[BreachExchange] The biggest cyber attacks of the last 20 years

[Audrey McNeil]

https://extra.ie/2021/05/14/news/irish-news/biggest-cyber-attacks-last-20-years

Following the ransomware cyber attack launched on the Health Service
Executive (HSE) on Friday, what were some of the biggest cyber attacks of
the last 20 years?

On Friday, it was revealed that the IT systems of the HSE had come under a
‘very sophisticated’ ransomware attack, which is thought to have been
instigated by ‘international criminals’.

The attack has caused significant disruption to health services on a local
and national level, and the HSE is working to contain its impact and to
protect patient records.

Cyber crime is growing in global prominence, and is estimated to cost some
€350billion on an annual basis. As the threat of data breaches takes centre
stage, what have been some of the most significants incidents of the last
20 years?

Adobe — 2013

In October 2013, hackers infiltrated multinational computer software
company Adobe, stealing millions of encrypted customer credit card records
as well as the login data of millions of users.

Advertisement
Volume 0%


A final estimate reckoned that some 150 million username and hashed
password pairs were stolen, and customer names, credit and debit card
details, IDs and passwords were also exposed. In 2015, Adobe was ordered to
pay $1.1million in legal fees, as well as approximately $1million in
damages to users.

Ebay — 2014

In May 2014, eBay suffered a cyber attack in which the entire account list
of 145million users was compromised. The list included data such as names,
addresses, dates of birth and encrypted passwords. The financial
information of the users in question was not compromised, as it was stored
elsewhere.

The hackers are believed to have had access to the breached data for an
eye-watering 229 days, and eBay claimed that they used the credentials of
three corporate employers to carry out their crime. eBay asked users to
change their passwords, but the e-commerce platform was criticised for poor
communication.

LinkedIn — 2012

Business and employment networking platform LinkedIn underwent a big data
breach in 2012, when it confirmed that 6.5million unassociated passwords
had been stolen by hackers and posted onto a Russian forum for cyber
criminals.

However, the full extent of the breach was not revealed until 2016, when a
hacker who had previously sold data belonging to MySpace was found to be
offering the email address and passwords of some 165million LinkedIn users
in exchange for five bitcoins.

LinkedIn said that it had reset the passwords of the affected accounts.

Canva — 2019

In May 2019, Australian graphic design tool firm Canva was subjected to a
major cyber attack, during which hackers exposed the usernames, email
addresses, names, cities of residence and passwords of some 137million
users.

It is believed that hackers known as Gnosticplayers were behind the Canva
attack, as they boasted about their feat to ZDNet, and claimed to have
access OAuth login tokens for users who signed in through Google. Canva
notified users of the attack and advised them to change their passwords and
reset their OAuth tokens.

Subsequently, a list of some four million Canva accounts, including stolen
passwords, was decrypted and shared online. Canva was forced to invalidate
any unchanged passwords and to notify users featured on the list.

MyFitnessPal — 2018

MyFitnessPal, the fitness app owned by sportswear brand Under Armour, was
among 16 sites targeted by hackers in February 2018. Other companies
involved included DubSmash, MyHeritage, ShareThis, HauteLook, Animoto and
EyeEm.

The attack resulted in the data attached to some 617million user accounts
across all 16 sites being leaked and offered for sale on Dream Market. Some
150million MyFitnessPal users were affected, as their usernames, email
address, IP address, SHA-1 and bcrypt-hashed passwords were compromised.

The breach was recognised by MyFitnessPal, and customers were asked to
change their passwords.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210517/5a194786/attachment.html>