The pandemic has shaken the whole world, and the situation has left private as well as government organisations struggling to perform their regular operations. With the unpredictable COVID-19 situation, organisations and businesses are among the most affected sectors that have faced unimaginable decisions like layoffs, salary cuts and more.
The pandemic situation has pushed the organisations and businesses to make transitions in their working format by adopting remote working, using digital tools, etc. and hence accelerated the technology adoption. According to sources, 94% of enterprises already use a cloud service, and 83% of enterprise workloads will be in the cloud by 2020.
As every coin has two sides, the pandemic has also brought up two situations. One is the struggling phase of the businesses to make the end needs meet, and the other is the one-in-a-million chance for the cybercriminals to hack and breach data.
Below here, we discussed the ten biggest data breaches, in no particular order, that made headlines in 2020.
Twitter Data Breach
Breach Impact: 130 Twitter Accounts
In July this year, the popular microblogging platform came under cyber attack through a phone spear-phishing attack. The attackers used the credentials of employees with access to tools. They targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
The attackers used specific employee credentials to access the internal systems and gain information about the processes. This knowledge then enabled them to target additional employees who did have access to the Twitter account support tools.
Zoom Credential-Based Breach
Breach Impact: 500, 000 Zoom passwords
In April, more than 500,000 Zoom accounts were breached and then sold on the dark web and hacker forums for either free or less than a penny each. According to sources, the stolen credentials are collected through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. Then, the successful logins are compiled into lists which are sold to other hackers.
Unacademy Data Breach
Breach Impact: 22 Million user accounts
One of the Bengaluru-based popular online educational platforms, Unacademy had suffered a data breach in January this year. The breach had exposed over 20 million user accounts that included usernames, SHA-256 hashed passwords, date joined, last login date, email addresses, first and last names, and whether the account is active, a staff member, or a superuser and was sold on Dark Web.
According to sources, the major data breach was exposed by US-based cybersecurity firm Cyble. The exposed database also has numerous accounts using corporate emails, including that of Wipro, Infosys, Cognizant, Google and Facebook/
BigBasket User Data Breach
Breach Impact: 20 Million User Accounts
In October, a popular online grocer in India, BigBasket suffered a massive data breach that left data of 20 million users exposed. According to sources, the breach occurred on October 14 and made public on November 7 where personal information of users such as full names, email addresses, date of birth, IP addresses of user devices have been compromised and put up on sale on the dark web for $40,000.
Nintendo Data Breach
Breach Impact: 300,000 accounts
In April this year, Japanese video gaming giant, Nintendo confirmed that 300,000 Nintendo Network ID accounts had been compromised by using unauthorised logins. According to sources, the additional Nintendo Network ID (NNID) accounts that have been breached have had their passwords reset, and the relevant users had been contacted directly.
Marriott Data Breach
Breach Impact: 5.2 million hotel guests
Marriott International faced a massive data breach in January this year. The breach compromised the personal information of around 5.2 million guests. The information included contact details like name, mailing address, email address, and phone number, as well as loyalty account information, and additional personal details like company, gender, and birthday day and month, partnerships and affiliations and other such.
MGM Grand Data Breach
Breach Impact: 10.6 million customers
In February, MGM confirmed data breach of around 10.6 million consumers who stayed at MGM resorts. The data appeared online that included personal information ranging from home addresses and contact information to driver’s licenses as well as passport numbers.
Easyjet Data Breach
Breach Impact: 9 million customers
On May 19 this year, British low-cost airline group EasyJet suffered a large scale data breach that compromised data of nine million customers. According to sources, the data included email addresses, travel information, and, in some cases, payment card information. Also, EasyJet stated that the credit card details of 2,208 travellers were revealed.
Tetrad Data Breach
Breach Impact: 120 Million Americans
On February 3, market analysis company Tetrad faced a data breach that included data from clients to Tetrad, and it varies by the type of business and their methods for data collection. According to sources, the data included a spreadsheet listing over 4,000 actual and planned locations relevant to IBM Tririga deployments. In addition to the data collected by retail companies, other important data such as contained a total of 130 million rows of data on US households had been compromised.
Sina Weibo Data Breach
Breach Impact: 538 Million users
In March, Chinese social network Weibo suffered a massive data breach that contained the details for 538 million Weibo users. The data included personal information, such as real names, site usernames, gender, location, phone numbers, among others. According to sources, the hacker was selling the Weibo data for only ¥1,799 ($250).