Biggest Data Breaches of 2013

Year 2013. will definitely be remembered as year with largest number of data breach incidents. Some incidents are already recognized as synonyms for word breach:

1. Edward Snowden vs. NSA
2. Adobe - 150 million records exposed
3. Target - 110 million records exposed

Moreover, year 2013. had almost double the number of breaches from 2011., totaling amount of 822 million data breaches.

In my presentation, I tried to illustrate and point out most important facts about those breaches.

Hope you'll like it - feel free to share!

Mihajlo Prerad

Published in: Technology

Biggest Data Breaches of 2013 from Mihajlo Prerad

Transcript

• 1. YEAR OF THE BREACH @appnetsecurity linkedin.com/in/mprerad mprerad@gmail.com
• 2. 1993.
• 3. 1993. 2013.
• 4. 2164 Data breach incidents
• 5. 2164 Data breach incidents 60% HACKING
• 6. 2164 Data breach incidents 60% HACKING 71.2% EXTERNAL
• 7. 2164 Data breach incidents 60% HACKING 71.2% EXTERNAL 822 MILLION DATA RECORDS STOLEN IN 2013
• 8. THAT‘S ABOUT 1/9 OF WORLD POPULATION IN 2013 ONLY
• 9. 96.8% of all exposed records involved outside the organization activity
• 10. 540+ MILLION OF RECORDS EXPOSED NEARLY 1/2 OF INCIDENTS 66.5% of ALL exposed records
• 11. 369 million exposed records
• 12. TOP 5 BREACHES OF 2013
• 13. “ There are only two types of companies: those that have been hacked and those that will be hacked.” Robert S. Mueller, III Director, FBI
• 14. LARGEST DATA BREACHES OF 2013
• 15. Biggest breach in history 152+ MILLION username + hash password combo 2.8+ MILLION credit card information + source code leak
• 16. 110+ MILLION RECORDS EXPOSED 70+ MILLION NAMES, EMAILS, PHONES 40+ MILLION CREDIT/DEBIT CARDS
• 17. 58+ MILLION names, encrypted passwords, emails
• 18. 54 MILLION ID‘s, addresses, names “in two hours hackers downloaded all the information.” 70% of whole Turkish population Hacked system (for Database and website Management) didn’t have ANY security product installed.
• 19. 50+ MILLION names, encrypted passwords, emails
• 20. 50+ MILLION names, encrypted passwords, emails, date of birth Good Job: credit card info stored on separate system Bad Job: SHA1 hashing algorithm used – low protection
• 21. 42 MILLION name, encrypted password, emails, birthday * 56 Homeland Security Dept. employees
• 22. 22 MILLION user ID‘s (login), no passwords stolen No real big value, except possible SPAM or selling database of emails
• 23. 20+ MILLION emails, physical address, phones * data stolen from hotel reservations
• 24. 6 MILLION email and/or phone number Bug in DYI (Download Your Information) feature Allowed downloading contacts from friends Facebook keeping it as small story as possible outcome is companies blocking access to FB from work again
• 25. 4.6 MILLION Usernames and phone numbers Announced on 31st December, soon after declining Facebook offer. Coincidence?
• 26. 4+ MILLION username and password combo No credit card data stolen, stated by Groupon Taiwan
• 27. 2nd largest HIPAA breach ever reported to HHS 4+ MILLION names, addresses, social security number, date of birth How? 4 unencrypted computers were stolen from HQ
• 28. 2.4 MILLION social security numbers, bank accounts, drivers licenses. Waited 7 months to notify affected persons!
• 29. 2.4 MILLION full credit card details Started by infecting PC‘s with Malware! It will cost Schnucks several millions of $$$
• 30. 2 MILLION names, addresses, ID‘s, bank details, phone numbers INSIDER INTRUSION!
• 31. „PONY“ BOTNET ATTACK 2+ MILLION username, passwords 318.121 70.532 59.549 21.708 Keystroke logging used
• 32. 1.82 MILLION username, password, email
• 33. by exploiting Adobe’s ColdFusion app server 1 MILLION drivers license numbers, names 160.000 social security numbers
• 34. 1+ MILLION usernames, emails, hashed passwords Infected through 3rd party software
• 35. 860.000+ usernames, emails, hashed passwords Zero Day Remote Code Execution “We found a critical vulnerability in all vBulletin versions 4.x.x and 5.х.x. and have successfully uploaded our shell on the official vBulletin server and dumped their database after getting root access. ”
• 36. Critical breach! 850.000 credit card numbers, expiry dates and associated names and addresses 241.000 high or no-limit American Express including Fortune 500 CEOs and A-list celebrities
• 37. 465.000 unknown portion of data Data of card holders leaked through temporay unencrypted log file
• 38. 300.000 names, email addresses, passwords, phone numbers Hackers tried to BLACKMAIL company asking for $50.000 for stolen data
• 39. 250.000 usernames, emails, passwords
• 40. 100.000+ usernames, emails, addresses Researcher hack, not real threat
• 41. BUT...
• 42. 1 EVENT BECAME HISTORY
• 43. ...AND 1 BECAME FUNNIEST  * Anonymous hacked North Korean websites, twitter, flickr...
• 44. 1 HACKER GROUP WAS VERY ACTIVE
• 45. Hacked by Syrian Electronic Army
• 46. Let me remind you of... Biggest incidents in 2011/2012
• 47. 2.5 BILLION TOTAL NUMBER OF STOLEN RECORDS * in history
• 48. THAT‘S ABOUT POPULATION OF + India China
• 49. SEE WORLD‘S BIGGEST DATA BREACHES VISUALIZED http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
• 50. HAVE YOU BEEN HACKED ???
• 51. Mihajlo Prerad slideshare.net/mprerad @appnetsecurity linkedin.com/in/mprerad mprerad@gmail.com
• 52. Thank You!