As a result, anyone with a link to the documents could view them freely. Although this incident was labeled a data leak instead of a breach (no hacking involved), it shows just how easily sensitive information can fall into the wrong hands.ĭue to a website design error called Insecure Direct Object Reference (IDOR), access to private information was allowed without needing verification or authentication procedures. suffered a major data leak due to poor data security measures and faulty website design. Microsoft followed suit and named a Chinese state-sponsored hacker group, Hafnium, as the culprit behind the attack. In July 2021, the Biden administration, along with the FBI, accused China of the data breach. Because the systems weren’t on the cloud, Microsoft couldn’t push a patch to fix the issues immediately. Though Microsoft was able to patch the vulnerabilities, if the owners of the individual servers didn’t update their systems, attackers would be able to exploit the system flaw again. Since the requests looked like they came from the Exchange servers themselves, many people assumed it was legitimate and approved. Once they were in, they could request access to data, deploy malware, use backdoors to gain access to other systems, and ultimately take over the servers. They only needed two conditions to break into each individual company’s email servers: The hackers were able to exploit four different zero-day vulnerabilities that allowed them to gain unauthorized access to emails from small businesses to local governments.įor three months, hackers took advantage of a few coding errors to allow them to take control of vulnerable systems. In one of the largest cyberattacks in US history, over 30,000 US businesses were affected by a sweeping attack on the Microsoft Exchange email servers, one of the largest email servers in the world. Impact: 30,000 US companies (60,000 companies worldwide) Not only was Yahoo slow to react, but the company also failed to disclose a 2014 incident to users, which resulted in a $35 million fine and, in total, 41 class-action lawsuits. However, after Verizon bought out Yahoo in 2017, they reported that the final number of records totaled about 3 billion accounts affected. Initially, Yahoo reported stolen data from about 1 billion accounts. The first attack occurred in 2013, and many more would continue over the next three years.Ī team of Russian hackers targeted Yahoo’s database using backdoors, stolen backups, and access cookies to steal records from all user accounts, which included personally identifiable information (PII) like: The data breach of Yahoo is one of the worst and most infamous cases of a known cyberattack and currently holds the record for the most people affected. Impact: Over 3 billion user accounts exposed
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |