The 5 Biggest Security Breaches of 2017 (So Far)
2017 isn’t over yet and there have already been several large-scale security breaches. In fact, more security breaches in 2017 have leaked more credentials than in any other year prior. And of course, there’s still three months left in the calendar.
While this is in no way a complete list of attacks, they are worth noting for their scope and severity. Below are five examples of some of the worst cyber-attacks that have occurred so far.
Snapchat
The infamous social media app has come under fire from a group of hackers operating from India. A former employee alleged that Snapchat CEO, Evan Spiegel has no plans for expanding Snapchat into “poor countries.” He singled out India as an example. In retaliation, hackers exposed a bug in the software and leaked the data of 1.7 million users.
Spiegel has denied the statements while pointing out that the app is available for free internationally. In fact, India has over 4 million active users. According to the Daily Mail, Snapchat hasn’t found any real leak. That did not stop the successful campaign by Indian users to uninstall the app and leave one-star reviews on app stores.
This may not qualify as a breach, considering Snapchat denies that one occurred. But, it holds up as an example of the effect even the suggestion of a breach impacts customer perception.
Waterly
Waterly is an Israeli mobile app that assists users in paying their municipal bills. Waterly signs users up for two more accounts: Pay24 and Bill2mail. Pay24 utilizes payment information. Bill2mail is service that allows users to pay all municipal bills from one account.
Earlier this year, one user discovered that by entering anyone’s bill2mail ID, they access all their personal information. Luckily the user made the vulnerability known. Waterly patched the problem within a couple of weeks.
This also means that more than one million users’ financial information was available to anyone who knew about the bug.
Equifax
Equifax is becoming the poster child of how not to handle users’ information. This saga of breaches claiming the media spotlight continues to worsen. New information now claims that the company knew about the attacks in March.
If these claims are true, that means that the company sat on the information that 143 million users had their personal information breached five months before they announced it. Mandiant, a security firm, handled the original attack. They believed that they had secured the data. But, a second attack occurred July 29th.
Equifax has provided users with steps to protect their account. But, the language of the terms of use is vague, and critics are worried that by agreeing to them you may be giving up any claim to compensation. A class action suit may be filed.
Even if you were part of the attack, there’s no way of knowing what was stolen, or how it’s been used. The company has made plans to improve its cleanup methods of the incident, but it may be too little, too late.
Everyone’s favorite selfie and amateur food photography app suffered an extensive brief on September 1st. According to the Verge, the hackers have stated to have stolen the information of around 6 million users.
The hack targeted high-profile celebrity accounts, beginning with Selena Gomez. They expanded to include big names in Hollywood, music, and sports. But, it’s clear that many people are also in danger of having had their information exposed in the process.
The hackers exposed a bug which gave them access to users’ email addresses and telephone numbers. The contact information was then put up for sale on a database which they called Doxagram. The database has currently listed the information of over 1,000 users for sale.
Instagram states that the bug was fixed. They have also said that they are currently working with law enforcement, but have not made any announcement about those that have been exposed.
Verizon
Nice Systems, the security company in question, is a long-standing, internationally recognized security firm. However, the same company overlooked a server vulnerability that put over 14 million Verizon users at risk with data available to anyone able to guess the web address.
You would think that with the number of exposed users being comparable to the population of Guatemala that Verizon would have taken an expedited approach. Instead, it took over a week for the breached data to become secure, and it was only after Chris Vickery of UpGuard alerted the company that measures were taken.
The breached data targeted users that had contacted Verizon customer support within the past six months. Information included customer names, phone numbers, and even account PINs. Members of congress have since called for hearings in response.
Three Months and Counting
2017 has the distinction of being a record year for data breaches, both hacks and leaks. With three months left on the calendar, and an increasing number of attacks every day; there’s no telling what the rest of the year and the near future hold in store.
