Thursday, March 28, 2024

These were the biggest Cyber Attacks of the year 2016

This was the year when many historical hacks came back to bite millions just as they were least expecting it.This year many cyber attacks took place which caused almost 3,000 publicly data breaches, exposing more than 2.2 billion records. And the year isn’t even over yet.

Let’s take a look back at some of the biggest — and most dangerous — hacks and leaks so far.

1.Yahoo’s More than 1 Billion Accounts Hacked

Yahoo hack was the biggest hack of this year, that “more than one billion user accounts” may have been stolen by hackers during an attack that took place in August 2013, according to a press release.

This is a separate hack than the one that Yahoo announced back in September, in which as many as 500 million user accounts were compromise.

The stolen user account information may have included “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”

2. MySpace hack leads to 427 million passwords up for sale

MySpace hack is the second one which leads to steal 427 million passwords for sale

Millions of passwords from the massive password hack at Myspace have been dumped online for anyone to access.

the database of 427 million passwords for more than 360 million users of the social network.
The passwords were stolen by an unknown hacker in May, who sold the cache of data on the dark web, but it can now be browsed for free through White’s website.
 

The file is 14.2 GB in size; downloading it might take some time. It is password-protected, but White made the password available on Twitter and his site.

3. 171 million VK.com accounts stolen

 
 

VK.com breach leands to a hacker has obtained 171 million user accounts .

VK (originally VKontakte) is the largest European online social networking service with over 350 million users.

The stolen database contains full names, email addresses and plain-text passwords, and in many cases locations and phone numbers.

The hacker  selling a smaller portion of the database — 100 million accounts, which is a little over 17 gigabytes in size — on a dark web marketplace for 1 bitcoin, or about $580 at the time of writing.

VK was talking about old logins / passwords that had been collected by fraudsters in 2011-2012. All users’ data mentioned in this database was changed compulsorily.

The hack was thought to have been carried out in late-2012 or early 2013, but the hacker who is selling the data could not be more precise.

4. 117 Million LinkedIn Emails And Password

A hacker was advertising what he says is more than one hundred million LinkedIn logins for sale.

A total of 117 million passwords are said to be included.

The passcodes are encoded, but in a form that appears to have been relatively easy to reverse-engineer.

the fact that LinkedIn had originally “hashed” its passwords but not “salted” them before storing them.

Hashing involves using an algorithm to convert passwords into a long string of digits. Salting is an additional step meant to stop unauthorised parties from being able to work around the process.

LinkedIn had about 165 million accounts at the time of the breach, but the discrepancy in the figures might be explained by the fact that some of its users logged in via Facebook.

The IDs were reportedly sourced from a breach four years ago, which had previously been thought to have included a fraction of that number.

At the time, the business-focused social network said it had reset the accounts of those it thought had been compromised.

5.Hacker puts 51 million file sharing accounts for sale on dark web

User accounts for iMesh, a now defunct file sharing service, were for sale on the dark web.

The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom.

LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database. The group’s analysis of the database shows it contains a little over 51 million accounts.

It including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user’s location and IP address, registration date, and other information.

6.Indian 3.2 million Debit Card Hack

As many as 32 lakh debit cards belonging to various Indian banks were compromised earlier this year resulting in the loss of Rs 1.3 crore in fraudulent transactions as per NPCI.

The hacks went undetected for months, and reports suggest ATMs operated by Japanese HitachiBSE 1.37 % Payments were infected with malicious software allowing hackers to extract money off user accounts.

SBI, HDFC Bank, ICICI Bank, YES Bank and Axis Bank were among the worst hit, according to the report. About 2.6 million affected cards are reportedly on the Visa and Mastercard platform, while 600,000 are on RuPay.
 
The breach is said to have originated through a malware that was introduced in the systems of Hitachi Payment Services, a provider of ATMs and Point of Sale services. Hitachi couldn’t be reached for comment.
 

7. Ubuntu Forums hack exposes 2 million users

 
 

Ubuntu’s data breach leads to two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.

The attacker was able to exploit an SQL injection vulnerability in an add-on used by older vBulletin forum software.That gave the attacker access to the forum’s databases, but the company said that only limited user data was accessed and downloaded.

The statement explains that no code or repository data was accessed, and the attacker couldn’t write data to the database or gain shell access. The attacker also didn’t gain access to any other Canonical or Ubuntu service.

The statement added that although the forums relied on Ubuntu’s single sign-on service, the passwords were hashed and salted, turning them into randomized strings of data.

But the statement did not say which hashing algorithm was used — some algorithms, like MD5, are still in use but are deprecated, as they can be easily cracked.

 
Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles