Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications are breached by hackers when they find vulnerabilities in their code. This can give them unauthorized access to sensitive information of customers like passwords and bank account details.

Security data breaches have become synonymous with the news nowadays. Most people just ignore it and think that nothing will happen to them. But nothing could be further from the truth. There is a good chance that you won’t even realize that your data has been compromised at all. Some breaches go completely unnoticed for years on end.

There are lots of security breaches happened in the last year, and they have made a great impact on our information security. Here I’m going to show you the top 5 security breaches that happened in 2021.

The 5 most impactful cyber attacks of 2021

1. Data breach due to Microsoft software

Microsoft was attacked in March 2021 by the Chinese hacker group Hafnium. The attack took place across the United States, affecting local governments, government agencies, and businesses. Microsoft’s notification to customers noted that the hack was not specifically targeting the company, but that the group primarily targets entities in the United States with the objective of stealing information from an assortment of industry sectors.

Cyber-criminals gained access to servers running Microsoft Exchange software by using stolen passwords along with previously unknown vulnerabilities. By exploiting this vulnerability, any user who had access to the system at the time of login could transfer full administrative rights to the computer. As a result, the attackers were able to log in and install malware that created command-and-control proxies for them.

On 2 March 2021, Microsoft released updates for Microsoft Exchange Server 2010, 2013, 2016 and 2019 to patch the exploit; this does not retroactively undo damage or remove any backdoors installed by attackers. Small and medium businesses, local institutions, and local governments are known to be the primary victims of the attack, as they often have smaller budgets to secure against cyber threats and typically outsource IT services to local providers that do not have the expertise to deal with cyber attacks.

On 12 March 2021, Microsoft announced the discovery of “a new family of ransomware” being deployed to servers initially infected, encrypting all files, making the server inoperable and demanding payment to reverse the damage.

On 22 March 2021, Microsoft announced that in 92% of Exchange servers the exploit has been either patched or mitigated

2. Facebook Data breach

Hackers obtained the personal information of over 533 million Facebook users due to a data breach. Posts on the user’s wall were also included, along with the user’s name, date of birth, and current city. A white hat security group discovered the vulnerability in 2021.

According to what has been reported by Facebook itself, Attackers scraped Facebook data by exploiting a vulnerability in Facebook’s Contact Importer feature in 2019. From what has been reported, the individuals probably used Android emulators, which is software that simulates an Android device on a computer. They loaded, say, 10k phone numbers into the address book of the emulated device, installed Facebook’s mobile app, and used the app’s “import contacts” feature to get the rest of the profile data for those 10k phone numbers. Then they wiped the device and did the same thing with another batch of 10k phone numbers, etc.

The leaked database contained personal information such as phone numbers, Facebook IDs, names, birthdays, and even some email addresses that could be used to carry out social engineering attacks on individuals on a large scale in the future.

In the future, it could potentially be used for social engineering attacks of a large scale by criminals, regardless of exactly what they plan to do with all this information.

3. LinkedIn Data breach

More than 700 million LinkedIn users, or 92%, have had their personal data sold on the dark web since May 2021. Several reports indicate that the attackers scraped the data from the websites, including email addresses, full names, phone numbers, physical addresses, geolocation records, personal and professional histories, other social media accounts, gender, LinkedIn usernames, and profile URLs.

The attacker conducted the attack with the use of different APIs to scrape the site, according to reports.

The company disputed this claim and revealed that it had investigated an alleged set of LinkedIn data that was posted for sale and found that the data was an aggregation of information from several websites and companies. The scraped data appears to have come from LinkedIn member profiles that are publicly viewable. The breach wasn’t caused by LinkedIn, and no private member account data was included.

Web scraping has been said the primary reason for this data breach, Web Scraping is a type of Web Crawling, and is the process of using software to browse the content of sites of interest and subsequently extract data from visited pages. The intention of scarping is to extract the site essence usually for business needs. For example, an online site can scrape its competitors in order to extract the prices they offer. There are two impacts for scraping, the first and obvious one is the business impact. It discloses sensitive information from the site which was not meant to be disclosed in such a manner, the second is bandwidth – the scrapers activity can consume even 50% of the site bandwidth forcing the site to pay and increase its bandwidth. Companies often overlook the risk this type of personal data exposure poses for the victims and the ultimate value of harvesting this data on such a massive scale, particularly for social engineering attacks.

4. Android Data breach

There have been numerous configuration errors in third-party cloud services that exposed the personal data of more than 100 million Android users in May. A total of 23 applications downloaded 10 million to 10,000 copies of the unsecured real-time databases containing personal information. Anyone can access sensitive information such as names, email addresses, chat messages, date of birth, gender, photos, location, passwords, phone numbers, payment details, and push notifications. Misconfigured cloud services are responsible for this breach - something that even a company as big as Google can suffer from.

Researchers found that more than 100 million Android users’ personal data was exposed in May due to a number of misconfigurations of cloud services. 23 apps downloaded data from real-time databases that were not protected, with downloads ranging from 10,000 to 10 million.

Researchers at Check Point discovered anyone could access sensitive and personal information, including names, emails, dates of birth, chat messages, locations, gender, passwords, photos, payment information, and phone numbers. Moreover, Check Point researchers found that over 10 million of the 23 apps they analyzed had been installed on Google Play.

In most cases, their real-time databases were unprotected, letting confidential user information fall into the wrong hands. Deficiencies in database configurations should not surprise anyone; however, many applications fail to follow basic security practices. Users’ personal data is also at risk due to misconfigurations.

5. Colonial Pipeline

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline

They left the company infected with ransomware. From Texas to New Jersey and across the Midwest, the company operates a large pipeline that transports gasoline and other petroleum products.

The company’s network was compromised on April 29 by hackers who used a compromised VPN account and a compromised password. This incident did not affect operational technology systems, but it caused the company to halt fuel flow in its mainline as a precautionary measure (and to stop leaks). As a result, fuel shortages and rising fuel prices were felt in the Southeast, Midwest, and Northeast.

Cities like Alabama, Florida, Georgia, North Carolina, and South Carolina were affected and fuel shortage was noticed in such areas, It’s said that the Average fuel prices rose to their highest since 2014, reaching more than $3 a gallon.

Colonial faced further cyber-attacks unless it paid the attackers $5 million in bitcoin, which at the time was around three times their annual profits. The most concerning part of this attack are how easily hackers were able to gain access - it turns out that the company was not using multi-factor authentication.

The FBI and various media sources identified the criminal hacking group DarkSide as the responsible party, Read more about them here.

Conclusion

All types of companies and individuals that share or store data online may be affected by data breaches. Data breach prevention plans, continuous security testing, and being actively security conscious is not an option; rather they are the must-have in companies. Unique service providers like ID Assist are perfect for being part of such a plan. It is a good idea to regularly conduct security assessments, IT audits, patch fixes, and to have a standardized incident response plan so that lost data can be minimized and your clients’ trust can be maintained.

About us

Snapsec is a team of security experts specialized in providing pentesting and other security services to secure your online assets. We have a specialized testing methodology that ensures in-depth testing of your business logic and other latest vulnerabilities.

If you are looking for a team that values your security and ensures that you are fully secure against online security threats, feel free to get in touch with us #support@snapsec.co