Cybersecurity breaches are currently at an all-time high. Cybercriminals are increasingly employing evolving technologies and sophisticated techniques to instigate data breaches.
For many organizations today, dealing with intellectual property theft, malware and ransomware has become the norm.
A report by Cybersecurity Ventures reveals that cybercrime will collectively cost the world more than $6 trillion by 2021. Herein are some of the most significant cybersecurity breaches of 2018 so far.
In early July, Timehop announced via a blog post that the company had learned of a data breach while it was in progress.
While Timehop was able to interrupt the intrusion, data belonging to some 21 million users had already been stolen. Timehop is a social app that connects to social media networks and displays past nostalgic posts.
The breached data includes names, email addresses, Timehop keys, phone numbers and dates of birth. The company stated that financial data, private messages and social media data was not compromised.
Timehop has since deactivated the keys that allow the app to read and display user’s social media posts.
Under Armour issued a written statement in March of this year stating that the MyFitnessPal app had been compromised. This cybersecurity breach resulted in the exposure of the personal details of approximately 150 millions users.
While the attack became known in March, it had been orchestrated in February.
Joint investigations with data security firms and law enforcement agencies revealed that the leaked data included usernames, passwords and email addresses. Fortunately, the passwords were hashed with bcrypt encryption.
Still, in an email, the company recommended that users change their passwords on other accounts that use the same code as MyFitnessPal.
In June 2018, genealogy and family networking website MyHeritage suffered a significant data leak that affected more than 92 million users.
Although the company learned about the leaks last month, the breach occurred last October. The organization’s top data security officer got news of the breach from a security researcher who located a file with compromised data on an external private server.
The leaked data comprised of names, email addresses and hashed passwords of all users who signed up for MyHeritage up to October last year. DNA data was not made public, but emails and hashed passwords were.
MyHeritage has encouraged all users to change their passwords while they investigate the breach further.
The Typeform data leak is among the latest cybersecurity breaches to affect an unknown number of customers.
Typeform is a web-based Software-as-a-Service (SaaS) firm that specializes in survey and form building. It is based in Barcelona.
The firm recently issued a statement on its website revealing that an unknown actor had accessed its server and downloaded specific information.
Businesses that utilize software to develop surveys make up Typeform’s client base. Given the number of companies that are issuing alerts over the breach, it is estimated to have affected millions of individuals.
Organizations that have warned customers of the leak include Australia’s Bakers Delight, Britain’s Fortnum & Mason, Birdseye, digital bank Monzo, the Tasmanian Electoral Commission, Ocean Protocol, DevResults, Post*Shift and the Australian Republic Movement.
- Dixons Carphone
Dixons Carphone is a U.K. retailer which owns PC World, Currys and several other brands in Europe. The company announced last month that it had fallen victim to a significant data breach where records belonging to 1.2 million customers were accessed.
The attackers also tried to obtain 5.9 million processing system cards from Dixons Travel shops and Currys PC World.
The data breach also compromised nearly 105,000 payment cards not issued by the EU. Such cards lacked chip and pin protection.
According to the retailer, the customer records contained personal data including names, physical addresses, email addresses and phone numbers.
Dixons Carphone began investigations into the breach and is currently engaging top cybersecurity experts.
- Strava Fitness Tracker
This was one of the more dangerous data leaks that occurred without the involvement of any malicious actors.
In January, it was revealed that American and allied military personnel worldwide unintentionally leaked their exercise routes through improper use of the Strava Fitness Tracker.
The leaked data included fitness sessions and routes near and within military bases around the world including Iraq, Afghanistan and Syria.
Enemies can use this type of information to carry out attacks. Cybersecurity researchers discovered several exercise route maps recorded by the fitness tracker in the affected locations.
This surge in costly data breaches is forcing all companies to enter a new reality for security practices. To combat this problem, organizations must educate employees about data privacy and protection.
The importance of implementing cybersecurity best practices and defensive measures cannot be overstated.