprise workloads will be in the cloud by 2020.
The number of data breaches has increased dramatically as organizations have shifted their business to remote operations due to the COVID-19 pandemic. In the first half itself, data breaches have been reported in 81 global companies from 81 countries!
Below, we addressed the ten biggest data breaches, which made headlines in 2020.
# 1: Twitter Hack – July 2020
The whole internet world was shocked when Twitter was hit by one of the most brazen online attacks in history! The social media site was breached when hackers verified Twitter accounts of influential US personalities such as Barack Obama, Elon Musk, Joseph R. Biden Jr., Bill Gates, and many others.
Hackers were able to re-set 45 user accounts’ passwords from the 130 targeted accounts. Hackers posted fake tweets on those accounts offering to send $2000 to an anonymous Bitcoin address for $1000. Reportedly, the Twitter breach well-coordinated scam made attackers swindle $121,000 in Bitcoin in almost 300 transactions.
According to Twitter Support, “the attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”
#2: Marriott Data Breach – March 2020
On the 31st of March 2020, the Marriott chain revealed a security violation that impacted the data of over 5.2 million hotel guests who used their company’s loyalty application. The data accessed in the breach involved personal details such as names, birthdates, telephone numbers, travel information, and loyalty program information.
According to the Marriot, hackers could have obtained credentials from their employees either through credential stuffing or phishing. Previously in late 2018, the hotel giant announced a data breach in which up to 500 million guests were affected!
#3: MGM Data Dump – February 2020
MGM Resorts suffered a massive data breach last year in 2019. In February 2020, the incident’s news began to circulate when hackers leaked 10.6 million hotel customers’ personal information for free download. However, the latter figures show 14 times the number recorded in February 2020 (nearly 142 million).
Personal information on the hacking forum included guests’ names, home addresses, phone numbers, emails, and DOB was published on the hacking forum. The guests’ leaked files included Justin Bieber, Twitter CEO Jack Dorsey, and many major government agency officials.
However, a spokesperson from MGM Resorts confirmed that impacted guests were notified about the data breach. Also, it said, “We are confident that no financial, payment card or password data was involved in this matter.”
#4: Zoom Credentials Up for Sale – April 2020
Due to the COVID-19 pandemic, work from home protocol was adopted by numerous organizations around the globe. Given the situation, the Zoom video conferencing application became the most used virtual meeting application and became popular among cybercriminals.
In a brief amount of time, the application became vulnerable to numerous security attacks and became a target of the data breach. In the first week of April 2020, the news of “500,000 stolen Zoom passwords available for sale in dark web crime forums” shook the application users.
About half a million Zoom account login credentials were registered for sale, and some credentials were issued free of charge. In fact, some of the login credentials were sold for less than a US cent each!
In addition to account login information, personal URLs for victims and HostKeys were also available. The specifics of these leaked accounts belonged to financial institutions, banks, colleges, and different organizations.
#5: Magellan Health – April 2020
A malware attack and data breach in April 2020 hit one of the Fortune 500 companies, Magellan Health. In the sophisticated cyberattack, the health giant reported that about 365,000 patients were affected.
According to the investigation, a fully planned process was undertaken to the extent that hackers first install malware to steal employees’ login credentials. Then they used a phishing scheme to access the Magellan system after sending out a phishing email and impersonating their client before deploying a ransomware attack.
Data hackers could steal workers’ login credentials, personnel data, employee ID numbers, sensitive patient details such as W-2, social security numbers, or taxpayer ID numbers.
#6: Nintendo Data Breach – April 2020
Nintendo, the Japanese video gaming giant, reported in April this year that 300,000 Nintendo Network ID accounts were hacked by using unauthorized logins. According to reports, the additional Nintendo Network ID (NNID) accounts that were compromised had their passwords changed, and the relevant users were directly contacted.
#7: BigBasket User Data Breach – October 2020
BigBasket, a popular online grocery store in India, suffered a massive data breach in October that exposed 20 million users’ data. According to reports, the breach happened on 14 October and was made public on 7 November when users’ personal information, including full names, email addresses, date of birth, user device IP addresses have been compromised and set at $40,000 on the dark Web.
#8: Unacademy Data Breach – January 2020
Unacademy, one of the prominent online educational platforms in Bengaluru, experienced a data breach in January this year. Over 20 million user identities, including usernames, SHA-256 hashed passwords, date joined, last login date, email addresses, first and last names, and whether the account is active, a staff member, or a superuser, were exposed to the breach and sold on Dark Web.
According to sources, the major data breach was exposed by US-based cybersecurity firm Cybele. The exposed database also has numerous accounts using corporate emails, including that of Wipro, Infosys, Cognizant, Google, and Facebook.
#9: Easyjet Data Breach – May 2020
The British low-cost airline group EasyJet experienced a large-scale data breach on May 19 this year, exposing data of nine million customers. According to reports, the data contained email addresses, travel information, and in some cases, payment card information. EasyJet also reported that 2,208 travelers’ credit card details were revealed.
#10: Sina Weibo Data Breach – March 2020
In March, the Chinese Weibo social network experienced a huge breach of data containing 538 million Weibo users’ information. Personal details, such as actual names, site usernames, gender, location, phone numbers, among others, are included in the data. According to reports, the hacker was selling the Weibo data for just ¥1,799 ($250).
These data breaches happened when no one has expected them at all. Even with organizations like MGM, Twitter, and Weibo, hackers got the vulnerabilities to get in and compromised millions of users’ data. These breaches have cost these companies million. If you want to keep yourself protected in 2021, don’t forget to adopt best practices that can protect your online privacy.