This was the year when many historical hacks came back to bite millions just as they were least expecting it.This year many cyber attacks took place which caused almost 3,000 publicly data breaches, exposing more than 2.2 billion records. And the year isn’t even over yet.
Let’s take a look back at some of the biggest — and most dangerous — hacks and leaks so far.
Yahoo hack was the biggest hack of this year, that “more than one billion user accounts” may have been stolen by hackers during an attack that took place in August 2013, according to a press release.
This is a separate hack than the one that Yahoo announced back in September, in which as many as 500 million user accounts were compromise.
The stolen user account information may have included “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”
MySpace hack is the second one which leads to steal 427 million passwords for sale
Millions of passwords from the massive password hack at Myspace have been dumped online for anyone to access.
The file is 14.2 GB in size; downloading it might take some time. It is password-protected, but White made the password available on Twitter and his site.
VK.com breach leands to a hacker has obtained 171 million user accounts .
VK (originally VKontakte) is the largest European online social networking service with over 350 million users.
The stolen database contains full names, email addresses and plain-text passwords, and in many cases locations and phone numbers.
The hacker selling a smaller portion of the database — 100 million accounts, which is a little over 17 gigabytes in size — on a dark web marketplace for 1 bitcoin, or about $580 at the time of writing.
VK was talking about old logins / passwords that had been collected by fraudsters in 2011-2012. All users’ data mentioned in this database was changed compulsorily.
The hack was thought to have been carried out in late-2012 or early 2013, but the hacker who is selling the data could not be more precise.
A hacker was advertising what he says is more than one hundred million LinkedIn logins for sale.
A total of 117 million passwords are said to be included.
The passcodes are encoded, but in a form that appears to have been relatively easy to reverse-engineer.
the fact that LinkedIn had originally “hashed” its passwords but not “salted” them before storing them.
Hashing involves using an algorithm to convert passwords into a long string of digits. Salting is an additional step meant to stop unauthorised parties from being able to work around the process.
LinkedIn had about 165 million accounts at the time of the breach, but the discrepancy in the figures might be explained by the fact that some of its users logged in via Facebook.
The IDs were reportedly sourced from a breach four years ago, which had previously been thought to have included a fraction of that number.
At the time, the business-focused social network said it had reset the accounts of those it thought had been compromised.
User accounts for iMesh, a now defunct file sharing service, were for sale on the dark web.
The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom.
LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database. The group’s analysis of the database shows it contains a little over 51 million accounts.
It including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user’s location and IP address, registration date, and other information.
As many as 32 lakh debit cards belonging to various Indian banks were compromised earlier this year resulting in the loss of Rs 1.3 crore in fraudulent transactions as per NPCI.
The hacks went undetected for months, and reports suggest ATMs operated by Japanese HitachiBSE 1.37 % Payments were infected with malicious software allowing hackers to extract money off user accounts.
Ubuntu’s data breach leads to two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.
The attacker was able to exploit an SQL injection vulnerability in an add-on used by older vBulletin forum software.That gave the attacker access to the forum’s databases, but the company said that only limited user data was accessed and downloaded.
The statement explains that no code or repository data was accessed, and the attacker couldn’t write data to the database or gain shell access. The attacker also didn’t gain access to any other Canonical or Ubuntu service.
The statement added that although the forums relied on Ubuntu’s single sign-on service, the passwords were hashed and salted, turning them into randomized strings of data.
But the statement did not say which hashing algorithm was used — some algorithms, like MD5, are still in use but are deprecated, as they can be easily cracked.
Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…
The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…
A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…
Meta has announced the removal of over 2 million accounts connected to malicious activities, including…
Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…