You didn't think 2020 would just go by without a handful of major data breaches did you?
The global coronavirus pandemic disrupted every aspect of our day-to-day lives and made this a tough year for everyone. But that certainly didn't discourage hackers and cybercriminals from taking advantage and looking for opportunities to turn a profit.
Here are just 5 of this year's most significant hacks and data breaches.
Zoom seemingly came out of nowhere this year. Due to social distancing restrictions, this video-conferencing platform quickly became the go-to service for work meetings, online classes, and anything else you could think of. Unfortunately, this sudden surge in users also uncovered several privacy and security issues which have plagued the company throughout the year.
It also made them a popular target for cybercriminals. In April, it was revealed that 500,000 stolen Zoom passwords were up for sale on the Dark Web, with some being given away for free and others being sold for as low as a penny each. Researchers at IntSights found several databases of stolen Zoom passwords that had been collected through a technique known as credential stuffing.
When Nintendo released its highly-anticipated "Animal Crossing: New Horizons" in March, it was hailed as the perfect way to get through the quarantine and escape reality. Subsequently, sales of both the game and Nintendo Switch consoles skyrocketed. But much like Zoom, this spike in popularity may have also made them a very desirable target for hackers.
In April, many Nintendo Switch owners began reporting unauthorized account access attempts. Nintendo soon confirmed that 160,000 Nintendo Network ID accounts had been compromised, which would be updated to 300,000 accounts in June, following an investigation. The company stated that the passwords were obtained “by some means other than our company’s service”, which could indicate another case of credential stuffing.
Twitter experienced one of the more bizarre cybersecurity incidents this year. Back in July, the Twitter accounts of several high profile users like Joe Biden, Elon Musk, Kanye West, and others were taken over and used to tweet out a Bitcoin scam. Besides the 130 accounts that were briefly hijacked, nothing else was accessed, and it was reported that the scam only yielded $121,000 in Bitcoin.
Twitter soon released a statement clarifying that a few of its employees were targeted in a mobile spear phishing attack which involved gaining access to internal tools and posing as a member of the Twitter IT department. By the end of the month, three individuals responsible for the attack were charged, one of whom it turned out was only 17.
Near the end of March, Marriott disclosed a data breach that compromised the personal information of 5.2 million guests. In mid-January, hackers used the login credentials of two employees at a franchise property to access an application used to help provide services to guests, according to an official statement. The data compromised included information such as names, mailing addresses, emails, and phone numbers, but not payment data.
This wasn't the first time Marriott had suffered a data breach. Back in 2018, Marriott subsidiary Starwood was hacked, compromising the personal data of 383 million guests, including unencrypted passport numbers and credit card records. For that breach, Marriott was fined $123 million by the UK's Information Commissioner's Office.
2020 also saw one of the largest data breaches to affect any company in the UK. In May, the UK's largest airline, EasyJet, revealed that the personal data of 9 million customers had been compromised in what it referred to as a “highly sophisticated” cyber attack. Of those 9 million customers, 2,208 of them had their credit card details compromised.
In a statement given to the BBC, EasyJet explained that it first became aware of the attack in January, but was only able to notify the customers whose credit card details were compromised in early April once their investigation had progressed enough. They went public with the news in May and warned affected customers to be wary of phishing attacks.
These 5 data breaches certainly weren't the only ones that took place this year, but they do highlight the fact that even during a global pandemic cybercrime did not take a day off. Tried and true methods like credential stuffing and phishing attacks were just as effective this year, if not even more.
2020 pushed us all towards a new era of remote work and heavy reliance on cloud services, but also an increased vulnerability to cyberattacks. There's no telling what 2021 will have in store for businesses, but if it's anything like 2020, it would be wise to buckle up and prioritize the online security of your organization.
Sign up for MYKI for MSPs today and start taking control of your digital identity.