The Most High-Profile Security Breaches of 2016
Without a doubt, 2016 has been a contentious year. Sparked by political discord, global health crises and a slew of celebrity deaths — many are eagerly awaiting a fresh start in the new year. But as we all charily know, the long-term effects of an event can sometimes take years to uncover; which is exactly what we discovered regarding our cybersecurity.
Below are some of the most high-profile security breaches realized in 2016 and what cyber security solutions can do to protect yourself or your business in the coming year.
Yahoo: Fool Me Twice…
Phew, it has not been a good year for Yahoo. The company started 2016 by announcing $4.4 billion in first quarter losses and responded by axing 15 percent of its workforce. The declining internet giant is looking to raise its business standing before it is bought by Verizon; a deal expected to be finalized in the coming months.
To make matters worse, Yahoo experienced not one, but two massive security breaches which were revealed just this year. The first took place in late 2014 and was reported in September 2016. An alleged state-sponsored hacker known as ‘Peace’ stole names, email addresses, telephone numbers, dates of birth, passwords and security questions from 500 million user accounts!
By taking advantage of bogus cookies, the hacker(s) were able to pose as authentic users to access account information without a password. This is especially frightening since a large percentage of internet users employ the same password, security answers and login credentials for multiple web services including social media pages, banking and business accounts. Sad to say, it appears that some employees knew about the intrusion.
A separate, unrelated data breach (occurring in August 2013) was revealed by law enforcement in December 2016, this time affecting over 1 billion user accounts! Similar account information was lifted during this earlier attack (much of which can be purchased on the dark net), and was discovered by agents investigating the 2014 incident. It’s important to note that both breaches are considered to be the largest in internet history.
Waiting for the Other Shoe to Dropbox
Of course, Yahoo isn’t the only company targeted by digital deviants. In October, the popular file-sharing service Dropbox disclosed that more than 68 million account had been compromised due to a 2012 hacking incident. While the problem was first brought to their attention in March 2013, they mistakenly believed that only email addresses were stolen and receiving spam.
It wasn’t until four years later that the problem’s true scale was revealed and Dropbox was forced to issue a release stating that emails, usernames and passwords had been pilfered. Again, this information was sold on the dark web for $1200 but is now freely available to anyone looking for it. While Dropbox maintains that no malicious activity has been observed, customers were advised to change their passwords to secure their files and personal information.
In the end, there are a few vital lessons to be learned from Dropbox and Yahoo:
The first is that large-scale hacking can sometimes go unnoticed for years. When it comes to cyber security solutions, it is always best to err on the side of caution. To better protect yourself or your business, be sure to change your account information regularly and always follow proper password protocol.
The next lesion is that cyber security solutions are only as good as the companies providing them. In the case of Dropbox, an employee of the company haphazardly reveals millions of user login credentials thanks to an insecure document listing usernames and passwords.
And the final lesson is that hackers have it easy. While security professionals need to block every possible attack to be considered successful, hackers only need to find one way in. But that doesn’t mean you have to make it easy for them. Make a New Year’s resolution to improve your cyber security solutions today.