Top 5 Security Breaches 2015 More than 720 data breaches occurred this year, and the top five cyber attacks alone have left more than 193 million personal records open to fraud and identity theft, according to 10Fold Communications.
Take a look back at the Top 5 biggest breaches of the year 2015.
The toymaker suffered a major breach in late November, with hackers taking 4.8 million records, as well as a database of first names, genders and birthdays of more than 200,000 kids.The breach occurred on company servers. Customers who used the company’s Learning Lodge app store and Kid Connect service were affected.
Hackers were able to retrieve adults’ profile information, including names, email addresses and passwords. They also obtained secret questions and answers for password retrieval, I.P. addresses, mailing addresses and download histories. Vtech had not properly scrambled customer passwords in its database and had also stored customers’ security questions and answers in plain text. Secure websites never store your chosen password in a readable format.(hash Table attack Link)
Hacker got access to a law enforcement portal used by police and federal agents to share intelligence, and book arrested suspects. The group, which goes by the name Crackas With Attitude (Link) . Hackers were able to exploit a vulnerability in the LEEP portal.
Donald Trump’s hotels
A hack that targeted seven of Donald Trump’s hotels, and lasted the whole year. Hackers snuck malware onto Trump systems. Credit card data, including security codes and card numbers. No final figure of how many people were affected.
Non-chip cards store cardholder data on a magnetic stripe, which can be trivially stolen by malware designed to infect point-of-sale devices. The data is then sold to thieves who can copy and re-encode it onto virtually anything else with a magnetic stripe and use the counterfeit cards to buy stolen merchandise from big box stores
Ashley Madison Data Breach
In July 2015, a group calling itself “The Impact Team” (Link)stole the user data of Ashley Madison.(a commercial website billed as enabling extramarital affairs) 37 million customer records. Bad MD5 hash implementation was the main reason behind this breach.
Three Database such as Users’ entries in three checkbox lists. Users’ email addresses. Credit card transaction information got hacked. Because of the site’s policy of not deleting users’ personal information, none of the accounts on the website need email verification for the profile to be created and even passwords were easy to hack.
Hacking Team Data Breach
Hacking Team is a Milan-based information technology company. 400GB of internal files including zero-day exploits the company planned to sell, source code, a list of its customers and emails. Hacker got the access to an engineer’s PC while it was logged into the network.
According to the document, the flaw affects Flash Player 9 and later on Internet Explorer, Chrome, Firefox, and Safari. Trend Micro has analyzed the vulnerability and determined that it’s caused by a use-after-free (UAF) issue in the ByteArray class. Analysis by Symantec has confirmed the existence of this vulnerability by replicating the proof-of-concept(Link) exploit on the most recent, fully patched version of Adobe Flash (22.214.171.124) with Internet Explorer. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected computer.
The credit agency suffered a breach in September, affecting as many as 15 million T-Mobile customers. Data, such as names, addresses, social security numbers, birth dates, and even passport numbers, may have been taken. Unauthorized access was an isolated incident over a limited period of time. It included access to a server that contained identifying information for some organizations and, primarily, personal information for individuals, including some current customers.
After this urgent steps taken by the organization are Ensuring web application firewalls are working as intended,Enhancing security of encryption keys, limiting authorized access to the server ,Engaging U.S. and international law enforcement and cyber crime authorities ,Increased monitoring of the affected servers and associated systems.