Ah, data breaches. The stuff of internet nightmare. In recent years, we’ve seen more and more of them — to the point where it seems like wherever you store your data, most of it is just breach-material that hasn’t been breached yet. However, weird as it may sound, 2020 actually saw a lot fewer publicly reported data breaches than in years past. That’s a nice silver lining for a year where pretty much everything else seemed to go wrong. That said, there were still some wild ones. And the ones that did happen were, on average, much bigger than ever before — meaning that the rate of exposed records actually went up. Take a look at a few of last year’s most memorable data compromise incidents. Some are big, others are small. All of them were a serious pain.
Twitter Gets Phished
Several hackers massively irked Jack Dorsey last year when they wormed their way into Twitter and hijacked high profile accounts to steal Bitcoin. Users first noticed something odd was going on when Elon Musk started babbling about “feeling generous” — a definite red flag. “I’m feeling generous because of COVID-19,” his account chirped. “I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” Other compromised accounts included the likes of Barack Obama and Joe Biden, Kanye West and Kim Kardashian, Jeff Bezos, and others. The suspected hackers reportedly made $US121,000 ($158,341) in Bitcoin before ultimately being arrested.
Infamous Security Firm Sucks at Security
Clearview AI, everybody’s favourite dystopian surveillance firm, is best known for its unsettling facial recognition technology and its partnerships with law enforcement agencies the world over. Yet the company had its own privacy invaded last February when a pretty catastrophic cyberattack saw hackers steal the company’s “entire list of customers, the number of searches those customers have made and how many accounts each customer had set up.” The culprit has not been identified and it’s unclear what happened to the firm’s data. While the company’s large collection of facial signatures was not compromised, it’s perhaps not comforting that a company that purports to have “billions” of pictures of our faces can’t keep hackers out of its system.
The Social Media Trifecta
Instagram, TikTok, and Youtube all suffered simultaneous breaches last year when the data of some 235 million social media users was left publicly accessible on a server. That server, which was “neither password-protected nor had any authentication methods” was owned by Social Data, a third-party company that sells social media data to marketers. Exposed user information included names, ages, and other account details.
Hollywood Gets Hacked
We all learned way too much about America’s beautiful people last summer when a New York law firm hired to represent most of them was hacked. Grubman Shire Meiselas & Sacks, which represents entertainment and media figures, suffered a ransomware attack in May — apparently at the hands of the REvil ransomware cybercrime group. As proof that they weren’t messing around, the hackers quickly leaked a tranche of legal documents associated with Lady Gaga and also claimed to “have dirt” on Donald Trump. They then sought to extort the company for upwards of $US40 ($52) million, though the firm refused to pay them.
The Pfizer Fiasco
Amidst the global Covid 19 pandemic, hackers found ways to perpetually disrupt medical research and slow government responses to the crisis. Case in point, late last year hackers targeted the European Medicines Agency (EMA), the EU’s agency that supervises and evaluates medical products. The threat actor was ultimately able to steal documents from Pfizer Inc. and BioNTech SE submitted during regulatory review of its Covid-19 vaccine. The hackers then leaked the documents all over the internet, causing a huge headache for governments and pharmaceutical companies alike.
Blackbaud
A Cloud vendor that specialises in data storage for a variety of entities, including non-profits as well as educational and healthcare organisations, Blackbaud suffered a catastrophic ransomware attack last year in which the unencrypted data on millions of customers was compromised. Hackers had access to social security numbers, bank account information, and other sensitive data in some cases. Blackbaud was inevitably sued.
Prison Breach
In March of last year, the U.S. Marshals Service sent out a notification announcing that it had suffered a cyberattack several months previous. As a result, personal data on some 387,000 current and former prisoners had potentially been compromised, it reported. Such data potentially included “names, dates of birth, social security numbers, and home addresses,” ZDNet said.
BlueLeaks
State, local, and federal law enforcement agencies from around the country had their dirty laundry aired in public last summer when the Anonymous hacker collective collated a thick dossier of their stolen data and shared it with activist group Distributed Denial of Secrets. The data dump, which DDoS posted on a website for all to see, included previously undisclosed internal documents sourced from, among other places, intel-sharing fusion centres and state and local police departments. The data dump occurred amidst national civil unrest over the brutal police killing of George Floyd, further exacerbating the turmoil between police and protesters.
Whisper Shares Your Secrets With the Web
An app designed to “share secrets” ironically ended up sharing too much about its users last March. Dubbed the “safest place on Earth,” the Whisper app was originally launched in 2012 as an “anonymous” social media platform where users could safely share personal information without exposing their identities. Yet the company left 900 million users’ private messages — as well as their geographic locations — exposed to the internet until the Washington Post called them and told them about it.
The MGM Hack
In February, MGM Resorts International reported that it had suffered a cyberattack the previous year and that some guest information had been exposed. The initial number that the casino and hotels chain gave for compromised accounts was 10.6 million people, but ZDNet would later report that the breach appeared to be much more extensive: by July, it appeared that data on some 142 million guests was being sold on the dark web. The data included that of famous celebrities like Justin Bieber and Twitter’s Jack Dorsey, among others.