![Cyber security breaches]({"default":"http://db3.stb01.s-msn.com/i/f7/fc952a10e811d0345212212b4877/_h0_w650_m6_otrue_lfalse.jpg","fill":"http://db3.stb01.s-msn.com/i/f7/fc952a10e811d0345212212b4877/_h0_w600_m6_otrue_lfalse.jpg","snap":"http://db3.stb01.s-msn.com/i/f7/fc952a10e811d0345212212b4877/_h0_w300_m6_otrue_lfalse.jpg"} "Reuters")
ReutersBut this got us thinking. What are the biggest hacks ever?
PlayStation Network
With 77 million users’ data leaked, the breach of Sony’s PSN and Qriocity services was one of 2011’s biggest tech stories. Over a three day period, hackers were able to get hold of a slew of personal information, Sony eventually switching its services off on 20 April. By this point, the story had gained momentum, with the full scale being revealed over a number of days, as Sony battled to get PSN back online and convince its customers it hadn’t dropped the ball. While names and addresses were leaked, credit card details were not. After 24 days, PSN was back up and running, but Sony’s reputation had taken a battering.
Stuxnet
A state–sponsored hack, Stuxnet proved that cyber warfare was very much a reality. Designed by the United States to attack Iran’s nuclear programme, it caused a huge stir when it was revealed in 2010, some three years after it was first conceived. The worm targeted Siemens industrial control systems and was spread using Windows Vista. Over 60% of all computers with Stuxnet were believed to be in Iran, with Israeli agents also said to be involved in its development.
Operation Shady RAT
Web security firm McAfee discovered and named Operation Shady RAT in 2011. Named after the Remote Access Tool function used in the security industry, this hack is believed to have targeted everything from government agencies, nonprofit organisations, corporations and sporting bodies. Data including secret intelligence files and countless emails is believed to have been stolen using the hack. Who’s behind it? While official declarations are scarce, it’s widely believed that China is to blame for this piece of potential cyber warfare.
Adobe
Just last October, software giant Adobe admitted it had suffered a major breach of security. A whopping 38 million active accounts were affected, with passwords, encrypted credit card information and card expiry dates all stolen. While the company reset passwords, security analysts set to work on investigating the breach further. One blog, Naked Security (http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/), respected for being an authority on its subject, said Adobe had actually lost a massive 150 million users’ data with a vast file of passwords and usernames backing up its claims. Adobe denied such assertions, which would have made this the biggest hack of all time.
Gawker
Online publisher Gawker suffered a major attack in late 2010, with over one million commenters’ information taken. The reason? Gnosis, the group of hackers who committed the breach, said it was down to the company’s “outright arrogance” towards their community. Passwords were posted on P2P networks, with some users finding their email and social media accounts breached because they’d used the same password across all services. Gawker beefed up security across all of its websites, including Jezebel, Gizmodo and Kotaku. It said the flaw had been found because it hadn’t spent enough time reviewing security of its older software.
Target
US retailer Target has been making headlines in recent weeks following a massive security breach which saw 40 million customers’ debit and credit card details stolen. Punters who had used plastic in stores between 27 November and 15 December had encrypted data stolen. Target said that PINs were heavily encrypted, making it harder for hackers to use the cards to make illegal purchases. However, long numbers, security codes and names were all taken. A Russian crime syndicate is said to be behind the attack.
Heartland Payment Systems
Chances are you haven’t heard of Heartland Payment Systems. But this US credit card payment processing company was hit hard in 2008, with 130 million users details stolen in one of the largest hacks ever. Visa, Mastercard and AmEx users were all affected. The information from cards’ magnetic strips was taken, allowing fake cards to be created and used. The breach, which is said to have taken place for almost a year, was down to Albert Gonzalez, who was sentenced to 20 years in prison in 2010 for his role in the hack.
Apple UDID
Apple’s reputation for being rock solid when it comes to security was put to the test in March 2012, when hacker group Antisec said it had got hold of the Universal Device IDs (UDIDs) of 12 million devices. That includes iPods, iPads and iPhones. While only one million UDIDs were made public and no usernames or addresses were revealed, the fact is that they could be traced back to owners relatively easily. The information was apparently taken from an FBI computer, suggesting the agency was using the UDIDs to track certain US citizens.
Snapchat
The self-destructing messaging service that could do no wrong had a torrid end to 2013. After being the subject of a multi-billion pound bid from Facebook, the app was hit by a major hack, with 4.6 million users’ phone numbers dumped online. These all related to the app’s Find Friends function, which used numbers to track down fellow users. Snapchat was apparently made aware of security problems as far back as last August, but it seems it don’t deal with them adequately. A recent update has fixed the breach and tightened up the Find Friends feature too.
Starbucks
Not so much a hack as a worrying discovery. Security researcher Daniel Wood recently found that Starbucks’ mobile app, used by 10 million customers across the world to pay for coffee on their phone, was stashing passwords, usernames and other personal information in plain text. While Starbucks dismissed the idea of hackers accessing this information as ‘far-fetched’, it did say it was working on a new update which would encrypt users data and beef up security in general.
No comments:
Post a Comment