Cyber Watch: 5 Biggest Security Breaches and What can you learn from them

Security and data breaches have always been on the rise. Authorities and cyber security professionals have acknowledged the extent of these unending threats. As the years go by, this has become one of the significant concerns in any industry.

Security has now become a top priority for many businesses as security threats do not show any signs of slowing down. A lot of businesses of all sizes have taken actions to fight against these threats but some have been adamant about it.

Hopefully, you do not belong to this number of business owners who think their businesses are too small for cybercriminals to take notice. You might even be thinking that you have nothing to hide and you have nothing to lose. Whether you are the next target or not, you should always be vigilant to keep your data protected.

Though it is quite expected, attacks on big companies known around the world always surprise us. Here are five of the biggest security breaches and what we can learn from them.

Company: Yahoo

Before the internet blew out of proportion before Google became the number searched site and before social media became an integral part of almost everybody’s lives, there was Yahoo. Yahoo became a. household name for several years. Though it had experienced a lot of struggles as a company that eventually led to its demise, one of the most notable was how it experienced several security breaches that affected billions of its users’ accounts.

These attacks were so efficient that it took years for Yahoo, after its attack between 2013 – 2014, to announce what is now known to be the biggest security breach recorded in history. It was in 2014 when Yahoo first contacted the FBI and believed that there were only 26 accounts that were affected.

In August 2016 however, the company announced that there were about 500 million user accounts that had been affected when they were able to uncover the 2014 cyber-attack. Later on in December 2016, just a few months after its first announcement, Yahoo revealed that there was another hack that happened in 2013 that affected about 1 billion users’ accounts.

In another report made by the company in 2017, they stated that there it was around 3 billion users that were affected by all these attacks, making it the largest in history.

How did it happen?

It all started when a single Yahoo employee from the corporate office received a spear-phishing email, accidentally opened it, and clicked the link associated with the email. Once clicked, the malware was then installed in the company’s network. From then on, the hacker was able to gain access to the network and was able to create a backdoor to the server.

This allowed the hacker to have additional access to the internal control of the company and began mining and harvesting sensitive information. What made the attack more controversial was the involvement of Russian Intelligence Security Officers recruiting criminal hackers for hire.

Company: Equifax

One of the largest credit reporting companies in the United States, Equifax, announced in September 2017 that it had experienced a data breach that affected almost 143 million clients. The breach was discovered in July of the same year.

Among the personal information of its numerous clients that were stolen were names, addresses, birthdays, and sensitive data like social security numbers, credit card information, and driver’s license numbers.

How did it happen?

The attack happened because of an application vulnerability on the company’s website. It was later on admitted by the company’s ex-CEO that the entire security breach was neglect of one of their employees. Servers and routers failed to be routinely patched by the said employee therefore paving the way to the data breach.

Company: Marriott International and Starwood Hotels

Marriott International, a multinational company based in the United States that manages and franchises several hotel and lodging facilities around the globe, stated in 2018 that cybercriminals were able to infiltrate and steal their client’s data like names, contact information, passport, and travel information from about 500 million guests. The attack was pinned on a Chinese Intelligence Group that was trying to get information from US Citizens.

How did it happen?

In the 3rd quarter of 2016, Marriot International acquired the Starwood hotel chain for about $13.6 billion. Starwood’s valuable customer data and loyalty program were among the central reasons for the acquisition. Without the knowledge of Marriot International, they were able to acquire as well a data breach in the process that led to a tarnish in their global brand.

Company: Facebook

One of the most well-known sites nowadays, a social media powerhouse and considered the world’s biggest social network with over 2.23 billion active users, Facebook, has its fair share of data infiltration.

Facebook experienced a severe security and data breach in 2018  when a collection of a database containing around 419 million users’ sensitive information that included usernames, comments, phone numbers, and users’ unique IDs was compromised. The attack did not only affect a single country of origin of users but several which include US-based Facebook with 133 million records, the UK with 18 million records of users, and another from Vietnam with 50 million records.

How did it happen?

A Mexico-based company called Cultura Colecta was responsible for the biggest leak in the Facebook data breach. Around 149 gigabytes of Facebook user’s information was exposed while another third party app called At the Pool exposed database that includes sensitive data and unprotected Facebook passwords.

Company: eBay

eBay is an American e-commerce platform that is based in San Jose, California. It is a multinational e-commerce corporation that serves as an avenue for sellers and buyers to transact and trade business. In May 2014, the online auction site released a statement that it had undergone a cyberattack that compromised the names, addresses, birthdays, and even passwords of all its 145 million users.

How did it happen?

According to eBay, hackers got hold of the credentials of three corporate employees to access the network. The cybercriminals stayed in the company’s system for more than 200 days and had enough time to compromise all of its user’s data.

The real reason for how the hackers were able to get the employee’s credentials was not disclosed by the company however a lot of experts guessed that it was done through a phishing attack. Similar to how Yahoo was infiltrated, emails were probably sent to all of the three employees containing a link that can install malware once clicked.

Lessons we can learn from these attacks

These incidents may sound scary, especially with the gravity and effects of the security breaches that happened to these companies however, a lot of valuable lessons can be learned from this. These breaches may have happened to much more established names in the industry however, there is a lesson you can take away even as a small business owner.

With all its advances nowadays, there are a lot of people who may want to take advantage of it. As technology made communication seamless and brought up a connection to different kinds of people, its vulnerability has also increased. Train your employees to take precautionary measures when dealing with someone outside of your organization. Verify names, email addresses, and links associated with suspicious emails. Educate them on the latest trends in cybersecurity and teach them what can do they do themselves to prevent cyber-attacks.

Create a clear and concise policy IT security plan that everyone can understand and follow. It is even more beneficial if you would create a crisis response team in your organization. Keep also your devices secure. Install the latest cybersecurity software and let your IT secure it further by going through your policy. And lastly, get insured.

Security breaches can happen every day and you won’t know if you will be the next target. The more prepared you are, the better you will be able to dodge yourself away from those cyber criminals and be able to respond better if an incident occurs.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button