This was the year when many historical hacks came back to bite millions just as they were least expecting it.This year many cyber attacks took place which caused almost 3,000 publicly data breaches, exposing more than 2.2 billion records. And the year isn’t even over yet.

Let’s take a look back at some of the biggest — and most dangerous — hacks and leaks so far.

1.Yahoo’s More than 1 Billion Accounts Hacked

Yahoo hack was the biggest hack of this year, that “more than one billion user accounts” may have been stolen by hackers during an attack that took place in August 2013, according to a press release.

This is a separate hack than the one that Yahoo announced back in September, in which as many as 500 million user accounts were compromise.

The stolen user account information may have included “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”

2. MySpace hack leads to 427 million passwords up for sale

MySpace hack is the second one which leads to steal 427 million passwords for sale

Millions of passwords from the massive password hack at Myspace have been dumped online for anyone to access.

the database of 427 million passwords for more than 360 million users of the social network.
The passwords were stolen by an unknown hacker in May, who sold the cache of data on the dark web, but it can now be browsed for free through White’s website.

The file is 14.2 GB in size; downloading it might take some time. It is password-protected, but White made the password available on Twitter and his site.

3. 171 million accounts stolen breach leands to a hacker has obtained 171 million user accounts .

VK (originally VKontakte) is the largest European online social networking service with over 350 million users.

The stolen database contains full names, email addresses and plain-text passwords, and in many cases locations and phone numbers.

The hacker  selling a smaller portion of the database — 100 million accounts, which is a little over 17 gigabytes in size — on a dark web marketplace for 1 bitcoin, or about $580 at the time of writing.

VK was talking about old logins / passwords that had been collected by fraudsters in 2011-2012. All users’ data mentioned in this database was changed compulsorily.

The hack was thought to have been carried out in late-2012 or early 2013, but the hacker who is selling the data could not be more precise.

4. 117 Million LinkedIn Emails And Password

A hacker was advertising what he says is more than one hundred million LinkedIn logins for sale.

A total of 117 million passwords are said to be included.

The passcodes are encoded, but in a form that appears to have been relatively easy to reverse-engineer.

the fact that LinkedIn had originally “hashed” its passwords but not “salted” them before storing them.

Hashing involves using an algorithm to convert passwords into a long string of digits. Salting is an additional step meant to stop unauthorised parties from being able to work around the process.

LinkedIn had about 165 million accounts at the time of the breach, but the discrepancy in the figures might be explained by the fact that some of its users logged in via Facebook.

The IDs were reportedly sourced from a breach four years ago, which had previously been thought to have included a fraction of that number.

At the time, the business-focused social network said it had reset the accounts of those it thought had been compromised.

5.Hacker puts 51 million file sharing accounts for sale on dark web

User accounts for iMesh, a now defunct file sharing service, were for sale on the dark web.

The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom.

LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database. The group’s analysis of the database shows it contains a little over 51 million accounts.

It including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user’s location and IP address, registration date, and other information.

6.Indian 3.2 million Debit Card Hack

As many as 32 lakh debit cards belonging to various Indian banks were compromised earlier this year resulting in the loss of Rs 1.3 crore in fraudulent transactions as per NPCI.

The hacks went undetected for months, and reports suggest ATMs operated by Japanese HitachiBSE 1.37 % Payments were infected with malicious software allowing hackers to extract money off user accounts.

SBI, HDFC Bank, ICICI Bank, YES Bank and Axis Bank were among the worst hit, according to the report. About 2.6 million affected cards are reportedly on the Visa and Mastercard platform, while 600,000 are on RuPay.
The breach is said to have originated through a malware that was introduced in the systems of Hitachi Payment Services, a provider of ATMs and Point of Sale services. Hitachi couldn’t be reached for comment.

7. Ubuntu Forums hack exposes 2 million users


Ubuntu’s data breach leads to two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.

The attacker was able to exploit an SQL injection vulnerability in an add-on used by older vBulletin forum software.That gave the attacker access to the forum’s databases, but the company said that only limited user data was accessed and downloaded.

The statement explains that no code or repository data was accessed, and the attacker couldn’t write data to the database or gain shell access. The attacker also didn’t gain access to any other Canonical or Ubuntu service.

The statement added that although the forums relied on Ubuntu’s single sign-on service, the passwords were hashed and salted, turning them into randomized strings of data.

But the statement did not say which hashing algorithm was used — some algorithms, like MD5, are still in use but are deprecated, as they can be easily cracked.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Please enter your comment!
Please enter your name here