Data Breaches: The Complete WIRED Guide
#Data #Breaches #Complete #WIRED #Guide Welcome to InNewCL, here is the new story we have for you today:
Click Me To View Restricted Videos
History of data breaches
Data breaches have been increasingly common and damaging for decades. However, some stand out as insightful examples of how data breaches have evolved, how attackers can orchestrate these attacks, what can be stolen, and what happens to data after a breach occurs.
Data breaches began long before widespread use of the internet, but in many ways resembled the leaks we see today. An early landmark incident occurred in 1984 when credit reporting agency TRW Information Systems (now Experian) discovered that one of its database files had been breached. The find was protected by a numeric passcode that someone had taken from an administrative note at a Sears store and posted on an “electronic bulletin board” — a sort of rudimentary Google doc that people could access and change using their landline phone connection . From there, anyone who knew how to view the bulletin board could have used the password to access the data stored in the TRW file: personal information and credit histories of 90 million Americans. The password was exposed for a month. At the time, TRW said it changed the database password as soon as it learned of the situation. Though the incident dwarfs credit bureau Equifax’s breach last year (see below), TRW’s failure was a warning to data firms around the world — one that many apparently ignored.
Over the years and as the Internet has matured, large-scale security breaches such as the TRW incident have sporadically occurred. In the early 2010s, as mobile devices and the Internet of Things greatly expanded interconnectivity, the issue of data breaches became particularly acute. Stealing username/password pairs or credit card numbers — even breaking a data collection from already public sources — could give attackers the keys to a person’s entire online life. And certain breaches in particular helped fuel a growing dark web economy of stolen user data.
One such incident was a LinkedIn breach in 2012, which initially exposed 6.5 million passwords. The data was hashed for protection or cryptographically encrypted to make it unintelligible and thus difficult to reuse, but hackers quickly began “cracking” the hashes to reveal LinkedIn users’ actual passwords. Although LinkedIn itself took precautions to reset the passwords of affected accounts, attackers were still able to get many miles out of them by finding other accounts on the web where users had reused the same password. This all-too-common lax password hygiene means a single breach can haunt users for years.
The LinkedIn hack also turned out to be even worse than it first appeared. In 2016, a hacker dubbed “Peace” began selling account information, specifically email addresses and passwords, of 117 million LinkedIn users. Data stolen in the LinkedIn breach has since been repurposed and resold by criminals, and attackers are still having some success exploiting the data to this day, since so many people have been reusing the same passwords across numerous accounts for years.
However, data breaches didn’t really become table fodder until late 2013 and 2014, when major retailers Target, Neiman Marcus, and Home Depot suffered consecutive massive data breaches. The Target hack, which first became public knowledge in December 2013, affected the personal information (such as names, addresses, phone numbers, and email addresses) of 70 million Americans and compromised 40 million credit card numbers. Just weeks later, in January 2014, Neiman Marcus admitted that its point-of-sale systems were affected by the same malware that infected Target, stealing the information of approximately 110 million Neiman Marcus customers and 1.1 million Credit and debit card numbers were disclosed. Then, after months of episodes of those two breaches, Home Depot announced in September 2014 that hackers had stolen 56 million credit and debit card numbers from its systems by installing malware on the company’s payment terminals.
At the same time, however, an even more devastating and sinister attack was taking place. The Office of Personnel Management is the administrative and human resources department for US government employees. The department administers security clearances, conducts background checks, and maintains records on every past and present federal employee. If you want to know what’s going on in the US government, you should hack this department. So China did it.
Hackers associated with the Chinese government infiltrated OPM’s network twice, first stealing the technical blueprints for the network in 2013 and launching a second attack shortly thereafter, gaining control of the management server that handles authentication for everyone managed other server logins. In other words, by the time OPM fully realized what had happened and removed the intruders in 2015, the hackers were able to steal tens of millions of detailed records on every aspect of federal employee lives, including 21.5 million social security numbers and 5.6 Million fingerprint records. In some cases, the victims were not even federal employees, but were simply connected in some way to government employees who had undergone background checks. (These checks include all manner of extremely specific information, such as cards of a subject’s family, friends, co-workers, and children.)
