Despite the world stopping in 2020 due to the Covid-19 pandemic, hackers were as active as never before and took advantage of the economic disruption amid this global crisis, breaching thousands of databases and leaking a huge amount of private and sensitive information. The number of cyberattacks grows with each year, and 2020 saw another spike in cybercrime.
Lockdowns all over the world have totally changed the way people go about their lives. Almost everything, from working to buying groceries, had to be conducted online, making users leave more digital footprint than never before. This surge in the volume of data being exchanged attracted many hacking groups looking for security vulnerabilities to exploit. Cybersecurity specialists say that one of the best ways to avoid data breaches and ensure online safety is to protect networks with a VPN service like PrivateInternetAccess.com.
According to a report recently released by security firm Risk Based Security, as many companies choose not to publicly disclose data breaches, the number of incidents decreased by 48% in 2020, amounting to approximately 4,000 breaches. The volume of compromised data, though, more than doubled, increasing by 141% and reaching almost 37 billion leaked records, the largest since 2005. In comparison, there were 15 billion records breached throughout the entire year of 2019.
Out of the 3,932 breaches, this list brings some of the most notorious cases that happened in the past year.
In January 2020, Microsoft disclosed a data breach on its servers after misconfigured security rules were accidentally uploaded to the database’s network. Around 250 million records were leaked, including email addresses, IP addresses and customer support analytics. Microsoft’s investigation found no malicious use and most customers did not have personally identifiable information exposed.
In June, Canada-based company Wattpad suffered a huge data breach. The website for writers to publish user-generated stories had almost 270 million records exposed. The incident leaked personal information including names and usernames, email and IP addresses, general geographic location and encrypted passwords. The leaked data was initially for sale, and then shared for free on public hacking forums
Later in the year, news surfaced that Broadvoice, an US Voice over IP (VoIP) provider to businesses, exposed a cluster of databases containing more than 350 million customer records. This was uncovered by Bob Diachenko, a security researcher, who found these databases included caller names, phone numbers, customers locations, and even transcriptions of thousands of voicemails, many involving sensitive information. Broadvoice reportedly patched the security flaw and notified legal authorities.
Security researcher Jeremiah Fowler discovered an unencrypted online database containing 440 million records that belonged to cosmetics giants Estée Lauder. The data consisted of email and IP addresses, internal documents, storage data, and information regarding the company-owned education platform. Fowler stated to Forbes that the entire database was accessible to anyone with an internet connection.
Chinese social network Weibo was also targeted by hackers in 2020. In March, it was reported that the biggest social platform in China was breached and up to 538 million records were leaked. The hacker who claimed to be responsible for the attack reportedly sold the data on the dark web for US$250. The exposed information contained real names and site usernames, gender, location and phone numbers for 172 million users, obtained from an SQL database dump, leading to scam and fraud attempts.
Also in March, the secret-sharing app Whisper, who claimed to be the safest place on the internet, had an unprotected database, containing 900 million posts and all the metadata related, exposed online. The information discovered by independent researchers did not contain real names, but did include ages, locations, intimate confessions and other details regarding Whisper posts from the app’s release in 2012 to the present day.
In June, another independent security researcher discovered an unsecured database accessible on the open internet. The records belonged to BlueKai, a startup responsible for tracking 1.2% of all web traffic and some of the world’s biggest websites, such as Amazon, ESPN, Forbes and The New York Times. The company was bought for over US$400 million in 2019 by Oracle. According to TechCrunch, BlueKai had one of the largest banks of web tracking data outside of the federal government. The exposed database contained billions of records including names, home and email addresses, and web browsing activity like purchases and newsletter subscriptions.