Since the outbreak of COVID-19 pandemic, there has been a significant increase in the number of data breaches in 2020. Read on to know more…
Since the outbreak of COVID-19 pandemic, organizations has been forced to move their business to remote sites and as a result there has been a significant increase in the number of data breaches in 2020.
Cybercriminals are currently exploiting the COVID-19 pandemic situation to initiate extremely advanced cyber-attacks on any potential industry. A cybersecurity report suggested that as many as 726 million reported cyber-attacks had occurred since the start of the year, putting 2020 on track to rack up somewhere in the region of 1.5 billion cyber-attacks per year.
Here are some of the major breaches that happened in 2020
Nintendo Data Breach
In April 2020, Nintendo announced that 160,000 accounts had been breached in a suspected credential stuffing attack. Using previously exposed user IDs and passwords, hackers were able to gain access to user accounts, enabling them to purchase digital items using stored cards and view sensitive data including name, email address, date of birth date, gender and country.
The gaming firm has been conducting investigations into the breach and has since announced that they believe a further 140,000 accounts were compromised in the attack, bringing the total number of hacked accounts to 300,000. Nintendo has reset the passwords for all affected customers and urged users not to use the same password across multiple accounts and services.
Easy Jet Data Breach
EasyJet revealed in May 2020 that they were subject to a cyber attack that had about 9 million customer details stolen. It is one of the biggest data breaches to hit the airline industry. It is understood that the names, email addresses and travel records of these customers were exposed. Additionally, the credit card details of around 2,208 customers were stolen including the CVV number on the backside of the card.
EasyJet did not explain how or exactly when the data breach took place. Even though EasyJet had known about the attack in January and informed the Information Commissioner’s Office (ICO), they didn’t inform their customers for four months.
Zoom Credentials Hack
At the start of April, when employees were settling into their new working from home environment, it emerged that virtual meeting app Zoom had suffered a humiliating security breach that exposed the login credentials of over 500,000 users. In yet another credential stuffing attack, hackers appear to have gained access to the accounts by using username and password combinations obtained in previous data breaches. The information was then sold on dark web hacker forums for as little as 1p.
Compromised data included login credentials, email address, personal meeting URLs, and Host Keys. This enabled criminals to log in and join meetings or use the harvested information for other malicious purposes.
Marriott Data Breach
In March 2020, hotel chain Marriott announced that they had suffered a serious security breach that exposed the data of more than 5.2 million guests. By using the login credentials of two employees who had access to the company’s loyalty scheme, hackers were able to steal the data from a third-party app. The personal information included names, addresses, email addresses, phone numbers, loyalty account information, company, gender, birth dates, linked airline loyalty programs and numbers, and guest preferences.
Marriott was quick to state that no payment card information, passport information, national IDs, or driver’s license numbers were exposed in the breach; however, investigations into the incident are still underway.
Twitter Spear Phishing Attack
On July 15, a Tweet was shared on a variety of high-profile pages, including Barack Obama, Joe Biden, Bill Gates and Elon Musk. “I’m giving back to the community. All bitcoin sent to the address below will be sent back doubled! If you send $1000, I will send back $2000. Only doing this for 30 minutes,” it reached more than 350 million people and resulted in the recovery of £86,800 in stolen ‘donations’ within hours.
According to the announcement made by Twitter, “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems”. While the attack targeted 130,000 public figures and profiles, the attackers made $121,000 bitcoin donations after the attack.