secured data in server

Hacks, Cyberattacks, and Data Breaches, Oh My

2018 is not over and yet the number of data breaches is already off the charts – 2,300 data breaches have been disclosed this year, exposing over 2.6 billion records.

Just last week was it reported that Shanghai police are investigating one of the largest data leaks on the mainland that may have affected around 130 million customers of Huazhu Hotels Group.

Huazhu reported the data breach on August 28th after finding a post on a dark web forum about the sale of its clients’ personal data and booking information. According to local media, the leaked information includes 240 million lines of data containing phone numbers, email addresses, bank accounts and booking details, and was available on the dark web for eight bitcoins or about US$56,000 – that is, $0.0004 a pop.

Worryingly, more than 130 million customers could be impacted as the chain also owns Novotel, Ibis and Mercure – so it could only be a matter of time before news surfaces of more people impacted by this breach outside of China.

But Huazhu is not the only mega-breach in 2018, other major system hacks have also made headlines in the last few months:

Exactis – 340 million personal records

Marketing data-broker Exactis accidentally exposed 340 million personal records until informed by security researcher and Night Lion Security founder Vinny Troia. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,” Troia said. Exactis exposed the records of 230 million consumers and 110 million businesses.

Under Armour – 150 million records

Also divulged in March was the news that someone had gained unauthorized access to MyFitnessPal, a platform which tracks users’ diet and exercise, owned by parent company, Under Armour. CNBC reported at the time that hackers had gained access to customers’ usernames, email addresses, and hashed passwords. More than 150 million MyFitnessPal users are believed to have been affected by the breach.

MyHeritage – 92 million records

In June, security researchers contacted online genealogy platform MyHeritage to reveal that they had found a file marked “myheritage” on a private server outside the company. When executives at MyHeritage examined the file, they discovered it contained email addresses of all customers who had registered with the site before October 2017. A statement published by the company explained that it also contained their hashed passwords but not payment information.

By the millions

This sort of data exposure is why so many organizations, across every sector, are layering in advanced security solutions, such as passive biometrics and behavioral analytics. In doing so, they’re shifting from “let’s make our company a bunker for all users” to “let’s build the bunker for risky users only.” They do so by using technology that doesn’t rely on data that could have been exposed in a breach, thus preventing post-breach damage.

Related to this blog 340 million personal records exposed and other major breaches in 2018