Worst Hacks of 2018

So, you have arrived at this article because you want to discover the worst hacks of 2018. 2019 has so much in store and it is very important to know where we came from to know where we are going, and most importantly to know how to avoid unwarranted online intrusions against our computer systems. With the development of the internet, people are using computers more, and obviously there will be criminal hackers who try to take advantage of those unprotected online systems.

The world is privy to hacking. That is just the way it is. The right hack could change the social climate of a country, the mindset of a culture, the lifestyle of the people, or even the political scale vastly. Unseen flaws in the system allow these things to happen.

Corporate security is getting beefed up because of these unwarranted intrusions so customers and businesses are protected from the negative effects of cyber-attacks. However, sometimes a cyber-attack is needed to find loopholes in the system for thousands of companies. As the internet becomes complexly vast and these data breaches are becoming more commonplace every year, luckily there are security measures getting bolder and stronger. Some government agencies are even employing former black hackers (unethical) who turned into white hat hackers (ethical) to combat these intrusions.

According to Healthcare IT News, in 2018 there were 3,676 breaches that disclosed 3.6 billion records. A considerable increase compared to 2017. This hacking problem is so big that a new study conducted by Shape Security shows that more than 90% of login attempts come from hackers who have stolen data.

Marriott Data Breach

Marriott is a very popular hotel brand that has luxury properties spanning across the globe. Customers book reservations by the millions and typically enjoy their stay at the properties. Life changed for many of those customers who booked reservations at a Marriott-based hotel between 2016 and 2018. The hotel group announced that all the travelers who have made reservations at their infamous Starwood hotels might have had their data compromised. The intrusion was unknown for 2 whole years, originating during a time when Marriott acquired the Starwood hotel brand, and officially discovered in 2018 leading many data breach experts asking how can such a complex hack go unnoticed for so long? It took another two months for the company to officially measure the scale of damage done by the breach. Many suspect that Chinese hackers were behind the breach, but that information has not yet been confirmed. When the full extent of the breach was understood, Marriott determined there was an estimated that 170 million customers who had their names, email addresses, and home addresses stolen. Furthermore, a whopping 327 million people were put at a much bigger risk with other sensitive information exposed that included reservation information, DOBs, genders, and ID and passport numbers. This is one of the largest data breaches in history.

British Airways

British Airways is one of the largest airlines in the United Kingdom serving almost 50 million passengers every year with that number increasing. Between April and July of 2018 for approximately 15 days, there was a mega data security breach that leaked 380,000 booking transactions. The information comprised consisted of email addresses, billing addresses, and payment information, ranging from expiration dates, CVV codes, and credit card numbers. Although it is unclear how the hack was carried out, there are a few companies, such as RiskIQ, that suspect malicious Javascript codes were planted in the payment page and passed off to the hackers.

Jason’s Deli

Jason’s Deli is a family-owned restaurant with approximately 275 restaurants in 28 states. On January 11th, 2018, hackers were able to install RAM-scraping malware on the credit card processing devices that would swipe information from the card’s strip at the point of sale. This happened to 2 million customers at 164 restaurants across 14 states. The information included card numbers, names, expiration dates, and CVV codes that would get transferred to the criminals to be sold on the dark web.

Panera Bread

Panera Bread is a bakery cafe based in St. Louis. In April, 2018, 37 million customers information were comprised. Anyone who had placed an order online had their home addresses, phone numbers, DOBs, emails, dietary preferences, and the last four digits of their card numbers exposed. The company found out about the vulnerability as early as August, 2017, but did nothing about the potential threat because they claimed it was a scam. Panera Bread knew it was real after doing some investigation and realizing there was a breach.

Suntrust Bank

Suntrust Bank experienced a data breach in April, 2018 that exposed the information of 1.5 million customers. A former employee is responsible for this data breach that contained phone numbers, home addresses, names, and account information. However, driver license numbers, passwords, pins, social security numbers, and ID information were not compromised. Many believe the person was going to share the information with a criminal organization. Now the company has offered free identity protection for all of its customers in the wake of this disaster.

Exactis

Exactis LLC is a marketing compiler and data aggregation firm. Essentially, it is a “data warehouse” that gets information from the use of cookies and send updates monthly about what it finds on each user. Every time a person visits a website that information is stored, collected, and sent to third-parties sometimes. This is why some websites always ask if it is ok for them to store or use cookies upon entering. Exactis possesses information about approximately 3.5 billion customers. It made the news recently because of a cyber data breach that has affected those people – totaling more than twice as much as the 2017 Equifax hack, which affected 145. 5 million, and a bit more than the infamous Yahoo hack of 2013 that exposed non-financial information about 3 billion people. The information stored in the Exactis system was in an unprotected database that could be accessed on a public server. However, thanks to security researcher Vinny Troia the flaw was discovered. The damage spanned across 230 million records of consumer information and 110 million business contacts that were stored on 2 terabytes of data. The information included 400 variables that included the person’s email address, age, religious preference, smoking habits, home address, phone numbers, and a number of children and their genders. Surprisingly, this company only has 10 employees, so it makes one wonder. As a result of the hack, there were class action lawsuits filed against the company. It is definitely, without a shadow of doubt, one of the largest data breach in history.

Facebook

Facebook is one of the oldest and most popular social media sites in the world. Owned by Mark Zuckerberg, on March 17th, 2018, the landscaped changed. Headlines were littered with information about a hack that has affected at least 87 million people (reported; some people expect there were more). The culprit behind this hack was Cambridge Analytica that was able to collect more than 50 million Facebook user’s information and improperly share it with the political consultancy related to the Donald Trump’s presidential campaign. Many suspect this is what got him elected. Moreover, some “user authorization tokens” was exposed to the same company. Facebook CEO, Mark Zuckerberg, had to testify in front of members of Congress because of this scandal. In fact, things became worse on June 27th when another app called Nametests had publicly exposed the information about over 120 million people.

Ticketmaster

Ticketmaster is a firm that sells tickets to events. It is a household name that has been in the industry for a long time. Between February and June, there was a security breach of the web domain that exposed the information of about 40,000 people. While this might seem like a low number compared to some hacks, the reason it is so prominent is because of the type of information that was stolen. The Ticketmaster hack revealed payment information, phone numbers, addresses, and other damaging information about the victims. There was also a credit card skimming malware implanted in the domain to get the payment information for the hackers to use. Moreover, the data breach was spotted by Monzo, which is a digital bank that presented this information to Ticketmaster. So, if it was not for them, Ticketmaster might have been left in the dark for a long time about this situation.

Ticketfly

Ticketfly is a ticket event distribution company that was purchased by Eventbrite in 2017. In June, 2018, the website was pulled offline because of a “malicious cyber attack.” The perpetrators held it for ransom for about a week. If Ticketfly did not pay, the information of 27 million customers would be exposed. The hackers had customer account information that included home addresses, phone numbers, and names. Luckily, credit card numbers were not exposed. The hacker’s information was circulated on social media going by the handle IsHaKdZ. When the person hacked the website they put an image of the character from “V is from Vendetta” on the homepage. During the hack, Ticketfly suggested that customers had to get their tickets from the box office or at the door of the event.

MyFitnessPal (UnderArmour)

Under Armour is a sports retailer that sells shoes and clothes. In early 2018, the company decided to create a new fitness app called MyFitnessPal that became very popular. People could use it to track diet and exercise routines. However, on February 150 million customers’ information was exposed. Passwords (although they were even encrypted), usernames, and email addresses were stolen. Luckily, payment information, social security numbers, and driver license numbers were not compromised. Under Armour suggested that everyone who signed up for the app should change their passwords ASAP.

MyHeritage

MyHeritage is a DNA testing genealogy platform that specializes in helping customers find information about their family tree. However, the company had a security breach between February and June in 2018 where the data of 92 million people were affected. This information was discovered by a Chief Information Security Officer that managed to find the information stored on a private server that was simply labeled “MyHeritage.” One silver lining is that no DNA or family information was made public; however, emails and passwords were. The crazy thing about this breach is that the website was able to see that the information was sent to a third-party security researcher that contacted the Chief Information Security Officer letting them know what had happened. This situation hits too close to home because the hack could have possibly revealed DNA and family tree information of the victims.

Aadhaar

Let’s go to India for a minute. Aadhaar keeps track of every India citizen with a 12-digit identification number. This government entity experienced a hack at the beginning of the year on January, 3rd – also known as the worst security breach in 2018. There were approximately 1.1 billion numbers compromised during this breach. The private information ranged from email addresses, phone numbers, ID card photos, home addresses, and names exposed to anyone willing to pay a small price. What is interesting is that the UIDAI (Aadhaar) stated that “Aadhaar data is fully safe and secure” and continued talking about how there were no breaches. This all changed when individuals exposed the information to anyone willing to pay. You would not believe who was behind the breach – former employees! That’s right. In fact,  the India Tribune was able to purchase a view of the information for only 500 rupees from anonymous sellers. The perpetrators created a “gateway” with a login name and password and viola; the information was there for the taking.

Hacking is a new phenomenon and many companies and individuals have not fully grasped what this deviant behavior can do to their computer systems. Examples are popping up every single day around the world, and every year hacking attempts are reaching further and wider, ultimately getting worse. And that is why companies are taking large leaps to get these unwarranted intrusions and data breaches under control.