Cyber attacks are on the increase, and this year alone there have been a number of breaches at large organisations, with customer records and financial information being hacked and stolen en masse.
The 10 largest hacking attacks of 2014 are as follows:
A huge breach at Target affected up to 70 million customers, with names, addresses, phone numbers and emails stolen. The credit card details of some 40 million users were also compromised, which resulted in a high level of concern to members of the Target database.
The hackers used compromised point-of-sale terminals to access the data, and Target is warning customers to be on guard against phishing attacks as these could be used to try and obtain additional information for the purposes of identity theft.
Hackers have stolen the personal records of 233 million eBay users internationally, including usernames, passwords, phone numbers and addresses. While these could be used for identity theft, the theft of the passwords is a particularly concerning problem as most people use the same password for several accounts. It has been speculated that the hackers may gain access to other accounts as well simply by using these passwords.
Unfortunately eBay was using encryption to protect the passwords, which means they can be easily decrypted if you have access to the key. A better form of protection would have been hashing, which doesn’t reveal the plain text of the password.
Adobe customers have been the victim of a break-in, which netted hackers almost 3 million encrypted credit card records plus login data for an unknown number of user accounts.
In the event of such a breach as this, the best way to protect yourself from the illegal use of your credit card details is to either put a freeze on your card, change to a new account, monitor it closely, or have it monitored by a monitoring service.
Nearly 5 million Gmail usernames and passwords have been stolen – despite Google denying any evidence of a security breach – as they were published on a Russian website for the world to see.
If you think you might be affected, there is a website where you can check at isleaked.com. You should also change your password, as the stolen password may be used to access your other accounts.
Hackers stole a massive amount of credit and debit card details from Home Depot stores across the USA. Although the number is not yet known, Home Depot has some 2,200 American stores, so it could be bigger than the 40 million stolen from Target.
Those who think they might be affected should freeze or cancel their cards, monitor them for signs of unusual activity, or have a monitoring service do this for them.
Famous for the Firefox web browser, Mozilla has announced that it was responsible for the accidental disclosure of around 76,000 user email addresses and the encrypted passwords of around 4,000 users, due to a failed data sanitisation process.
Fortunately, the passwords are hashed, meaning the text cannot be read. However, they could still be used to access a user’s other accounts, so they should be changed as a matter of urgency.
AOL experienced unauthorised access to user email addresses, physical addresses, encrypted passwords, and encrypted answers to security questions.
AOL believes the information will be used for phishing and identity theft and, while there is no evidence yet of financial loss, AOL is urging all its users to change their passwords and security questions immediately.
One of the largest banks in the USA has been deeply compromised by hackers, who gained the highest level of access to JPMorgan’s computer network, compromising over 80 million accounts but stealing nothing.
It is believed they obtained a list of the applications and programs that run on JPMorgan’s computers, which they then cross-checked with known vulnerabilities. JPMorgan has now fortified its defences, but as yet there remains no evidence of fraud resulting from the attack.
European Central Bank
Hackers stole email addresses and contact data from the website of the European Central Bank (ECB). They demanded money for the data, but the ECB refused to pay, saying the database hacked into was a secondary one, separate from sensitive customer information.
ECB data security experts have rectified the vulnerability, and all those affected have been contacted and warned to be wary of phishing attempts. All passwords have been changed as a precaution.
US retail giant Neiman Marcus had as many as a million customer credit and debit card details hacked by malicious software secretly installed on the department store operator’s system.
The scraping of cards had been going on for several months and was only discovered after a bout of fraudulent card use. The malware was disabled, and investigation by forensic experts is currently underway.
Bonus hack: you didn’t think we’d miss Sony did you? Unfortunately the most recent hack is looking like it’s taking the title for the largest in 2014. You can read more about the hack here.