- Yahoo Data Breach
- The Logic Bomb
- Ransomware WannaCry
- Sony Pictures
- LinkedIn Hacking
- JP and Morgan Chase & Co
- Hannaford Bros.
Yahoo Data Breach
Ranking on the top internet services Yahoo was also not spared from the data breaches. Yahoo reported two major data breaches of the users during the second half of 2016. The first data breaches were officially announced in September 2016, though the breach happened earlier at 2014 over 500 million accounts were hacked and the data was leaked. The other major data breach had occurred around August 2013 and was brought to the public notice officially in December 2016. As per estimation this breach caused over 1 billion users accounts, later at October 2017 Yahoo agreed that all its 3 billion account users were not spared. These two breaches top the list of the biggest data breach in the history of the internet. The data breached information carried names, email addresses, encrypted security questions, telephone number, date of birth, and passwords.
Data Breached: August 2013 – 3 billion
Late 2014 – 500 million
Information leaked: names, email addresses, encrypted security questions, telephone number, date of birth, and passwords.
The Logic Bomb
A piece of code “LOGIC BOMB” was intentionally forced into a software system which set off a malicious function which meets the hacker necessities. Once a system is infected with the logic bomb they start deleting important files and execute many malicious files. Logic Bombs are always found in software that inherently malicious such as worms or viruses, these logic bombs are executing a specific kind of payload if and only if the conditions are satisfied. This kind of virus or worms spread rapidly before the user’s knowledge. There are kind of virus or worms which targets the host system on the specific date these are similar to “TIME BOMB”. Trojans activate on certain dates and create havoc. These logic bombs develop payload in such a way that it should be unwanted and unknown to the user of the software.
The biggest ever attack is reported by Sony BMG, In October 2005, Mark Russinovich found out that Sony BMG has embedded a logic bomb in the music CDs which installed insecure software on the buyer’s computers. The software monitored the computer completely and it also could change the system’s os access to their hardware. And over 22 million were affected by this logic bomb.
Data Breached: October 2005
Information leaked: Complete access over the infected system
Ransomware Wanna Cry
The ransomware Wanna cry attack was the greatest ransomware attack throughout the globe, the crypto worm was the ransomware used. Targetting the computers which run Microsoft Windows by encrypting all the files and demanding ransom through cryptocurrency.
Though the attack was stopped within a few days, by discovering a kill switch that created a barrier from spreading the virus from the infected computers. Roughly this ransomware had affected around
200,000 computers throughout the globe. The total damaged caused by the in terms of capital was 100 million dollars. Security analyst preliminary evaluation said that the worm attacked was originated from North Korea or other agencies working for that country.
Later in December 2017, The United States Australia and the United Kingdom formally declared that North Korea was behind the attack.
In August 2018 a new version of wanna cry ransomware attacked a semiconductor manufacturing company in Taiwan spreading across over 10,000 machines, and the company was forced to be closed temporarily.
Data Breached: 12 May 2017 – 15 May 2017
Information leaked: Names, email addresses, public, and non-public actions, hashed passwords, and profile data, Personal data, Banking details
Goldeye was similar to the rest of the ransomware but the only difference was that it had two layers of encryption:
1. Individually encrypts target files on the computer
2. Encrypts NTFS structure.
Similar to Petya, Goldeye also encrypts the entire hard disk mounted inside the system and it creates a barricade by denying access to the admin to access his files.
Later the ransomware finishes the encryption process and has a specialized routine, the worm basically crashes the computer forcefully and goes for a reboot and this makes the system unstable until and unless the ransom of $300 was paid.
The attack was first identified in Ukraine, Romania, and Russia. The worm had mostly targeted Government agencies Companies etc. But before the solution was found to the problem many private companies had paid the ransom and had retrieved the decryption key from the attacker.
Data Breached: Mid 2016
Information leaked: Each and every bit of information in the infected system.
November 24, 2014, a group of hackers identified as “Guardians of peace” (GOP). This group of hackers leaked confidential data of sony pictures. The data breached contained details of the company employees it had executive salaries, copies of the unreleased Sony films, and much other information.
These group of hacker main moto was to make Sony withdraw its upcoming film the interview. The interview was held for an upcoming launch of a comedy film to assassinate North Korean leader Kim Jong-un. The attackers also threatened that they would be an attack at cinemas screening the movie. Later the movie was not screened at the US and the chain continued, later Sony had to cancel the mainstream release and making it downloadable and limited theatrical release the next movement.
Later the U.S government intelligence bureau after going through all the forensic research and the techniques, network source used for the hacks they confirmed that the North Korea government had sponsored for the attack.
Data Breached: 24 November 2014
information leaked: confidential data of sony pictures. The data breached contained details of the company employees it had executive salaries, copies of the unreleased Sony films.
Epsilon, provides marketing services via email to 2,500 companies, after the identification of the unidentified entry the company put a warning on its website saying “EXPOSED BY AN UNAUTHORIZED ENTRY” into its email system. And further announced no more comments on the breach. The mysterious part is, it is not yet known who executed the attack and from where.
Dozens of clients throughout the world were warned that their emails would have been stolen. And some of the high profile companies like JPMorgan and Citigroup are among the few companies affected. And many unaffected companies like Best Buy, Walt Disney subsidiary Disney Destination also warning its customer about the breach and the list of companies affected.
The hackers stole the names and email addresses of millions of people in one of the largest security breaches in US history other information such as credit card information, passwords, net bankings, etc.
Data Breached: 06 March 2015
Information leaked: names and email addresses of millions of people in one of the largest security breaches in US history other information such as credit card information, passwords, net bankings, physical address
Over 170 million credentials were compromised in the 2012 data breach of a social networking job portal LinkedIn. Guessing widely on the amount of credential been compromised says that each and every account in the portal has been hacked.
On 08 June 2012 and the copy of the data breached was leaked in an unknown source these data contained email address hashed password. These breached data was been sold on the unknown source that was charged for subscribing.
The password which was stored in SHA1 with no salting was 117 million and the rest users were registered using Facebook or Gmail. The data that was leaked was sold for 5 Bitcoins with at present time costs $2,300 at the dark web forum.
The leaked source shared 1 million of the password with vice Motherboard which alerts the user that two of the user it contacted.
Data Breached: 08 June 2012
Information leaked: Name, email address, Password, Date of Birth and other personal information.
JP and Morgan chase & co
The cyber-attack on JPMorgan in July 2014 was a historical attack in the U.S it was believed over 83 million accounts 76 million household accounts and 7 million small business accounts were been compromised. The breach was considered as one of the worst nightmares into an American data system and is one of the biggest data breaches in the American’s history.
Later in September 2014, it was disclosed by the bank’s cybersecurity team by late July 2014, No sensitive information was lost such as Username and Passwords but the hackers could get the account holders name, postal address, phone number and, email through a phishing attack.
Not only JP and Morgan chase & co the hackers also targeted 9 other financial institutions. The hackers were cent percent successful in their attack and created a record in the history of data breaches.
Data Breached: July 2014
Information leaked: name, postal address, phone number and, email
Maine-based Supermarket chain Hannaford Brothers Monday disclosed it had a major data breaches in its computer network. This breaches resulted in the leaking of customers debit and credit card number.
The virus attacked Hannaford stores Sweetbay stores in Florida and much other retail operated stores in the Northeast that carry Hanfords products. Hannaford also said no personal data like name, address, email or contact had been leaked in the breach because they do not keep any personal data in their database.
the breach had occurred during transmission of the card said the official later at the press meet.
The breached had also contained information like debit and credit card details of the customer’s. Hannfords banking details their stock records and much other confidential information.
Data breached: 28 March 2018
Information leaked: Debit and credit card details, and confidential information about the company
Citibank is one of the biggest 4 banks in the United States found out a data breach on February 2017 affecting over 200,000 credit card customers.
Citibank gave a statement saying they regularly go for a security auditing every year and they also even notice 1% of the customers would have probably been in trouble and the security agency would have this reported to the bank and the bank would further inform the card holder’s and make them have secure banking.
Citibank has confirmed that customers’ social security numbers, credit card expiration dates, card security codes (CCV number) and dates of birth were not compromised. Still, we believe that hackers have armed themselves with enough information to potentially conduct malicious actions against the victims. It is all-too-common that we see cases where hacking events lead to spam and phishing campaigns that could later cause serious issues for those initially affected by a security breach.
But the breach which happened on Feb 2017 was a remarkable black dot on the Citibank popularity. Though the official said that the breach does not contain the social security number, date of birth, card security codes, etc. but it also said that the attackers have enough information to perform a malicious action against the victim. At the beginning stages, it was believed that the breach would have been caused by spamming phishing campaigns, these late caused a huge problem and caused a major breach.
Searching for the loophole of the breach it was found out in one of their own systems at the month of May and the breach was confirmed to be executed from this vulnerability.
Data Breached: 13 June 2011
Information leaked: Credit and debit card details.
How to secure yourself from any sort of cyber crimes?
- Use Strong Password.
- Never disclose your personal details in any kind of social media
- Use Anti-virus.
- .Never Shop in any untrusted site using your debit or credit card.
- Protect your wifi.
- Immediately report the cybercrime as soon as u notice one.
Secure Yourself Through Cybersecurity Analyst.
Texial Cyber Security is a private cybersecurity company. With the latest updates of cyber technology. Assisting people 24/7.
Texial has its top cybersecurity analysts and enables you to secure you and your data from any cyber threats. Secure your organization, institutions, through Texial Cyber Security.