[BreachExchange] The Year Of The Breach: A Guide To The Major Hacks Of 2017

Audrey McNeil audrey at riskbasedsecurity.com
Mon Dec 4 19:22:45 EST 2017


https://www.benzinga.com/news/17/12/10836863/the-year-of-
the-breach-a-guide-to-the-major-hacks-of-2017

Uber, which is working to vindicate itself under new CEO Dara Khosrowshahi
following a string of scandals, faced a setback after it was revealed by
Bloomberg in a Nov. 21 report that the company was a victim of a hacking
incident in October 2016 — and chose to cover it up by paying $100,000 to
the hackers.

The personal data, including names, email addresses and phone numbers, of
50 million customers and 7 million drivers were stolen, although the
company told Bloomberg no social security numbers, credit card information
or trip location details were compromised.

Here's a look at major hacks that occurred or were discovered in 2017.

1. Restaurant, Food Companies In The Soup

A host of restaurant companies were victims of hacking this year, with the
likes of McDonald's Corporation (NYSE: MCD) and Amazon.com, Inc. (NASDAQ:
AMZN)-owned Whole Foods among those affected.

A March 16 tweet from McDonald's denouncing President Donald Trump was
supposedly the handiwork of a hacker. The restaurant chain quickly
responded by stating that its official Twitter account was compromised and
that it purged the account. McDonald's was also involved in a scandal over
fake filing in mid-February that disclosed purported interest in Chipotle
Mexican Grill, Inc. (NYSE: CMG).

Sonic Corporation (NASDAQ: SONC) disclosed Oct. 4 that credit and debit
cards used at certain drive-in locations may have been acquired using a
malware attack.

InterContinental Hotels Group PLC (ADR) (NYSE: IHG) found itself in the
same predicament earlier this year. On April 18, the hotel chain said cash
registers at its franchised hotels, including Holiday Inns and Crowne
Plazas, were hacked using malicious software that siphoned out customers'
debit and credit card data.

Hyatt Hotels Corporation (NYSE: H) said in mid-October that credit and
debit card data from 41 of its hotels was hacked, with the breach first
being identified in July.

2. Yahoo's 3-Billion-Account Hit

Yahoo, which now functions as a digital and mobile media company and is
part of Verizon Communications Inc. (NYSE: VZ), announced in December 2016
that a massive breach occurred in 2013 and impacted over 1 billion user
accounts. In October 2017, the company said the August 2013 breach impacted
every user on the platform — 3 billion in total.

3. Gaming Trouble

Video game console makers Microsoft Corporation (NASDAQ: MSFT) and Sony
Corp (ADR)(NYSE: SNE) were forced to realize that gaming is not child's
play when the Xbox 360 and PSP ISO forums, comprising 2.5 million gamer
accounts, were hacked in September 2015. The hacking came to light in late
January 2017, when it was reported by independent researcher Troy Hunt.

The breach is speculated to have compromised gamer e-mail addresses,
account passwords and IP addresses.

4. Blue Cross Blue Shield/Anthem Unshielded

Anthem Inc (NYSE: ANTM) reported a new data breach in July afte an earlier,
massive breach reported in January 2015 that impacted 78.8 million customer
records. The new breach, which is likely to have affected 18,500 members,
siphoned records of members to a private email address of a staffer at a
third-party vendor.

5. Equifax' Data Breach

Consumer credit reporting company Equifax Inc. (NYSE: EFX) revealed in
September that a data breach could have exposed the

sensitive information of 143 million people, with the breach having
occurred between mid-May and July. Equifax later raised the number of
affected people by 2.5 million.

The breach compromised about 209,000 Social Security numbers as well as
credit card numbers, birth dates, addresses and driver's license numbers.

6. Verizon Dials Up Hacking Woes

Verizon was not spared either, as records of about 14 million customers who
had called the company in the past six months were found on an unprotected
Amazon S3 storage server. The data was held by an employee of Nice System,
an Israeli company.

7. Big Tech's Hacking Run-In

Big-name tech companies such as Apple Inc. (NASDAQ: AAPL). SAMSUNG
ELECTRONIC(OTC: SSNLF) and Microsoft were found to be victims of snooping
by the CIA. The revelation from Wikileaks, codenamed vault 7, revealed that
the CIA used its panoply of hacking tools to break into smartphones,
computer operating systems, autos, messenger applications and
internet-connected televisions such as the Apple TV.

8. Disney Held For Ransom

In May, it was reported Walt Disney Co (NYSE: DIS)'s Johnny Depp movie
"Pirates of the Caribbean: Dead Men Tell No Tales" was hacked by
ransom-seekers who were demanding a substantial sum in bitcoin. The hackers
threatened to release the movie in bits over the internet if their demands
were not met.

9. VeriFone's POS Terminals Hacked

Point-of-sales credit card terminals maker VeriFone Systems Inc (NYSE: PAY)
said in January that it identified a breach of its internal network,
according to KrebsOn Security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171204/82321263/attachment.html>


More information about the BreachExchange mailing list