In 2018, there were 2263 public leaks of confidential information worldwide. Personal data and payment information were compromised in 86% of incidents - this is about 7,3 billion records of user data. Japanese crypto exchange Coincheck lost $534 million as a result of compromise of online wallets of its clients. This was the largest reported damage.
What will be the statistics for 2019 is still unknown. But there are already quite a lot of sensational "plums", and this is sad. We decided to review the most discussed leaks since the beginning of the year. “Whether there will be more,” as they say.
January 18: Bases Collection
On January 18, reports began to appear in the media about a database found in the public domain on
It soon became clear that Collection #1 was only part of the data array that ended up in the hands of hackers. Information security specialists found other "Collections" numbered from 2 to 5, and their total volume was 845 GB. Almost all information in the databases is up-to-date, although some logins and passwords are outdated.
Information security expert Brian Krebs contacted a hacker who was selling archives and found out that Collection #1 has been around for about two to three years. According to the hacker, “on sale” he also has more recent databases with a volume of more than four terabytes.
Feb 11: User data leaked from 16 major websites
February 11 edition of The Register
- Dubsmash (162 million)
- MyFitnessPal (151M)
- MyHeritage (92M)
- ShareThis (41M)
- Haute Look (28 million)
- Animoto (25 million)
- Eye Em (22 million)
- 8fit (20M)
- Whitepages (18 million)
- Fotolog (16 million)
- 500px (15 million)
- Armor Games (11 million)
- BookMate (8M)
- CoffeeMeetsBagel (6 million)
- Artsy (1 million)
- DataCamp (700)
For the entire database, the attackers asked for about $20; it was also possible to buy a data archive for each site separately.
All sites were hacked at different times. For example, the photo portal 500px reported that the leak occurred on July 5, 2018, but it became known about it only after the appearance of the archive with data.
Database
Feb 25: MongoDB insecure database
February 25, information security specialist Bob Dyachenko
The problematic database was owned by Verifications IO LLC, an email marketing company. One of her services was checking corporate emails. As soon as information about the problem database appeared in the media, the company's website and the database itself became inaccessible. Later, representatives of Verifications IO LLC stated that the database did not contain data from the company's customers and was replenished from open sources.
March 10: Facebook user data leaked via FQuiz and Supertest apps
March 10 edition of The Verge
Developers created applications for conducting tests. These programs installed browser extensions that collected user data. In 2017-2018, four applications, including FQuiz and Supertest, were able to steal the data of approximately 63 users. Mostly users from Russia and Ukraine were affected.
March 21: Hundreds of millions of unencrypted Facebook passwords
On March 21, journalist Brian Krebs reported
Pedro Canahuati, Facebook's vice president of engineering, security and privacy, said the problem with storing passwords in plain text has been fixed. In general, Facebook login systems are designed to make passwords unreadable. The company did not find evidence that unencrypted passwords were accessed illegally.
March 21: Toyota customer data leak
At the end of March, the Japanese automaker Toyota
The company did not disclose exactly what personal data of customers was stolen. However, she stated that the attackers did not get access to information about bank cards.
March 21: publication of patient data from the Lipetsk region on the EIS website
March 21, activists of the public movement "Patient Control"
Several auctions were posted on the public procurement website for the provision of emergency medical services: patients needed to be transferred to other institutions outside the region. The descriptions contained information about the patient's last name, his home address, diagnosis, ICD code, profile, and so on. Incredibly, patient data has been published in open form at least eight times in the last year alone (!).
The head of the Lipetsk Region Health Department, Yuri Shurshukov, said that an official investigation had been launched and that an apology would be made to patients whose data were published. The prosecutor's office of the Lipetsk region also began checking the incident.
April 04: Data leak of 540 million Facebook users
UpGuard, an information security company,
Records of social network members with comments, likes, account names were found on the Mexican digital platform Cultura Colectiva. Names, passwords, email addresses and other data were available in the now defunct At the Pool app.
April 10: data of ambulance patients from the Moscow region leaked to the network
At the ambulance stations (SSMP) of the Moscow region, presumably
On one of the file sharing services, a 17,8 GB file containing information about ambulance calls in the Moscow region was found. The document contained the name of the person who applied to the ambulance, the contact number, the address where the brigade was called, the date and time of the call, and even the patient's condition. The data of residents of Mytishchi, Dmitrov, Dolgoprudny, Korolev and Balashikha turned out to be compromised. It is assumed that the base was laid out by activists of the Ukrainian hacker group.
April 12: blacklisted by the Central Bank
Data of bank customers from the black list of the Central Bank of refuseniks under the law on combating money laundering
Most of the base is made up of individuals and individual entrepreneurs, the rest are legal entities. About individuals, the database contains information about their full name, date of birth, series and passport number. About IP - full name and TIN, about the company - name, TIN, PSRN. One of the banks unofficially admitted to journalists that the list of real clients-refuseniks. The database covers "refuseniks" from June 26, 2017 to December 6, 2017.
April 15: Personal details of thousands of US police and FBI members released
The cybercriminal group managed to hack several sites associated with the US Federal Bureau of Investigation. And posted dozens of files with the personal information of thousands of police officers and federal agents on the Internet.
Using publicly available exploits, attackers managed to gain access to the network resources of an association associated with the FBI Academy in Quantico, Virginia. About it
The stolen archive contained the names of US law enforcement and federal officials, their addresses, phone numbers, information about their email and positions. There are about 4000 different records in total.
April 25: Docker Hub user data leak
Cybercriminals gained access to the database of the world's largest library of images for Docker Hub containers, as a result of which the data of approximately 190 users were compromised. The database contained usernames, password hashes, and tokens for the GitHub and Bitbucket repositories used for automated Docker builds.
Docker Hub Administration
You can also recall the story with Doc +, which not so long ago
As a conclusion
The insecurity of data stored by government agencies, in social networks and on large sites, as well as the scale of theft, is horrifying. It is also sad that leaks have become commonplace. Many people whose personal data has been compromised do not even know about it. And if they do, they won't do anything to protect themselves.
Source: habr.com