A data breach is not a threat or attack in its own right. Rather, it is a result of a cyberattack that allows the hackers or cybercriminals to get unauthorized access to a system or network and steal the private or confidential information of the users constrained within. Some of the common cyberattacks used in data breaches are as follows:
- Broken or misconfigured access controls
In majority of the cases, the cybercriminals steal the names, email addresses, usernames, passwords, and bank details to misuse them. They either sell this data to get money, or steal your identity, or make fraudulent purchases.
Well, there are times when the hackers do it just to prove that they can. For instance, in 2015 the Vtech data breach took place where data of 5 million adults and 200,000 children was stolen. The hackers later claimed they won’t share the data with anyone. Perhaps, honour among thieves, right?
Here are some of the biggest data center breaches or outrages that took place in the past decade.
Yahoo has got the title for the largest data breach ever. Yahoo told in September 2016 that more than 500 million user accounts were exposed during the data breach in late 2014. In the same year, it also said that a different data breach from 2013 affected around 1 billion of its users.
In the year 2017, Yahoo stated that its entire base of 3 billion users was compromised. The sensitive data such as email addresses, names and phone number, were stolen by cybercriminals.
This information was disclosed after Verizon decided to acquire Yahoo for $4.8 billion in 2016. After the data breach news came in the market, it reduced its price by $350 million.
- Marriott International
Just like some housekeeping staff ignore the “Do Not Disturb” Sign, hackers did the same. They attacked the world’s largest hotel company Marriott International very badly. In the year 2014, it was attacked by cybercriminals but wasn’t discovered until September 2018.
The cybercriminals unrestricted the access to the personal information of around 500 million Starwood-Marriott customers. This information includes names, mailing addresses, phone numbers, email addresses, passport numbers, and dates of birth. This is a classic example of how the various tools such as inventory software and customer database management software are crucial and sensitive for hospitality industry.
The Exactis data breach is a little bit different than others in this list. This is because there is no proof that the cybercriminals stole any data. However, the cybersecurity researcher who identified this ‘data breach’ believes that the hackers did.
Exactis has got the records for 340 million Americans which were stored on an unsecure server. The criminal used the special search engine called Shodan that lets users find Internet-connected devices.
This includes the information such as lifestyle information, like religion and hobbies, that could be used in phishing attacks.
In the year 2016, the hackers stole the names, email addresses, and phone numbers of around 56 million Uber customers and around 600, 000 Uber drivers. Uber fell prey to the hackers as they demanded a ransom money of $100, 000, a sum it ultimately has to pay.
However, rather than reporting the incident, Uber tried to cover it up which costed the Uber company $148 million in fines.
AdultFriendFinder, the world’s largest sex and swinger community, was attacked by hackers who stole usernames, encrypted passwords, emails, date of last visit, and membership status for 412 million accounts. The previous data breach affected 4 million users, and the data included sexual preference and whether or not the user was looking for an extramarital affair.
Runecast Analyzer to prevent such data breaches
The Runecast solution is a platform build by admins and for the admins. It covers on-premises VMware + public cloud AWS, as well as VMware Cloud on AWS.
The Runcast Analyzer is basically a predictive and actionable support intelligence solution for VMware and AWS admins. It scans the VMware and AWS environments in real time and also discovers any potential risks. Along with that, the admins get remediation solutions before any issues can develop into a major outage. All the above-mentioned data breaches or other such breaches could have been prevented if the admins got a warning before time.