Top 10 Cybersecurity Stories That Made Headlines In 2020

Top Software Testing Services

Top 10 Cybersecurity Stories That Made Headlines In 2020

The rapid spread of the coronavirus has activated an equal shift towards a remote workforce among several organizations all over the world, which also led to the adaptation of new technologies and new processes and this has increased the security issues. The weakening of security issues led to an increased number of cyber-attacks and data breaches. The effects of such threats could be seen all around the world in 2020. Below are flashes of the Cybersecurity stories that made headlines in 2020.

Zoom’s Data Breach for Credentials

As the Global Covid 19 pandemic was growing immensely, almost all of us were forced to study and work remotely. Zoom was such a virtual meeting app that was on the rise of users for virtual meetings. Millions of users joined Zoom for various remote purposes. That’s when an embarrassing data breach was faced by Zoom, in which the attacker gained access to log-in credentials of hundreds of thousands of users. These credentials were then discovered being sold on the Dark Web. The hackers were also able to gain access to the email addresses and other contact information. These details and credentials were being sold over Dark Web for less than a rupee for each account. This led to an open path for spammers to enter any unauthorized meeting to create disturbances or steal data.

Twitter’s Social Engineering Attack

A Social engineering attack was suffered by Twitter on 15 July 2020. It was a huge attack in which very high-profile accounts were hacked and tweets from these accounts were sent out declaring that the users who send money to a specific Bitcoin address will receive the double amount of received money. Accounts of Bill Gates, Elon Musk, Jeff Bezos, Joe Biden, Kim Kardashian West,  Micheal Bloomberg were among the hacked ones. The attack targeted 130 high-profile accounts with attackers capable of resetting passwords of all these accounts. The attackers targeted employees of Twitter who had access to internal tools and then targeted 130 accounts. Out of the 130 accounts targeted, tweets were made by 45 accounts, inboxes were accessed by 36 accounts and complete data of Twitter accounts were downloaded from 7 accounts.

SolarWinds Supply Chain Attack

SolarWinds cyberattack was a supply chain attack in which the attackers targeted a third-party organization that supplies software to their targeted companies. Attackers somehow placed a malware in the SolarWinds software Orion and then released an update mimicking to come directly from the SolarWinds servers. This update was then installed by almost 17,000 customers of SolarWinds. The customers of SolarWinds included the Fortune 500, the cybersecurity firm FireEye and a lot many other US agencies, some of which are said to be governments. The malware once installed was able to blend in Orion’s activities and had the access to almost all files on the system.

Marriot’s Massive Data Breach

The Marriott International Hotel faced a massive data breach in March 2020, in which the attackers were able to steal credentials and data of 5.2 million guests. The attackers were able to perform this massive attack by hacking the user credentials of two staff members. Data that was stolen of 5.2 million guests may include information about guests Contact Details (Contact number, Email address, mailing address, etc.), Additional Personal Details (D.O.B., gender, Company, etc.), Loyalty Account Information (account numbers – excluding passwords, points balance, etc.), Preferences (Room and Language preferences) and Partnerships and Affiliations (Airline Loyalty Programs and numbers). This compromising of details of 5.2 million guests showed the need of using two factor or multi factors authentication process.

MGM Hotel’s Grand Data Breach

In February, MGM confirms that they have faced a massive data breach in which the stolen data was of almost 10.6 million users who stayed at MGM. The breached data consisted of contact details of CEOs, Government officials, celebrities, employees of some great tech companies, and details of regular tourists and travelers. This data was published on an online hacking forum and included additional details like home address, passport numbers, driver’s license, etc.

Nintendo’s Credential Stuffing Attack

Nintendo, an online gaming pioneer face a heavy data breach I which accounts of 1,60,000 users were gained access to in a single attempt. However, such attacks are quite common in the media and gaming industries. The online accounts that were breached were used to buy digital accessories and products from the Nintendo network. The attackers were also able to access information like the account owner and owner’s name, email address, date-of-birth, country of residence, etc. Such attacks are called the Credential stuffing attack.

Unacademy’s Data Breach

Unacademy is a popular online Bengaluru-based education platform. Unacademy experienced a data breach earlier this year, in January 2020. The attackers were able to breach and expose more than 20 million accounts of Unacademy users. This exposed data was being sold on Dark Web and included details of user’s username, passwords, first and last names, email address, date of joining, whether the account is active or inactive with last login date, whether the user is a member or a host or a superuser, etc. The breached data also included accounts with corporate emails of Google, Facebook, Infosys, Wipro, and Cognizant.

BigBasket’s Data Breach

BigBasket is a very popular online grocery store in India. In October, BigBasket faced a huge data breach that exposed around 20 million users. The Breached data with names, date-of-birth, email addresses and even IP addresses of one’s device was being sold at $40,000 on the Dark Web. The breach took place on October 14 and was made public on November 7.

EasyJet’s Data Breach

EasyJet is a UK-based low-cost airline company. The company declared that cybercriminals or hackers have breached and stolen the data of around 9 million customers. The compromised data of nine million customers included the travel information with email addresses and even some with the payment information. 2,208 users other than 9 million were exposed with their credit card details. Some authorities also claimed that the airline was quite slow in informing the customers about the breach, even took 4 months to inform some customers.

WHO’s Credentials Leaked

WHO along with many high-profile organizations and companies who were part of the fight against the Covid-19 pandemic, suffered the Data Leak in April 2020. WHO accepts that almost 450 credentials were leaked online and credentials were of active accounts. The leaked credentials included email addresses and passwords of pupils who worked for the Covid-19 responses.

If you like this article, follow us on Twitter, Facebook, Instagram, and Linkedin.

 

Leave a Reply

Your email address will not be published. Required fields are marked *