Why do data breaches occur?
Data is the oil of the 21st century, said British mathematician Clive Humbly in 2006. The term has really caught on with the growth of the digital economy. Any company that interfaces with technology tries to make every ounce of profit from what is collected on its data servers. With undaunted accuracy, everything around you gathers technology, data about you, to serve advertisers, create virtual profiles, etc.
Twitch’s recent data breach has brought the focus back to how organizations truly protect what is often sensitive information, including account credentials. Unsurprisingly, hackers are looking for data that companies keep collecting. They can potentially make millions by gaining access to it by twisting the arm of a company they hacked to pay them for their silence and selling it on the dark web to anyone willing to pay. Or even sell to competing companies.
The data breaches of recent years show how priceless data is. According to security company Norton, a data breach is a security incident in which information is accessed without authorization. “Data breaches can harm businesses and consumers.” According to a study by the Ponemon Institute, Michigan, the average cost to a business is $ 3.86 million.
Some of the main violations:
Scale: 1.1 billion pieces of user data
For months, a marketing consultant used a web scraper to suck up data from users of Alibaba’s online shopping website Taobao in China. This included usernames and phone numbers and reportedly over a billion user data. Alibaba insists that none of the user data has been sold. The hackers were sentenced to three years in prison and a fine under China’s data laws.
Scope: 3.3 million customers
In June, Volkswagen (VM) confirmed that hackers had accessed details from over 3.3 million customers. This included names, postal addresses, telephone numbers and vehicle information. “This also included information that was collected for sales and marketing purposes from 2014 to 2019,” said Audi and Volkswagen in a press release. It added that one provider left this data unsecured. VW guaranteed customers special assistance in the event of a car theft.
Also read: The interactive live streaming service Twitch is hacked and reveals the source code
Scope: Around 300 million users
The data of 300 million users of Astoria Company, a company that generates financial services for auto loans, insurance products, and mortgages in the United States, has been put up for sale on the darknet. The data included bank account details, cell phone numbers, social security numbers, credit history, medical details, home addresses, etc.
Scope: Around 500 million users
In June, Microsoft’s own professional networking website, LinkedIn, was hit by a data breach when a hacker nicknamed “God User” provided the first set of data with data from 500 million users. This included email addresses, phone numbers, and geolocation information. LinkedIn said this was not a data breach. “Our initial investigation found that this data was being scraped from LinkedIn and other various websites,” the company said.
Scope: Around 533 million users
In April 2019, hackers accessed the account details of 533 million users in 106 countries. This also included phone numbers. This was of particular concern as phone numbers for users do not usually change. This data was finally published this year on online forums that are open to everyone. Facebook said the vulnerability that led to the data leak in 2019 has now been fixed.
Marriott International (Starwood)
Scope: Around 500 million customers
Marriott confirmed that an attack on its data systems resulted in an information leak for half a million Starwood guests. This included credit card details and passport numbers, information that guests share with the hotel during their stay. While Marriott acquired Starwood in 2016, the integration of the IT systems was not yet complete at the time of the breach.