Wondering what the data breaching landscape looks like? What were the worst data breaches that took place in 2020? You have landed on the right page as this article enlists the biggest major data breaches.
Table of Contents
Some of the Biggest and Worst Breaches of 2020
The pandemic has shaken the whole world and has pushed the organizations to make transitions in their working format by adopting remote working and utilizing digital tools. This has created a one-in-a-million chance for the cybercriminals to hack and breach data.
The Risk Based Security report highlighted the 2020 Q3 Data Breach where it revealed that the number of records exposed increased to a tremendous 36 billion in 2020, marking it as a “worst year on record.”
The driving force behind the number of breaches includes malicious actors, misconfigured databases and services, and many others. Adobe, Canva, eBay, Equifax, Marriott International, MySpace, Yahoo are already the victims of the data breach in history.
In the next section, let’s explore some of the biggest data breaches that made headlines in 2020.
Want to become a Certified Cybersecurity professional? Enroll in one of the best Cybersecurity courses today!
Some of the Biggest and Worst Breaches of 2020
Although the list is long, here we are listing some of the major data breaches of 2020.
MGM Grand, one of the luxurious hotels suffered from a data breach in Feb 2020, where the data of around 10.6 million customers was compromised. Guest records were exposed, but the hotel assured that no financial or password data was exposed in the breach. Apart from these 10 million users, former hotel guests’ contact information, including Justin Bieber, Twitter CEO Jack Dorsey, and government officials, were also compromised.
Marriott International announced that on March 31, 2020, around 5.2 million guest information such as contact details, loyalty account information, additional personal details, and others had been accessed using the login credentials. The hacker obtained employee credentials, but credential stuffing and phishing were both likely the main offenders.
BigBasket, one of the biggest online grocers, also encountered data breaching, where around 20 million user accounts were impacted. This breach is assumed to take place on October 14 by cybersecurity firm Cyble and made public on November 7. It was reported that information such as full names, email addresses, IP addresses of user devices, and other information have been exposed and put up on sale on the dark web for $40,000.
The Twitter attack took place back on July 15, 2020, and targeted 130 Twitter accounts, tweeting from 45, reaching the DM inbox of 36, and downloading the Twitter Data of 7. The hackers used specific employee credentials and exploited human vulnerabilities to gain access to internal systems.
In March 2020, it was announced that the personal details such as real names, site usernames, gender, location of more than 538 million users of Weibo had been posted for sale on dark web markets.
Chinese social network Weibo acknowledged the data for sale was from the company but claimed the data was obtained by matching contacts against its address book API. Alibaba’s former security chief Wei Xingguo confirmed the data breach and stated that his own contact details had been leaked online.
Easyjet Data Breach
Easyjet data breach took place in May 2020, which impacted 9 million customers. The breaching exposed customer’s travel details, email addresses along with the complete credit card details of more than 2,200 clients. As a result of this consequence, British airline advised customers to continue to be alert and cautious of any communications purporting to come from easyJet or EasyJet Holidays.
Advanced Info Service (AIS)
Security researcher and head of Trust & Safety at Cloudflare Justin Paine discovered an open ElasticSearch database while browsing BinaryEdge, and he found that the database was controlled by Thailand’s top mobile operator, Advanced Info Service (AIS). According to him, the database was first exposed on May 1, 2020, and within a month, the database had been exposed, and the volume grew significantly, adding approximately 200 million new rows of data. Further, it was reported that, as of May 21, there were 8,336, 189, 132 records stored in the database. AIS confirmed this data breaching and acknowledged their plans fell inadequate.
This alarming rise of data breaching and its increasing sophistication teaches us that there is an urgent need for employee education and creating a cybersecurity culture. At present, tech giants and enterprises are hiring cybersecurity professionals to manage cyber risk and implement the right security controls.
If you want to gain hands-on working exposure in the cybersecurity domain, you can get enrolled in Global Tech Council and become a Certified Cybersecurity Professional.