Cyber warfare continues to be consuming the media lately. Whether secret groups hacking computers for fun or alleged government agencies trying to steal classified information, the Internet landscape has been transformed into a binary battlefield. Who needs a weapon when you have a keyboard? With many unlikely to be part of the game, stand out of the crowd and become a cybersecurity professional. There are lots of new cybersecurity certifications online.
Let’s have a look at the most dramatic and notorious cyberattacks of the last decade.
Learning of blog
- Most significant cyberattacks in history
- Sina Weibo
- Marriott International
- Final words
Most Significant Cyberattacks in History
Date: March of 2020
Impact: 538 million accounts
Details: With over 5000 lac users, Sina Weibo is China’s Twitter response. However, it was claimed in March 2020 that real names, site names, gender, place, and for 172 million users’ phone numbers had been posted for sale on dark web markets. Passwords were not included, which may mean why the data was available for only 250 dollars. Weibo admitted that the data for sale was from the client, but stated that the data was collected by matching the contact with its API address book. It also said that since no passwords are stored in plain text, users should have nothing to worry about.
Date: September of 2019
Impact: 218 million of user accounts
Details: Once a giant of the Facebook gaming segment, Farmville founder Zynga is now one of the World’s most prominent video game players with millions of players worldwide. A Pakistani hacker named Gnosticplayers claimed to have hacked into Zynga’s Draw Something and Words database with Friends players and had access to 218 million accounts registered there. Zynga also reported that e-mail addresses, salted SHA-1 hash keys, phone numbers, and user IDs for Facebook and Zynga accounts had been stolen.
Date: May of 2019
Impact: 137 million of user accounts
Details: In May 2019, the Australian Graphic Design Platform website Canva suffered an attack that revealed e-mail addresses, usernames, names, residences, salted and hashed bcrypt passwords for users who do not use social login (about 61 million) to 137 million users. Canva claims that hackers have been able to access, but not steal, partial credit card files, and payment data. However, according to a tardy post by Canva, the list of approximately 4 million Canva accounts containing stolen user passwords were later decrypted and posted online, prompting the company to invalidate unchanged passwords and to alert users with unencrypted passwords in the registry.
Date: December of 2018
Impact: 162 million of user accounts
Details: In December 2018, New York-based video messaging service Dubsmash had 0.162 billion e-mail addresses, usernames, PBKDF2 password hashes, and other confidential data stolen, all of which were then sold on the Dream Market dark web market in December. Dubsmash admitted that the hack and selling of information had occurred and offered advice on changing the password but refused to reveal how the attackers got in or clarify how many users got affected.
Impact: Data of 500 million customers
Details: In November 2018, Marriott International revealed that the attackers had stolen data from approximately 500 million customers. Initially, the violation occurred on Starwood hotel brand support systems beginning in 2014. The attackers remained in the network after Marriott purchased Starwood in 2016 and were not discovered until September 2018. The attackers were able to take a combination of contact details, passport number, Starwood Preferred Guest numbers, travel information, and other personal information. The credit card numbers and expiry dates of more than 0.1 million customers are thought to have been stolen, but Marriott is unsure if the attackers were able to decrypt the credit card numbers. The violation was subsequently traced to a Chinese intelligence agency trying to collect data on US citizens.
Date: September of 2018
Impact: 50 million users’ data
Details: Even social media sites can be hacked. On 27th September 2018, Facebook was breached by hackers leveraging three flaws that put at least 50 million users’ data at risk. Although private messages or credit cards have not been received, Facebook has confirmed that hackers have stolen private information such as your name and hometown from your profile page. It turns out that bugs were first implemented back in July, allowing hackers to access tokens to several accounts, but Facebook did not notice them until September. Although users are unsure whether hackers have also gained access to Facebook-linked accounts, such as Instagram, it is not clear why hackers have chosen to exploit such vulnerabilities instead of unveiling them for a bug bounty reward.
Date: July 2017
Impact: 147.9 million of clients
Details: Equifax, a huge credit bureau in the World, said on 7th September 2017 that the weakness of the application on one of their websites contributed to a leak of data that exposed some 147.9 million customers. The violation exposed the personal information (including Social Security numbers, dates of birth, addresses, and, in some cases, driver’s license numbers) of 0.143 billion consumers; 209,000 consumers also had their credit card details released. The sum was increased to 147.9 million in October 2017. Equifax has been faulted for a variety of monitoring and response lapses. The chief among them was that the weakness of the application that made the attackers access was unpatched. Inadequate system segmentation made lateral movement easier for attackers. Equifax was also late to announce the violation.
Hacking has caused tremendous disruption and harm to industry, government, and everyday life around the World over the last two decades. Hacking and cybercrime are becoming the daily facts of our planet, generating a billion-dollar black-market industry. In response to the challenge of cybercrime, the online security industry has grown both broad and diverse and will have to continue to expand and adapt. For ordinary users, cybersecurity experts suggest – keep on top of your system updates, make sure your firewalls and anti-virus are fit for purpose, watch out for spam e-mail, and be vigilant for anything odd happening with your computer.