Reymart Sarigumba, Negosentro | The year 2017 has been a tough year for cybersecurity. From exposing sensitive personal information of millions of users to stealing a treasure trove of financial data, cyber attacks this year could be equally worse or even much worse than last year’s privacy and security breaches.
Now that we’re nearing the end of 2017, it’s time to recap the most shocking hacks of the year.
In December 2016, ESEA (E-Sports Entertainment Association), one of the biggest video gaming communities, posted a message on their Twitter profile, issuing a warning to players after they discovered a breach. At that time, they were unable to figure out what information was stolen and how many people were hit by the breach. But in January 2017, LeakedSource, a website that hosts a database of hacked user profiles, confirmed that over 1.5 million ESEA user accounts were leaked. Among the private information exposed include usernames, first and last names, email addresses, dates of birth, phone numbers, XBOX IDs, and Steam IDs.
FunPlus, the company that is popular for creating free-to-play mobile games such as “Family Farm Seaside”, was hacked in February 2017, compromising the account information of over 3 million users. User information such as email addresses, usernames, and game progression data were stolen, as well as the company’s product source code. But what’s interesting about this cyber attack is that the hacker reportedly talked to Motherboard, an online tech magazine affiliated with VICE Media, revealing that he is disclosing everything so that the mobile game company’s investors will see what a joke their security is.
Dun & Bradstreet
Financial and business institutions like Dun & Bradstreet are typically the targets of cybercrime. The risk and finance company’s 52 GB database was stolen in March 2017, which contains sensitive information of more than 33 million people including full names and contact numbers. The people affected by the breach were employees from thousands of government agencies in the US like the Department of Defense and corporations such as AT&T and Dell. With such a large number of personal data compromised, it equates to a significant financial loss to Dun & Bradstreet.
Another gaming company struck by data breach is Reality Squared Games (R2Games). In April 2017, over a million user accounts were exposed and compromised from the gaming company’s online servers. This is not the first time that the company was hit by data breach; in fact, this is the second time in two years that the personal information of its users has been compromised. The hacked data included passwords, usernames, email addresses, and even personal information, such as Facebook related details and birthdays.
The WannaCry Ransomware crypto worm shook the world in May 2017 when it infected over 200,000 computers running the Microsoft Windows OS in more than 150 countries. Although this cyber attack is not a data breach, no “worst hacks list” in 2017 would be complete without it. The ransomware spreads as unsuspecting computer users click on unsolicited emails. After clicking them, the ransomware will hold the users’ computers hostage which they can regain control only if they pay the ransom, thus the name “ransomware”.
The popular internet radio service provider and social network, 8tracks, suffered a data breach which exposed 18 million user accounts. The compromised data included email addresses, passwords, and usernames. However, the owner of the internet radio service confirmed that the only accounts compromised were those that were verified through the popular code hosting platform, Github. On the other hand, accounts authenticated through Facebook or Google were not affected by the breach.
The Equifax breach is one of the biggest cyber attacks this year in which the personal and financial information of 143 million American customers of the credit reporting agency was compromised. The hack began sometime between May and June 2017 and was revealed later in July. The hackers involved in the breach accessed sensitive personal information such as addresses, birth dates, and Social Security numbers.
In October 2017, a cybersecurity breach was reported in Malaysia, affecting the personal data of millions of Malaysians. The breach was discovered by lowyat.net, a Malaysian technology news site, revealing it had received a tip-off that someone was attempting to sell 46 million entries of personal data on their public forums. Contact numbers, full names, and sim card numbers are among the personal information on sale.
One of the world’s most popular image-sharing communities, Imgur, had a lot of things to be thankful for on Thanksgiving this year. Unfortunately, on the same day, it was contacted by a security research firm, revealing that sensitive data of 1.7 million user accounts were compromised in 2014. The hacked data comprised of passwords and email addresses, of which the former was encrypted by Imgur. That being said, the passwords are still at risk of being deciphered since they had been encoded using an obsolete encryption method.
Recently, the Canadian cloud-based bill payment platform, TIO Networks, was hit by a data breach, compromising the identities of over 1.6 million customers. The hacked data composed of passwords, usernames, bank account information, and payment card information. Paypal, who recently acquired the company, is currently offering credit monitoring services to those affected by the breach.
Data breaches are typically the result of a flaw somewhere in a company’s computer system. Even large companies with high-tech security environment are subject to cyber attacks due to weaknesses in their computer systems which are exploited by hackers. Although many companies and websites these days have already set up security measures to ward off threats, it’s still important that they invest time and resources to regularly evaluate their computer systems, as cybersecurity is constantly evolving.
Meanwhile, users have a vital role to play to protect themselves too, especially those who send their hard-earned money online. Remittance or money transfers can be vulnerable to hacks but they can be prevented fortunately by having some insight into online payment insecurities and doing the right procedures to secure an online transaction.