If there's one thing that we’ve learnt this year, it’s how easy it is for data to fall into the wrong hands. 2019 was a reminder that companies, regardless of industry or size, will be breached. No matter how big or small, the enemy will find a way in if you are not vigilant.
From ransomware, to phishing emails, to password spraying, cybercriminals used a range of techniques to trick users and infiltrate networks over the past 12 months – and that’s just among those attacks that have been reported.
In case you might have missed them, here’s a quick summary of some notable cyber-attacks that occurred this year. While this list isn’t comprehensive (there have been many other cyber incidents), we hope it serves as a good summary that you can share with your clients to broaden their awareness of the different ways their business can get compromised, and what steps they can take to boost their cyber defences.
Collection 1
How it happened: Nearly 773 million unique email addresses and 21 million unique passwords were posted to a hacking forum.
What was affected: The dump, labelled “Collection #1” and approximately 87GB in size, was first detailed by Troy Hunt, who operates the HaveIBeenPwned breach notification service. Hunt said the data cache was likely “made up of many different individual data breaches from literally thousands of different sources.”
Following the huge Collection #1 breach, there was a new leak – dubbed Collection #2-5 – which exposed 2.2 billion unique usernames and passwords.
When it was reported: January 2019
Toyota
How it happened: Toyota made headlines this year for two different cyber-attacks. The first was in February 2019, when Toyota Australia reported it was hit by a major cyber-attack that knocked out its online presence and email systems. For days, the automaker had its ability to connect with customers significantly compromised.
The second cyber-attack occurred in March 2019, when a large data breach at Toyota’s Tokyo area sales network was discovered.
What was affected: Toyota said unauthorised network access to a server used by sales subsidiaries during the March attack may have leaked up to 3.1 million pieces of customer data outside the company. The company did not say what type of customer information was accessed by the hackers, but said it did not contain credit card details.
The February attack on Toyota Australia did not result in a data breach.
When it was reported: February & March 2019
Citrix
How it happened: The software giant confirmed that hackers had access to its network between October 13, 2018, and March 8, 2019. They gained access by using a method known as password spraying, which involves attempts to access accounts with a few commonly used passwords.
What was affected: On certain days during this period, the attackers stole business documents and other files from a shared network drive used by the company for storing current and historical documents. They also targeted a drive associated with a web-based tool used by Citrix’s consulting practice.
It was reported that an estimated six to 10 terabytes of confidential internal information was accessible by cybercriminals behind this attack. While any data breach of this size is a legitimate news item, the Citrix data breach is particularly noteworthy as the software company provides cloud services to the U.S. military through its Shared Services Center and is one of the Department of Defense’s approved vendors.
When it was reported: March 2019
Facebook
How it happened: A security researcher discovered databases containing more than 419 million records tied to Facebook accounts. It appears the data -- which includes phone numbers and Facebook IDs and in some cases users' names, genders and countries -- was scraped from the platform. The researcher, Sanyam Jain, found the databases on an exposed server that wasn't protected with a password. This meant that anyone looking for such things could find, and access, those databases.
What was affected: The dataset included 133 million records on Facebook users in the US, 18 million on people in the UK and 50 million on users in Vietnam. "This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers," a Facebook company spokesperson was later reported as saying.
"The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook’s Chief Technology Officer."
When it was reported: April 2019
Canva
How it happened: Graphic design platform Canva experienced a “security incident” which gave unauthorised third parties access to user data.
What was affected: News of the breach first broke when the hackers themselves tipped off tech news site ZDNet, saying they had taken the data of about 139 million Canva users. Stolen data included details such as customer usernames, real names, email addresses, and city & country information, where available.
When it was reported: May 2019
Air New Zealand
How it happened: A phishing attack successfully compromised the email accounts of two staff members which gave cybercriminals easy access to sensitive data.
What was affected: It was reported that over 100,000 Air New Zealand customers may have had their data compromised in this breach.
The attackers gained access to internal documents which may have included information such as customers’ names, email, and mailing addresses. However, the airline stated customers’ passwords and credit card details were not affected.
When it was reported: August 2019
Adobe
How it happened: The basic customer details of nearly 7.5 million Adobe Creative Cloud users were exposed on the Internet inside an Elasticsearch database that was left connected online without a password. This data was found by security researcher Bob Diachenko from Security Discovery and Paul Bischoff, a tech journalist for CompariTech.
The cloud-based software company blamed the incident on a misconfiguration to one of its "prototype environments" that led to the server becoming exposed on the internet.
What was affected: The compromised details primarily included information about customer accounts, but not passwords or financial information.
Exposed user details included email addresses, Adobe member IDs (usernames), country of origin, and what Adobe products they were using. Other information also included account creation date, the last date of their login, whether the account belonged to an Adobe employee, and subscription and payment status.
When it was reported: October 2019
In each of these instances, regardless of the size or value of the information leaked, the destructive potential is immense. The damage sustained by companies as a result of cyber-attacks goes far beyond the immediate financial losses, and no doubt these firms and others that we haven’t mentioned, are still working through some of the implications.
As 2020 begins, let these data breaches serve as a motivator for all of us to practise good cyber hygiene, and to remain vigilant.
Have a cyber-safe 2020, everybody!
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.
