Last year, hackers didn’t just hack — they also collected billion-account databases from breaches and leaks that had occurred years ago, only to sell them for profit. However, eight breaches were really shocking and affected millions of people worldwide.
“With so many breaches and leaks in 2019, it’s possible that your email address or other details ended up in the wrong hands. You can check whether your email was in one of the databases by going to Have I Been Pwned,” says Daniel Markuson, a digital privacy expert at NordVPN. “You can also check whether your password has leaked and might be used in a credential stuffing attack by visiting NordPass and checking if your password is secure.”
American Medical Collection Agency (11.9 million + 7.7 million). This breach affected not one but two lab testing companies. First, Quest Diagnostics was notified that someone had unauthorized access to AMCA’s databases for eight months. The hack affected almost 12 million of their customers. Hackers got access to very personal information such as credit card numbers, bank account information, medical information, and Social Security numbers. Then there was LabCorp, another company whose customers were affected by this breach. Almost 8 million customers’ personal and financial data was compromised.
Suprema (27.8 million). This security loophole left 27.8 million people’s biometric data exposed. Suprema is a security company responsible for the web-based Biostar 2 biometrics lock system. The system is used by almost 6,000 organizations in 83 countries, including governments and banks. Biostar uses fingerprints and facial recognition to allow employees into restricted buildings and areas. Security researchers from VPNmentor found that the Biostar database was left unprotected and largely unencrypted. Worst of all, they got access to tons of sensitive information.
Houzz (48.9 million). Houzz, a home design website, started the year announcing a breach in which hackers got unauthorized access to its customers’ publicly available information, as well as usernames and encrypted passwords. The company noticed the breach at the end of 2018 and was pretty vague about it in their public statements. However, ITRC reported that the hack affected almost 49 million Houzz customers.
Capital One (106 million). In July, Capital One announced that they suffered a massive data breach affecting 100 million Americans and 6 million Canadians. The hacker accessed credit card applications made between 2005 and 2019. They contained personal data including names, home addresses, email addresses, dates of birth, etc. What makes this one of the worst breaches of 2019 is that some bank numbers and social security numbers also ended up in the hands of the hacker.
Zynga (218 million). If you’ve ever played online games such as “Words with Friends” or “Draw Something,” you should be worried because their creator, Zynga, was breached in 2019. The hack affected a whopping 218 million users. Bad actors accessed log-in credentials, usernames, email addresses, some Facebook IDs, some phone numbers, and Zynga account IDs.
Facebook (419 million). A security researcher at the GDI Foundation found an unprotected server with a database containing approximately 419 million phone numbers belonging to Facebook users. The database was available to anyone, and it also included Facebook IDs, which makes finding user’s names and personal details even easier. The owner of the server wasn’t found, but the database was taken down shortly after it was discovered.
Collection by Gnosticplayers (1 billion+). This isn’t a breach per se as much as it is a collection of breaches affecting more than 1 billion internet users. A hacker who calls himself Gnosticplayers collected databases from 45 companies and put them up for sale on the dark web. These batches contained data such as users’ full names, email addresses, passwords, location data, and social media account information. The companies whose data was released includes Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), Animoto (25 million), 500px (15 million), CoffeeMeetsBagel (6 million), and more.
Collections #1-5 (3 billion). Collections #1-5 were probably the biggest leaks of 2019. They contained usernames and passwords collected over many years of breaches. These batches appeared on hacking forums and were noticed by security researcher Troy Hunt, who identified the link between them all and informed the public. The first batch was released in January and contained the data of 770 million people. Then, a few weeks later, Collections #2-5 appeared on the internet. They contained 25 billion unique records and roughly 2.2 billion unique usernames and passwords, making this one of the most significant leaks to date.
TikTok takes on COVID-19
The fastest growing social media platform in the world has also become an epicenter of public education about the coronavirus, attracting more than 30-billion views, writes ARTHUR GOLDSTUCK
The young have been getting a bad rap for wanting to party on while COVID-19 sends the world into lockdown. But a different movie is playing itself out on the social platform that is growing fastest among teenagers: TikTok.
Awareness campaigns by TikTok itself, collaboration with the International Red Cross, and spontaneous videos made by TikTok creators have combined into a barrage of information, education, awareness and social consciousness around the coronavirus.
Both globally and in South Africa, TikTok’s COVID-19 campaigns have gone viral.
The local #HayiCorona challenge, designed to remind people not to touch their face and wash hands regularly, has passed 1.5-million views. The TikTok collaboration with the International Red Cross, the #WashingHands challenge, has passed 12.6-million views.
One of the best-known participants in these challenges is the past year’s icon of South African talent, the Ndlovu Youth Choir, took up the global challenge with a 20-second hand-washing video. It put together a performance that brings tremendous energy to what can be a clichéd message, and ends with a punt for the Department of Health’s WhatsApp information service. The video can be viewed below.
“On a global scale, TikTok also partnered with the World Health Organization (WHO) to ensure that, while creators are still having fun and expressing themselves on the platform, they stay informed with COVID-19 information coming from a reliable source,” a TikTok spokesperson told us. “Through the partnership, the WHO has created an informational page on TikTok that offers information to curb the spread of the coronavirus as well as dispelling myths.”
The page can be viewed at https://vm.tiktok.com/GHTEGf
TikTok has hosted a number of livestreams with WHO experts, attracting users from more than 70 countries, tuning in for live question and answer sessions. It has also introduced labels on coronavirus-related videos, to point users to trusted information. Resources are also offered directly in the app and in a dedicated COVID-19 section of TikTok’s Safety Center, at https://www.tiktok.com/safety/resources/covid-19.
If users simply want to explore videos on the topic, they can search via the #coronavirus hashtag, or click on https://vm.tiktok.com/swKbn4. The hashtag has had an astonishing 33.8-billion views, indicating the scale of activity and interest around the topic on the platform.
Read more on the next page about how South Africans have embraced the campaign.
On World Backup Day: backup, backup, backup
It was World Backup Day yesterday, 31 March, at a time when business continuity is threatened as never before. That makes calls for protecting email and defending against ransomware all the more urgent.
The global coronavirus pandemic has brought into stark relief many organisations’ lack of business continuity plans and policies. With more than two billion people around the globe in forced lockdown in wide-ranging government efforts to stem the tide of infections, an unprecedented number of employees are working remotely.
This interruption to the normal way of work is precisely what an effective and resilient business continuity strategy should plan for, says Heino Gevers, cybersecurity specialist at Mimecast.
“Companies need uninterrupted access to critical business applications during times of disruption, including safe and secure web and email access for workers that are now operating outside the normal perimeters of the organisation,” he says. “In addition, comprehensive backup and archiving solutions should be ready to restore access to critical business applications should there be any unplanned downtime to ensure continuity until the crisis passes.”
According to Gevers, the current global crisis is likely to push business continuity up the list of priorities for many organisations that have been disrupted by the effects of the coronavirus.
“Organisations are facing new challenges to their productivity; for example in terms of technical support. If a remote user is infected with malware or ransomware, how does the IT team restore that device or do any remediation without being able to physically access it?”
Gevers advises that organisations implement tools that enhances the data protection capabilities of commonly-used tools such as Office365 and can leverage archived data to provide quick recovery of email data in the event of accidental loss, malicious attacks or technical failure.
“As adoption of cloud-based business applications grow in the wake of forced lockdowns around the globe, companies need to ensure they have the tools to recover in any situation,” he says. “This includes a data management strategy that combines archiving, backup and data protection capabilities to allow for quick restoration of critical systems and applications in the event of disruption.”
Jasmit Sagoo, head of technology at Veritas for the United Kingdom and Ireland, warns that this is a golden age for cybercriminals looking for ransomware opportunities.
“As the global cost of ransomware continues to grow, this World Backup Day,
Veritas is saying: ‘don’t pay up, back up!’,” he says. “Ransomware is
said to generate an estimated annual revenue of $1 billion a year, and
companies who are not consistent in backing up their data are allowing
criminals to line their pockets.
“Ransomware attacks exist only because some businesses can’t survive unless the hackers give them back their data. So, the key to survival is removing that reliance and being able to regain access to data, without engaging with the cybercriminals. The best way to do that is with a sound backup strategy.
“Sagoo advises organisations to create isolated, offline backup copies of their data to keep it out of reach of any attackers. They then need to proactively monitor and restrict backup credentials, while running backups frequently to shrink the risk of potential data loss. Businesses should also test and retest their ransomware defences regularly.
“Ransomware strikes without warning and it doesn’t discriminate between its targets – it can happen to any organisation, large or small. Despite their best efforts, most companies will fall to at least one attack. What distinguishes one victim from another is the ability to bounce back, which ultimately depends on its backup strategy.
“When ransomware hits, organisations that aren’t prepared often feel helpless to do anything other than to submit to their attacker’s demands. That’s why we’re urging all businesses to use World Backup Day as a catalyst to get ahead of the situation and get their data protected.”