There are many security breaches and cyber attack happened this year, today we are listing top list of Biggest hacks in 2018.
Facebook – September 2018
Facebook announced, 50 million Facebook users data breached and additional 40 million users potentially affected.
Facebook yet to determine what data has compromised. There are 90 Million Facebook users who got automatically logged out.
Facebook security breach, the company official unveiled that an unknown hacker has exploited a Zero-day vulnerability in its social media platform.
Facebook vice president of product management Guy Rosen published a new blog post to share further details on the massive security breach, informing that the hackers stole data from those affected accounts, as follows:
- For about 15 million Facebook users, attackers accessed two sets of information: usernames and contact information including phone numbers, email addresses and other contact information depending on what users had on their profiles.
- For about 14 million Facebook users, attackers accessed an even wider part of their personal data, including the same two sets of information mentioned above, along with other details users had on their profiles, like gender, language, relationship status, religion, hometown, current city, birth-date, device types used to access.
- Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.
- A remaining 1 million Facebook users did not have any personal data accessed by the attackers.
Microsoft – August 2018
ZERO-DAY Vulnerability found in Microsoft Windows Leaked On Twitter. security researcher has published a Windows Zero-day vulnerability on Twitter, that allows an attacker to gain system privileges on an affected computer. After that Twitter removed the status and suspended the account. After that Microsoft had Patched the Vulnerability.
Quora – December 2018
Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users.
- Account information, such as names, email addresses, encrypted (hashed) passwords, and data imported from linked social networks like Facebook and Twitter when authorized by users.
- Public content and actions, like questions, answers, comments, and upvotes. Non-public content and actions, including answer requests, downvotes, direct and messages (note that a low percentage of Quora users have sent or received such messages).
Instagram – August/December 2018
Many of the Instagram users Email Address Changed and reportedly Instagram Hacked.
Instagram users suddenly log out of their accounts and when they try to log in, they find all the personal info has been changed. The hackers found Zero-Day Vulnerability, which might be possible to change the Instagram user profile. Instagram users have locked out, hackers changed their username and mobile phone and email address with a Russian domain.
In December 18, 2018. Twitter New Bug Leaked Users Phone Number Country Code.
Instagram said, there are unusual activity from China and Saudi Arabia on its platform, unknown hackers are trying to steal users data.
The requests targeted to the company’s support form, which users had been using to report their issues to Twitter staff. The cyber attackers found a bug in these forms that allowed them to find an Twitter account phone number country codes and even the details of Twitter locked accounts.
Airways Data Breach
Air Canada – August 2018
Air Canada had been confirmed a data breach on its mobile app and it has affected 20,000 users. There are 1.7 million users are connected to Air Canada app and it affected 1 percent or 20,000 profiles may potentially have been accessed.
The company said it had “detected unusual log-in behavior” on its mobile app between August 22 and 24, during which the personal information for some of its customers “may potentially have been improperly accessed.”
The exposed information contains basic information such as customers’ names, email addresses, phone numbers, and other information they have added to their profiles.
British Airways – September 2018
In a statement released by British Airways, customers booking flights on its website (ba.com) and British Airways mobile app between late 21 August and 5 September were compromised.
In a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks.
Twitter – May/December 2018
On December 2018 Twitter get State Sponsored Attack
“During our investigation, we noticed some unusual activity involving the affected customer support form API. Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia,” Twitter says in a post about the incident.
“While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.”
On May 2018 – Twitter said to change your Password.
Twitter note in the statement,
About The Bug, we mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.
Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.
Equifax – September 2018
Equifax has suffered one of the largest data breaches in history that has left highly sensitive data of as many as 143 million people—that’s nearly half of the US population—in the hands of hackers.
Based on the company’s investigation, some unknown hackers managed to exploit a security flaw on the Equifax website and gained unauthorized access to certain files between mid-May and July 2017.
The information accessed primarily include full names, birth dates, Social Security numbers, addresses and, in some cases, driver’s license numbers—most of the information that’s banks, insurance companies, and other businesses use to confirm a consumer identity.
The company added that 209,000 credit card numbers were also obtained by the attackers, along with “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”
NASA Data breach- December 2018
NASA confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency’s servers was hacked.
In an internal memo sent to all employees, NASA said the unknown hackers managed to gain access to one of its servers storing the personally identifiable information (PII), including social security numbers, of current and former employees.
The agency said NASA discovered the breach on October 23 when its cybersecurity personnel began investigating a possible breach of two of its servers holding employee records
FIFA – November 2018
FIFA President Gianni Infantino given officially statement that, the World Football governing body’s computer systems suffered a data breach for the second time in this Year, 2018.
Both the Associations, Federation International the Football (FIFA) and Union of European Football (UEFA) having suffered data breach in Cyber Attack on its computer system.
The Cyber attackers might be have stolen sensitive data after compromising FIFA’s computer systems via Email trick campaign, which has targeted multiple Football Associations.
Google Plus – December 2018
Google Plus API BUG Exposing 52.5 Million Users and confirmed that the bug impacted their users in connection with a Google+ API.
With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age were granted permission to view profile information about that user even when set to not-public.
Google plus is going to complete shut down in August 2019.
Cosmos Bank Hacked – August 2018
Hackers Stole 94 Crore of INDIAN Rupees From Indian Cosmos Bank
Hackers attack on Cosmos Bank server in Pune, INDIA and allegedly transferred the money to outside the country bank accounts. According to the report, the server was hacked on 11 August and transact the money have been carried out in Hong Kong and INDIA.
The Bank officials have filed the complaint FIR (First Investigation Report) to cyber police for investigation.
CryptoCurrency Exchange Hacked – July 2018
Cryptocurrency Exchange Bancor Gets Hacked, 12.5 million worth Ethereum Stolen. In the statement, Bancor said, the compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH worth value $12.5 Million. Also, the same wallet stole NPXS and BNT worth value $1 Million and $10 Million respectively.
In the statement, Bancor said, the compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH worth value $12.5 Million. Also, the same wallet stole NPXS and BNT worth value $1 Million and $10 Million respectively.
Reddit – August 2018
- Reddit systems breached through SMS 2 Factor Authentication (FA)
- Hackers accessed Reddit source code, internal logs, storage systems.
Reddit recommends to change your password immediately.
- Reddit verified that a hacker broke their systems in June and accessed user E-mails, source code, the internal files and all Reddit data from 2007 and before.
That means the Hackers had taken Reddit backup database from 2007, if you were using Reddit during that time, then your account information has been compromised including your E-mail address, username and password. It is not clear that how many users were affected.
The logs from 3rd June to 17th June 2018 related “email digest” were exposed. Digests recommending to users on sub-Reddit they subscribe to. So the attacker would allow seeing the usernames, which connected to Subscribe email ID.
T-Mobile – August 2018
T-Mobile Hacked — 2 Million Customers’ Personal Data Stolen
A security breach on its US servers on August 20 that may have resulted in the leak of “some” personal information of up to 2 million T-Mobile customers.
The leaked information includes customers’ name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid).
T-Mobile security team discovered and shut down unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised.
However, you should know that some of your personal information may have been exposed, which may have included one or more of the following- name, billing zip code, phone number, email address, account number, account type (prepaid or postpaid), and/or date of birth.
Hotel Marriott – November 2018
Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests.
According to Marriott, “the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).” Attackers need two components to decrypt the payment card numbers, and “at this point, Marriott has not been able to rule out the possibility that both were taken.”
The stolen hotel database contains sensitive personal information of nearly 327 million guests, including their names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, genders, arrival and departure information, reservation date, and communication preferences.
HealthCare Departments – July 2018
Ransomware attack on Health Care Departments. On 19th July, Health Management Concepts (HMC) discovered that the attackers were “inadvertently provided” a file containing personal information, including names, Social Security numbers, and health insurance plan data, on IBU members. HMC explained that it provides chronic condition management to IBU (Inlandboatmen’s United of the Pacific National Benefit Funds).
HMC said that, it paid the attackers for the decryption key, which they provided. HMC decrypted the data without impact on the healthcare management services it provides to clients.