Top 10 Cybersecurity Incidents That Happened in 2020
2020 was a remarkable year for many reasons. From the rise of a global-level pandemic to the introduction of new technology around the world, the start of the new decade made a huge impact on the way we live and work.
Unfortunately, shifts in the landscape also meant that cybercriminals discovered new and improved ways of preying on businesses. Last year, the number of malware, ransomware, and other cybersecurity attacks skyrocketed, with many groups taking advantage of our renewed reliance on the digital world.
Here are our insights into some of the most significant cybersecurity incidents that happened in 2020 to help you prepare for the year ahead.
EasyJet Data Breach
EasyJet, an airline company from the UK, admitted in 2020 that 9 million data records and around 2,200 pieces of credit card details faced the wrath of cybercriminals. Strict GDPR rules in the UK meant that EasyJet faced serious fines as a result. The airline didn’t reveal how the information was stolen, but they did say that the hacker was targeting intellectual property.
Despite reporting the matter to the information commissioner’s office immediately, EasyJet came under fire because customers were only made aware of the issue four months after the incident took place. The issue led to serious repercussions for the airline. Speed is of the essence when dealing with a data breach.
CAM4 Data Leak
Nearly 11 billion records faced the scrutiny of cybercriminals during the CAM4 data leak in 2020. A team of researchers discovered the problem from the adult entertainment platform. Details exposed as part of the leak included everything from email addresses to payment records and full names. The company subsequently removed the database, but the results of the breach remained.
With access to the database available since March 2020, criminals had managed to get their hands on various pieces of information, including sexual preferences, device details, email communications, IP addresses, and even chat records between users.
Wishbone Data Breach
A popular social app among young teens, Wishbone had a serious security issue in May 2020 when it was discovered that hackers were selling a database with more than 40 million user records in it on the dark web. The incident was extremely worrying due to the young age of the users and the notorious reputation of the dark web.
No one has yet revealed how the hackers gained access to the records, but the leaked information included a lot of sensitive data: gender, social media profile information, email addresses, phone numbers, and even geolocation. Experts noted that the problem could have been limited if there was better encryption on the data.
Sina Weibo Data Breach
Chinese micro-blogging company, Sina Weibo made it to the front page of the news in March 2020 after a significant security incident exposed more than 538 million records. According to reports from the Chinese media, the breach leaked the personal details of countless users, which have since been put up for sale online.
In ads posted across the dark web, a hacker said that they had breached the Weibo website in 2019 and obtained a full dump of the company’s userbase. Real names, gender, site usernames, location, and even phone numbers for some users were amongst the key data that was breached. Passwords were not included for the various accounts.
Antheus Tecnologia Biometric Breach
Biometrics are supposed to lead to a new generation of data security, so imagine the outrage when biometric information is stolen? A team of security researchers in March 2020 discovered that the data of a Brazilian biometric solutions brand had been breached. The company had left access to information on more than 76,000 fingerprints unprotected on an unsecured server.
Although the server, in this case, didn’t store scans of fingerprints, code was available to help hackers recreate the prints. The company neglected to password-protect its information, leaving millions of records open to potential criminals.
Zoom Credentials Hack
Zoom has emerged as one of the most valuable companies in the world since the pandemic of 2020, but it’s had a few problems along the way too. The Zoom video conferencing software became popular among cybercriminals last year, and in a short time, the software became vulnerable to various security threats. During the first week of April 2020, reports of more than half a million stolen passwords on Zoom surfaced.
Criminals began putting Zoom information up for sale on the dark web, allowing pranksters and other people to log into meetings as they were happening. The hackers also gained personal details about the Zoom participants.
Experian Data Breach
In August of 2020, consumer credit reporting agency Experian suffered from a significant breach that impacted around 24 million consumers in South Africa. The issue also affected around 793,749 business entities too. The agency revealed that an individual claiming to be a client of Experian had requested services from the company, which led to the release of information.
Following the breach, Experian quickly reported the loss of the data to the authorities, and the data was secured and deleted. Experian has since announced that the data hasn’t been used for any fraudulent purposes before it was deleted. It is also said that the cybersecurity incident hasn’t had an impact on the security systems of the company.
Slickwraps and the White Hat Hacker
Slickwraps, a company that allows users to create custom skins for electronic devices, became a major contender for one of the most “abysmal” cybersecurity strategies in 2020. The company’s breach started when someone who claimed to be a “white hat hacker” tried to alert the company about its security problems. Slickwraps ignored the user, and the hacker published a post about the experience, showcasing the vulnerabilities of the brand.
A second hacker read the post and used the information to collect user data. The hacker also emailed every user affected by the breach to let them know they had been hacked. The hacker gained access to customer photos, shipping addresses, billing information, and admin account details.
WHO Cyber Attack
Among the stress of the global pandemic, cybercriminals went as far as to attack the credentials of health leaders around the world. At the end of April, around 25,000 email addresses and passwords belonging to various groups working to fight the pandemic and deliver a vaccine as soon as possible leaked online.
The information included details about the Gates Foundation, the US CDC, NIH and WHO (the World Health Organization). Later, WHO also confirmed that various credentials belonging to staff members had been leaked – although they said that the data stolen wasn’t recent, and didn’t pose any significant risk to the organization. WHO did learn its lesson and upgrade its security, however.
Twitter Spear Phishing
Social media platform Twitter sent the entire internet into a panic when it revealed it had been hit in one of the boldest online attacks of all time. The social platform suffered a breach where hackers verified Twitter accounts of various high-profile US personalities, including Elon Musk and Bill Gates. Out of around 130 targeted accounts, hackers reset around 45 user account passwords.
The accounts affected by the hack started posting fake tweets, offering to a send cash reward to anyone who sent their own money to unknown Bitcoin addresses. The Twitter breach meant that hackers were able to steal around $121,000 in bitcoin across around 300 transactions. The lesson here? Make sure that you’re always updating your security measures and protecting user accounts!