6 largest data breaches in 2018
Our expert's opinion
"'If you are not paying for the services you have, you are the product.'
We allow to many applications and websites to access our data and don’t pay enough attention as we should. Their access to our data has way more impact than we can think of, going from product ads we looked for that pop-up in our newsfeed later on to the biggest data breaches that happened in 2018. This problem doesn’t spare anyone, even the biggest companies are victims of breaches."
- Yasmina Belataris, Associate Consultant
Biggest cyber security breaches 2018
Here is the list of biggest Cyber Security Breaches we saw in the year 2018.
With every app, website and social networking site asking us to “Allow” them the access to your phone, contacts, online clouds and whatever you may think of. The allowing game is more than what we bother to pay attention to. I saw a quote floating on my news-feed saying “if you are not paying for the services you have, you are the product”. It took me hours to digest and brainstorm all the research I had to do after reading this. All the social networking sites we use, the apps, everywhere where we give consent to access our information is making our profiles in their respective directories.
Seeing the ad in your news-feed of something you only clicked to check out the product or by mistake is not anymore a mystery. AI is taking notes of your online behaviour, disliking, inclinations, choices and a very close idea of how you actually think. This fact may sound basic to most of us, but, the news about data breaches may not.
Here is the list of biggest Cyber Security Breaches we saw in the year 2018:
Facebook admitted that around 50 million users were compromised by the security breach. As per Facebook CEO, the company has not seen the accounts getting compromised nor found any inappropriate activity. Later, Zuckerberg confirmed that the attackers used Facebook developer APIs for getting information. The information was comprised of names, genders, localities which were linked with any user’s profile page.
Facebook users even had concerns about their private messages getting accessed and their credit or debit information could have been breached, too. These claims are still not confirmed through any credible source.
The loophole got identified in the “View As” button which lets the users visit their profile as someone from their friends or Public audience. This tool allowed the hackers to get Facebook access for taking over more than 50 million profiles. Facebook responded to it by making “View As” button unavailable for users. This breach affected Facebook founder Mark Zuckerberg, Sheryl Sandberg, its chief operating officer, and its European vice-president, Nicola Mendelsohn and thousands of Facebook users in the UK. The culprits are still unidentified.
The most common sign for data access verified the rumour when users Facebook accounts logged out. Around 90 million users faced the logging out on their laptops, phones, tablets which also counts Facebook Messenger. Facebook is still unsure when exactly this happened but the spots are found on the site somewhere in July 2017 and it was identified on 16th of September 2018.
There was another bigger concern for WhatsApp and Instagram accounts since they are owned by Facebook and most of these accounts are interlinked either through contact numbers or manual set-up. Facebook is uncertain either Instagram accounts are affected or not. Although, to keep the data safe and secure, it was advised to the customers to re-link Facebook and Instagram after logging it out once. Contrary to it, they confirmed that WhatsApp users are safe.
The breach cost on Facebook is still not disclosed but the stock did tumble massively. The company faced 4 per cent of its global annual revenue from the previous year which roughly makes $1.63 million or £1.25 billion.
Football Leaks organisation leaked around 3.4 terabytes of data and 70 million documents which possessed a good number of corruption allegations. They got leaked to a newspaper in German magazine Der Spiegel. These 3.4 terabytes breach managed to overshadow the 2.6 terabyte Panama Papers, which is known as “the biggest whistle-blower leak in history” and the biggest mystery revealed and ever reported by investigative journalists.
Der Spiegel claimed that they acquired the information from whistle-blower whose name was “John” to bring corruptions in sports world into light. John told Spiegel that no hacker was engaged in this activity and many sources shared this information with him -not a single person. The attack took place a few months later when the Russian hacking group opened another internal Pandora box from FIA which had detailed reports of unsuccessful drug tests by footballers.
At the beginning of 2018, Google identified a vulnerability in an API. It noticed an API for Google’s social networking effort Google+ gave third-party app developers the access to data from the friends of the app users.
As per the documents reviewed by The Wall Street Journal, Google not only compromised this data but kept it a secret due to the fear of reputational damage. So, as a response to the situation, the parent company of Google+ called Alphabet has decided and announced that it will shut down Google+ entirely for the good of everyone.
The investigators have found out that a bug within the website was sharing the access to the accounts and data from Google+ profile between 2015 till March 2018 until it got fixed. The management of Google was naturally afraid of defamation. Hence disclosing the potential breach was not appropriate at any point. Even though, there were comparisons with Facebook in terms of legal penalties and how Google+ would have gained all the attention for all the right reasons for which it might have to pay. The repercussions were too high that temporary public attention looked an understatement.
Even though, Uber had already faced allegations and was infamous for compromising user data back in 2016. They even paid £133m to settle the legal penalisation owing to the cyber-attack which happened to expose 57 million customers and driver data. Uber, the ride-hailing company, also tried to keep it concealed, however, following the numerous allegations from the public, they did make that public in a smart manner though. In November 2017, they released the information saying that Uber paid $100,000 (£761, 71) to hackers for deleting the acquired data from their systems.
This year, British Airways also had to face the cybersecurity breach which affected around 380,000 transactions. This catered the stolen personal and financial data, nevertheless, the passport and flight details were safe. The data remained unsafe and insecure for 2 weeks during the period of 21st August to 5th September when the company’s website and apps were under a “sophisticated” attack.
Alex Cruz, CEO of BA apologised in the BBC's Today programme saying “We're extremely sorry that it is causing concern to some of our customers, predominantly the ones who that made transactions over BA.com and app”.
Currently, Rufus Grig, CTO at Maintel, is investigating the case and it is predicted that they might have to pay fines for compensating the data loss and insecurity. Customers are also suggested to check with their bank and credit card provider for comprehending how to cope up with the data breach.
Around 2 million T-Mobile customers who were based in the US had their account details breached in which their names, email IDs, account numbers, billing details and encrypted passwords. Their UK based acquired remained unaffected though, as per their statement to The Registrar.
T-Mobile announced it saying “unauthorised capture of some information” Later, motherboard confirmed the rumour that encrypted passwords were also under attack. Apparently, the servers were breached via an API as per a group called “international”.
The company claimed that no financial information or social security numbers were compromised and they kept their customers informed as well who were under suspicion.
The bottom-line is:
Every problem comes with a solution and we can always stay updated of the latest updates. Having a reliable internet connection will allow you to keep your apps updated which will save you from potential threats. Since all the latest application updates have strict and improved security systems. Also, staying in touch with news can also keep you aware about what is happening in terms of security breaches, so you can keep a check on your security settings and everything that needs special attention. My choice for such crucial responsibilities is always cox communications, I will recommend the same to anybody who is not sure and is taking internet connection not too seriously.
Other insights in ICT & Digital
Read our insight
COVID19 and IT: tracing apps and the risk privacy violations
Our expert's opinion
Read our insight
Our expert's opinion