In 2017, breaches reached a new peak as hackers perfected the art of compromising systems. Last October, we explored the spooky effects of ransomware attacks in our post, Three Ransomware Horror Stories. From the Equifax data breach to HBO’s stolen files, let’s take a closer look at the worst hacks of 2017.
The Worst Hacks of 2017
1. E-Sports Entertainment Association (ESEA)
In January 2017, ESEA confirmed a data breach with over 1.5 million records stolen. These records included a multitude of account holders’ private data. First and last names, email addresses, dates of birth, phone numbers, zip codes, Steam IDs, Xbox IDs, PSN IDs, registrations, cities, and last dates of login were all stolen from 1,503,707 ESEA users. This data later popped up for sale on the dark web, and the true impact of the data breach is still to be determined.
2. HBO
HBO made headlines in an unexpected way during last year’s summer blockbuster season. In July 2017, hackers announced that they had stolen 1.5 terabytes of data, from the script for an upcoming Games of Thrones episode to the upcoming installment of the Pirates of the Caribbean franchise, making this one of the worst hacks of 2017. Immediately following the hack, HBO offered $250,000 to prevent the culprits from releasing the information to the public.
In addition to stealing films and scripts, the breach included the theft of the following employee data from an undisclosed number of records: employee names, email addresses, and roles within the HBO organization. It’s possible the culprits may exploit the employee data for phishing attempts or to create false credentials to use in the future. To date, the total monetary and business impact of the breach is still uncertain. However, the breach does bear an eerie resemblance to the 2014 Sony hack; as such, many entertainment officials are still scrambling to ensure that security is tighter than ever.
3. SVR Tracking
The San Diego-based auto dealership service revealed in September 2017 that more than 540,000 customer records leaked online. An unsecured Amazon S3 bucket made the information was to blame, and email addresses, passwords, VINs, license plate numbers, and the travel histories for each vehicle were published during the hack. Fortunately, the company repaired the vulnerable Amazon S3 bucket within three hours of discovery; however, time will tell how many of the over half a million records were copied for future nefarious use.
4. Lithuania Plastic Surgery Database
In March 2017, the hacking group “Tsar Team” stole tens of thousands of records from the Grozio Chirurgija database. These records included patient photos, credit card details, and passport information. Those affected were from Lithuania, Denmark, Germany, Norway, and the UK. The group demanded money from patients (as much €2000 Euros), as well as €344,000 Euros from the clinic. The clinic refused to pay, which resulted in the publication of 25,000 stolen photos, as well as other pieces of confidential information. The investigation is still ongoing, and individuals still being contacted with ransom demands should forward them to the proper authorities.
5. Equifax Data Breach
Over 143 million Americans woke up to the news in late July that their personal information was stolen from the Equifax database. The Equifax Data Breach was the result of hackers exploiting a weak point within the website’s software between mid-May to late July. Experts are calling this one of the worst breaches ever due to the sensitivity of the stolen information.
Hackers stole full legal names, birth dates, addresses, driver’s license numbers, Social Security numbers, credit card numbers, and other personal information. The breach extended to consumers from the US, UK, and Canada. Investigators are still measuring the true extent of this hack. This requires a period of extended diligence for all affected consumers. Some consumers have been advised to initiate credit freezes, others have been told to sign-up for credit monitoring services, but all affected consumers should monitor their accounts to ensure they can take immediate action should their personal data be used by someone else.
The Bottom Line: Vigilance Is Key For 2018
The digital world that we live in means that hackers will continue to prey on unsuspecting businesses and individuals. Strong prevention and detection are both needed to protect vital data, and by working closely with cybersecurity experts, organizations can better protect their assets in 2018.