Categories: Data Breach

These were the biggest Cyber Attacks of the year 2016

This was the year when many historical hacks came back to bite millions just as they were least expecting it.This year many cyber attacks took place which caused almost 3,000 publicly data breaches, exposing more than 2.2 billion records. And the year isn’t even over yet.

Let’s take a look back at some of the biggest — and most dangerous — hacks and leaks so far.

1.Yahoo’s More than 1 Billion Accounts Hacked

Yahoo hack was the biggest hack of this year, that “more than one billion user accounts” may have been stolen by hackers during an attack that took place in August 2013, according to a press release.

This is a separate hack than the one that Yahoo announced back in September, in which as many as 500 million user accounts were compromise.

The stolen user account information may have included “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”

2. MySpace hack leads to 427 million passwords up for sale

MySpace hack is the second one which leads to steal 427 million passwords for sale

Millions of passwords from the massive password hack at Myspace have been dumped online for anyone to access.

the database of 427 million passwords for more than 360 million users of the social network.
The passwords were stolen by an unknown hacker in May, who sold the cache of data on the dark web, but it can now be browsed for free through White’s website.

The file is 14.2 GB in size; downloading it might take some time. It is password-protected, but White made the password available on Twitter and his site.

3. 171 million VK.com accounts stolen

VK.com breach leands to a hacker has obtained 171 million user accounts .

VK (originally VKontakte) is the largest European online social networking service with over 350 million users.

The stolen database contains full names, email addresses and plain-text passwords, and in many cases locations and phone numbers.

The hacker  selling a smaller portion of the database — 100 million accounts, which is a little over 17 gigabytes in size — on a dark web marketplace for 1 bitcoin, or about $580 at the time of writing.

VK was talking about old logins / passwords that had been collected by fraudsters in 2011-2012. All users’ data mentioned in this database was changed compulsorily.

The hack was thought to have been carried out in late-2012 or early 2013, but the hacker who is selling the data could not be more precise.

4. 117 Million LinkedIn Emails And Password

A hacker was advertising what he says is more than one hundred million LinkedIn logins for sale.

A total of 117 million passwords are said to be included.

The passcodes are encoded, but in a form that appears to have been relatively easy to reverse-engineer.

the fact that LinkedIn had originally “hashed” its passwords but not “salted” them before storing them.

Hashing involves using an algorithm to convert passwords into a long string of digits. Salting is an additional step meant to stop unauthorised parties from being able to work around the process.

LinkedIn had about 165 million accounts at the time of the breach, but the discrepancy in the figures might be explained by the fact that some of its users logged in via Facebook.

The IDs were reportedly sourced from a breach four years ago, which had previously been thought to have included a fraction of that number.

At the time, the business-focused social network said it had reset the accounts of those it thought had been compromised.

5.Hacker puts 51 million file sharing accounts for sale on dark web

User accounts for iMesh, a now defunct file sharing service, were for sale on the dark web.

The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom.

LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database. The group’s analysis of the database shows it contains a little over 51 million accounts.

It including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user’s location and IP address, registration date, and other information.

6.Indian 3.2 million Debit Card Hack

As many as 32 lakh debit cards belonging to various Indian banks were compromised earlier this year resulting in the loss of Rs 1.3 crore in fraudulent transactions as per NPCI.

The hacks went undetected for months, and reports suggest ATMs operated by Japanese HitachiBSE 1.37 % Payments were infected with malicious software allowing hackers to extract money off user accounts.

SBI, HDFC Bank, ICICI Bank, YES Bank and Axis Bank were among the worst hit, according to the report. About 2.6 million affected cards are reportedly on the Visa and Mastercard platform, while 600,000 are on RuPay.
The breach is said to have originated through a malware that was introduced in the systems of Hitachi Payment Services, a provider of ATMs and Point of Sale services. Hitachi couldn’t be reached for comment.

7. Ubuntu Forums hack exposes 2 million users

Ubuntu’s data breach leads to two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.

The attacker was able to exploit an SQL injection vulnerability in an add-on used by older vBulletin forum software.That gave the attacker access to the forum’s databases, but the company said that only limited user data was accessed and downloaded.

The statement explains that no code or repository data was accessed, and the attacker couldn’t write data to the database or gain shell access. The attacker also didn’t gain access to any other Canonical or Ubuntu service.

The statement added that although the forums relied on Ubuntu’s single sign-on service, the passwords were hashed and salted, turning them into randomized strings of data.

But the statement did not say which hashing algorithm was used — some algorithms, like MD5, are still in use but are deprecated, as they can be easily cracked.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

15 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

16 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

18 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

22 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

23 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

23 hours ago