In 2018, there were 2263 public leaks of confidential information worldwide. Personal data and payment information were compromised in 86% of incidents - this is about 7,3 billion records of user data. Japanese crypto exchange Coincheck lost $534 million as a result of compromise of online wallets of its clients. This was the largest reported damage.
What will be the statistics for 2019 is still unknown. But there are already quite a lot of sensational "plums", and this is sad. We decided to review the most discussed leaks since the beginning of the year. “Whether there will be more,” as they say.
January 18: Bases Collection
On January 18, reports began to appear in the media about a database found in the public domain on mailboxes with passwords (including users from Russia). The database was a collection of leaked databases of about two thousand different sites accumulated over several years. For which it received the name Collection #1. In terms of size, it turned out to be the second database of hacked addresses in history (the archive with 1 billion Yahoo! users, which appeared in 2013, was considered the first).
It soon became clear that Collection #1 was only part of the data array that ended up in the hands of hackers. Information security specialists found other "Collections" numbered from 2 to 5, and their total volume was 845 GB. Almost all information in the databases is up-to-date, although some logins and passwords are outdated.
Information security expert Brian Krebs contacted a hacker who was selling archives and found out that Collection #1 has been around for about two to three years. According to the hacker, “on sale” he also has more recent databases with a volume of more than four terabytes.
Feb 11: User data leaked from 16 major websites
February 11 edition of The Register that the data of 620 million users of large Internet services are sold on the Dream Market trading platform:
- Dubsmash (162 million)
- MyFitnessPal (151M)
- MyHeritage (92M)
- ShareThis (41M)
- Haute Look (28 million)
- Animoto (25 million)
- Eye Em (22 million)
- 8fit (20M)
- Whitepages (18 million)
- Fotolog (16 million)
- 500px (15 million)
- Armor Games (11 million)
- BookMate (8M)
- CoffeeMeetsBagel (6 million)
- Artsy (1 million)
- DataCamp (700)
For the entire database, the attackers asked for about $20; it was also possible to buy a data archive for each site separately.
All sites were hacked at different times. For example, the photo portal 500px reported that the leak occurred on July 5, 2018, but it became known about it only after the appearance of the archive with data.
Database email addresses, usernames and passwords. True, there is one joyful fact: passwords are mostly encrypted in one way or another. That is, to use them, you first have to rack your brains over decrypting the data. Although, if the password is simple, then it is quite possible to pick it up.
Feb 25: MongoDB insecure database
February 25, information security specialist Bob Dyachenko a 150 GB unsecured MongoDB database containing over 800 million records of personal data on the network. The archive contained email addresses, surnames, information about gender and date of birth, telephone numbers, postal codes and addresses, IP addresses.
The problematic database was owned by Verifications IO LLC, an email marketing company. One of her services was checking corporate emails. As soon as information about the problem database appeared in the media, the company's website and the database itself became inaccessible. Later, representatives of Verifications IO LLC stated that the database did not contain data from the company's customers and was replenished from open sources.
March 10: Facebook user data leaked via FQuiz and Supertest apps
March 10 edition of The Verge that Facebook has filed a lawsuit against two Ukrainian developers, Gleb Sluchevsky and Andrey Gorbachev. They were charged with the theft of users' personal data.
Developers created applications for conducting tests. These programs installed browser extensions that collected user data. In 2017-2018, four applications, including FQuiz and Supertest, were able to steal the data of approximately 63 users. Mostly users from Russia and Ukraine were affected.
March 21: Hundreds of millions of unencrypted Facebook passwords
On March 21, journalist Brian Krebs reported that Facebook has been storing millions of passwords unencrypted for a long time. About 20 thousand employees of the company could view the passwords of 200 to 600 million Facebook users, since they were stored in a plain text format. Some Instagram passwords also got into this unprotected database. Soon the social network itself will officially information.
Pedro Canahuati, Facebook's vice president of engineering, security and privacy, said the problem with storing passwords in plain text has been fixed. In general, Facebook login systems are designed to make passwords unreadable. The company did not find evidence that unencrypted passwords were accessed illegally.
March 21: Toyota customer data leak
At the end of March, the Japanese automaker Toyota that hackers managed to steal the personal data of up to 3,1 million of the company's customers. Hacking into the systems of sales divisions and five subsidiaries of Toyota occurred on March 21.
The company did not disclose exactly what personal data of customers was stolen. However, she stated that the attackers did not get access to information about bank cards.
March 21: publication of patient data from the Lipetsk region on the EIS website
March 21, activists of the public movement "Patient Control" that in the information published by the Lipetsk Region Health Department on the EIS website, personal data of patients were provided.
Several auctions were posted on the public procurement website for the provision of emergency medical services: patients needed to be transferred to other institutions outside the region. The descriptions contained information about the patient's last name, his home address, diagnosis, ICD code, profile, and so on. Incredibly, patient data has been published in open form at least eight times in the last year alone (!).
The head of the Lipetsk Region Health Department, Yuri Shurshukov, said that an official investigation had been launched and that an apology would be made to patients whose data were published. The prosecutor's office of the Lipetsk region also began checking the incident.
April 04: Data leak of 540 million Facebook users
UpGuard, an information security company, about getting into open access data of more than 540 million Facebook users.
Records of social network members with comments, likes, account names were found on the Mexican digital platform Cultura Colectiva. Names, passwords, email addresses and other data were available in the now defunct At the Pool app.
April 10: data of ambulance patients from the Moscow region leaked to the network
At the ambulance stations (SSMP) of the Moscow region, presumably. Law enforcement agencies have launched a pre-investigation check on reports of the incident.
On one of the file sharing services, a 17,8 GB file containing information about ambulance calls in the Moscow region was found. The document contained the name of the person who applied to the ambulance, the contact number, the address where the brigade was called, the date and time of the call, and even the patient's condition. The data of residents of Mytishchi, Dmitrov, Dolgoprudny, Korolev and Balashikha turned out to be compromised. It is assumed that the base was laid out by activists of the Ukrainian hacker group.
April 12: blacklisted by the Central Bank
Data of bank customers from the black list of the Central Bank of refuseniks under the law on combating money laundering 12th of April. It was about information about 120 thousand clients who were denied service in accordance with the law on countering the laundering of proceeds from crime and the financing of terrorism (115-FZ).
Most of the base is made up of individuals and individual entrepreneurs, the rest are legal entities. About individuals, the database contains information about their full name, date of birth, series and passport number. About IP - full name and TIN, about the company - name, TIN, PSRN. One of the banks unofficially admitted to journalists that the list of real clients-refuseniks. The database covers "refuseniks" from June 26, 2017 to December 6, 2017.
April 15: Personal details of thousands of US police and FBI members released
The cybercriminal group managed to hack several sites associated with the US Federal Bureau of Investigation. And posted dozens of files with the personal information of thousands of police officers and federal agents on the Internet.
Using publicly available exploits, attackers managed to gain access to the network resources of an association associated with the FBI Academy in Quantico, Virginia. About it TechCrunch.
The stolen archive contained the names of US law enforcement and federal officials, their addresses, phone numbers, information about their email and positions. There are about 4000 different records in total.
April 25: Docker Hub user data leak
Cybercriminals gained access to the database of the world's largest library of images for Docker Hub containers, as a result of which the data of approximately 190 users were compromised. The database contained usernames, password hashes, and tokens for the GitHub and Bitbucket repositories used for automated Docker builds.
Docker Hub Administration users about the incident late on Friday, April 26. According to official information, unauthorized access to the database became known on April 25. The investigation into the incident has not yet been completed.
You can also recall the story with Doc +, which not so long ago on Habré, unpleasant with payments of citizens to the traffic police and the FSSP and other leaks that are described .
As a conclusion
The insecurity of data stored by government agencies, in social networks and on large sites, as well as the scale of theft, is horrifying. It is also sad that leaks have become commonplace. Many people whose personal data has been compromised do not even know about it. And if they do, they won't do anything to protect themselves.
Source: habr.com