Data Breaches That Made Headlines in 2016
Posted by Security on
used with permission from Norton by Symantec, by Christina Schubert
980 data breaches occurred in 2016. That left an approximate 35,233,317 known records exposed. Over the years, data breaches have become more sophisticated, and cybercriminals target both large corporations and small businesses.
2016 saw a string of data breaches that left sensitive information of millions of people at the mercy of cybercriminals. In addition to financial consequences, these data breaches ruined customer trust and the reputation of the companies in question.
As we look back at 2016 here are some of the most impactful data breaches that shook the world.
Even though the breach occurred in 2012, its intensity came to light in mid-2016. A Russian hacker going by the name of “Peace” claimed responsibility for the 2012 hack. In 2016 the hacker resurfaced, and set up shop on the Dark Web to sell a whopping 117 million credentials that were acquired from the same breach.
In September 2016, Dropbox found out that 68 million user credentials had been exposed since 2012. They proactively swung into action to prevent any further damage. They completed a password reset for anyone who hadn’t updated their password since mid-2012.
Hot on the heels of Yahoo announcing a data breach of 500 million user accounts in September, the company announced in September that they suffered another breach of one billion accounts.
As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.
The attack campaign, dubbed Gooligan, has breached the security of over one million Google accounts and is still growing at a rate of 13,000 new infections each day. Gooligan is a variant of the Ghost Push malware family of hostile downloaders which download apps onto infected devices without the user’s permission. Once the malware has successfully been installed on the victim’s device, Gooligan can install apps from Google Play and rate them to raise their reputation and install adware to generate revenue. Gooligan can also steal a user’s Google email account and authentication token information, which can allow the attacker to bypass the login process and access the account as the victim is perceived as already logged in. These tokens can then be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.
The devices affected are phones that are running Android 4 (Jelly Bean, KitKat) and 5 (Lollipop).
This malware is unique in nature, as the only way to completely remove it from your phone is to do a clean installation of the operating system. This means that you may have to go to your mobile carrier and have them perform the installation.
FriendFinder Inc. owns multiple adult-themed websites, including AdultFriendFinder.com, Cams.com, Penthouse.com, Stripshow.com and more. In November 2016 the company went through a second breach in just over a year. This time 400 million accounts were breached and 16 million accounts were deleted.
Since April 2016, 1.1 million people have been at risk of having their private data exposed in the underground economy. Controversial website BeautifulPeople.com, which claims to have “the largest network of attractive people in the world,” announced that they had become a recent victim of a data breach.
According to Australian security researcher Troy Hunt, who manages the popular HaveIBeenPwned breach notification website, the data is not only genuine and online but is now being traded for money on the Dark Web.
What To Do to Stay Safe
If you think your account has been breached, change your password immediately! Even if you don’t think you’re affected, there’s no way of completely verifying that.
In addition to changing your passwords, it’s an excellent idea to turn on Two-Factor Authentication (2FA). Two-Factor Authentication adds an extra layer of security to your account, usually by sending a text code to a device you own that the hacker does not have access to.
What Can I Do To Protect My Information?
Being proactive about your accounts is the best security measure that you can take to do your part to help prevent data breaches.
Make sure that you use strong, secure passwords for each account you access, and be sure not to use the same password across multiple sites. Keeping track of various passwords can seem like an insurmountable feat, but there are free utilities such as Norton’s ID Safe Password Manager to help you keep track of all of those random strings of letters, numbers and characters.
Keep a Watchful Eye on Your Information
Monitor your bank and financial accounts on a regular basis for suspicious activity. If you do see suspicious activity, take action as soon as possible. Contact the bank or institution the suspicious activity originated from. Notify them of the suspicious transaction and inform them that your information was stolen in a data breach.
Make sure to subscribe to an identity protection service that not only monitors your personal information but also works with you 24 x 7 x 365 to fix your stolen identity should your identity ever get stolen. Norton Identity Protection Elite is one such product that offers a comprehensive service and a team of U.S.-based remediation experts.
Data breaches are here to stay, and the best defense against them is a good offense. Educate yourself and stay diligent about monitoring your online life.