Marketing Executive @CyStack
The year hasn’t reached its end yet. But we can say 2022 is another huge year in the cybercrime scene.
Data breaches have become a big business. There is no shortage of ways attackers can monetize the stolen data. And we haven’t mentioned attacks motivated by political purposes.
What can you learn from the biggest data breaches in 2022? And how can we protect ourselves? Read on to find out.
Notable Data Breaches In 2022
Lapsus$
The international cybercriminal gang Lapsus$ made the headlines in 2021 when they succeeded in breaking into the computer network of the Brazilian Health Ministry. But not until the early months of 2022 did this group show their true targets: big tech corporations.
The first known victim was Okta, the biggest authentication service provider in the industry. In March, the Telegram channel of Lapsus$ had screenshots of Okta’s internal systems, including their Cloudflare and Slack channels.
Even though many members were arrested that month, the group continued its effort and successfully breached Microsoft, T-Mobile, Samsung, Ubisoft, Nvidia, and Globant.
In many cases, the internal network was interrupted. Additionally, Lapsus$ obtained a great amount of source code, documentation, customer data, and hardware design.
Plex
The streaming platform Plex announced in August that intruders had managed to access and steal one of their four databases. This breach included emails, usernames, and password data of at least 15 million people, or half of Plex’s customer base.
Plex said they used the best security practice to hash and secure passwords. This could force hackers to devote extra resources to crack the stolen passwords and convert them to more usable plain text.
Nonetheless, the incident left a bad taste in the mouth of many customers. Plex required all of them to reset their passwords. As a result, several had difficulty logging into their Plex accounts even though they weren’t affected by the data breach.
Red Cross
In January, the International Committee of the Red Cross (ICRC) revealed that data of more than 500,000 people had been stolen in an apparent political hack.
The following investigation suggested the intrusion was a highly-sophisticated attack by state-sponsored actors. According to the ICRC, the malware was designed solely for targeting specific servers in their system.
Hackers exploited a critical unpatched vulnerability. From this access point, they inserted web shells and performed post-exploitation activities.
Due to the sensitive nature of the Red Cross’ work, the biggest concern was the safety of the victims and their families.
Cash App
Block, formerly Square, disclosed a data breach related to its mobile payment service, Cash App.
The company said the culprit was a former employee who downloaded unauthorized reports. These reports contain full names and ID numbers of Cash App’s customers who used its investing products. Many exposed items also included trading activities and holdings of some customers.
Samsung
Samsung seems to have a tough year with another data breach, which the company revealed in September.
Its statement didn’t provide much detail on how the breach happened and how many people were affected. What it did say is that stolen information included personal data like name, date of birth, demographic information, and contact.
Given the vague announcement, many experts believe Samsung still hasn’t assessed the full impact of this significant breach. When contacted by news outlets, the company declined to detail the scope of the exposed data.
What Can You Learn From The Biggest Data Breaches In 2022?
The above incidents (and countless other breaches) have more in common than you might think. Attackers keep capitalizing on popular weaknesses of corporate computer networks and their operators:
- Outdated software with unpatched vulnerabilities
- Misconfigured systems
- Employees who are prone to social engineering and phishing attacks
- Malicious insiders and rough
- Former employees going rogue
- Stolen devices with access to the internal network
When the holder of your sensitive data doesn’t uphold the best security practices, there isn’t much you can do about it. But there are steps you can take to limit the consequences of a data breach if it unfortunately happens:
- Use unique and strong credentials: As tempting as using ‘123456’ and ‘password’ as your password is, don’t. While most websites use hashing to encrypt them, weaker passwords are always the first to be cracked by hackers.
- Don’t reuse your passwords: You never know which site saves this sensitive data in plaintext. With a real password, they can use it to target other accounts. Different credentials between websites and apps can prevent this domino effect.
- Enable Multi-factor Authentication: These additional factors create another challenge the attackers must take on if they want to take over your account. Obtaining your password is now just the first step. Without you to verify your identity, the system will lock the attacker out of your account.
- Keep up with the news: Most organizations notify their users in the event of a data breach. In some jurisdictions, this is even a legal requirement. But a notification email can easily get lost in the dozens you receive each day.
Follow the social media profiles or forums of your providers. Big breaches that affect millions of users are often featured on technology new sites. If your account belongs to such an incident, follow the instructions to secure it and minimize the damage.
Use Locker To Protect Yourself Against Data Breaches
Locker can just help you log into websites easier but also make your accounts safer against cyberattacks like data breaches.
The built-in password generator makes following the best security practices a breeze. The complex passwords it creates are even stronger than common recommendations. Even when their encrypted form is stolen, hackers would need years and even centuries to decode it and get your real password.
Multi-factor authentication is a strong point of Locker too. The app supports time-based one-time passwords right off the bat. Most websites recommend enabling them, and adding them to Locker is just a simple one-time step.
Subscribers of the premium plan can benefit from its data breach alert feature. Locker scouts out publicly available exposed databases. When it runs into your accounts, you will be immediately warned.
Select a plan and install Locker right now to prevent hackers from using stolen data against your accounts.