BIGGEST DATA BREACHES AND CYBER HACKS OF 2023 AND 2024 Every time if anyone endlessly scroll down their social media feed, two cyberattacks will happ
BIGGEST DATA BREACHES AND CYBER HACKS OF 2023 AND 2024
Every time if anyone endlessly scroll down their social media feed, two cyberattacks will happen somewhere in the world, occurring at a rate of one attack every 39 seconds. Experts predict that data breaches will cost the global economy $9.5 trillion in 2024. The biggest data breach in 2024 so far is the “Mother of All Breaches” (MOAB). This massive data leak occurred at the beginning of the year and involved over 26 billion records from various platforms. The data was organized across more than 3,800 folders, highlighting the importance of cybersecurity globally. It’s a concerning start to the year, emphasizing the need for robust protection measures to safeguard sensitive information. The largest reported data leakage as of January 2024 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. Top of Form
.In view of that most of us will use the some email address for multiple online accounts, it’s unsurprising that a single email can be compromised in numerous data breaches. Collectively, these attacks contribute to an alarming total of 16.7 billion compromised accounts. There are further compelling reasons why cybersecurity and protection measures, such as effective malware protection solutions and antivirus software, should be a primary concern and a priority for all businesses. We have already witnessed the “Mother of All Breaches” (MOAB) at the beginning of 2024 as mentioned above.
Over 54 Million Users Affected by Russian Web Hosting Data Leak
Uid.me, a website builder platform owned by the prominent Russian hosting provider uCoz, inadvertently exposed over 54 million user profiles due to a misconfiguration in its MongoDB database. This breach compromised a wide array of sensitive data, including email addresses, phone numbers, dates of birth, and password hashes, posing serious risks of identity theft, phishing, and other cybercrimes, as highlighted by cybersecurity expert Bob Diachenko.
The Data Breach Impacting Microsoft Azure and Executive Accounts
February 12, 2024
Microsoft Azure has also become a victim of a significant data breach. The cyber attack exposed the accounts of hundreds of senior executives to unauthorized acces. This breach has been linked to a sophisticated campaign that utilized phishing and cloud account takeovers to infiltrate Microsoft 365 and Office Home applications.
Notably, this attack was facilitated by malicious links within documents, deceptively labeled “View Document,” which redirected users to phishing sites designed to harvest credentials. A critical vulnerability was also identified in up to 97,000 Microsoft Exchange servers, potentially allowing privilege escalation through a zero-day exploit. Proofpoint researchers alerted The cybersecurity community to this ongoing threat and have meticulously tracked the campaign’s impact on Azure environments.
Third-Party Threats: The Bank of America Data Breach
February 6, 2024
It has only recently come to light that Bank of America had exposed customer information after a third-party breach. The recent security breach has been traced to a cyberattack last year targeting Infosys McCamish Systems (IMS), an Infosys subsidiary. The breach underscores the intricate web of vulnerabilities that financial institutions navigate, spotlighting the cascading risks that stem from interconnected service ecosystems. On November 3, 2023, Infosys announced a breach that compromised critical systems and applications within IMS, which, following a thorough investigation, had implications for Bank of America customer data. This breach, officially characterized as an external system breach (hacking), compromised sensitive information, including names, social security numbers, and account details of 57,028 individuals.
In response, Bank of America initiated a communication campaign on February 6, 2024, alerting affected customers via letters about the breach and offering guidance on protective measures to secure their personal information.
Data Breach Battles: The Role of Cyber Attacks in National Security Strategies
January 26, 2024
Pro-Ukrainian hackers, identified as the “BO Team,” targeted the Russian Center for Space Hydrometeorology, also known as “Planeta,” deleting 2 petabytes of critical data. This center, crucial for its space satellite data analysis and ground-based observations, supports various sectors, including military, civil aviation, and agriculture, under Roscosmos, Russia’s space agency. The attack, which affected Planeta’s Far Eastern branch, destroyed 280 servers. This wiped out 2 petabytes (equivalent to 2000 terabytes) of data and significantly disrupted the center’s operations, impacting over 50 state entities, including the Ministry of Defense of the Russian Federation and several other state agencies.
The Main Intelligence Directorate of Ukraine’s Ministry of Defense highlighted this operation as a devastating blow to the Russian research capabilities, emphasizing the escalating cyberwarfare between the nations. As Sweden geared up to join NATO, its sole digital service provider for government services also fell victim to a ransomware attack by Russian hackers, disrupting operations across 120 government offices with expected continued disruptions for several weeks. These instances highlight an emerging trend around the strategic use of data breaches in global cyberwarfare.
The Mother of All Breaches (MOAB): 26 Billion Reasons to Rethink Security
January 22, 2024
2024 began with an unprecedented cybersecurity event called the “Mother of All Breaches” (MOAB). This massive data leak, encompassing 12 terabytes of information, included over 26 billion records organized across over 3,800 folders. Each folder signifies a distinct breach, painting a grim picture of cybersecurity’s current state. MOAB wasn’t a result of a singular incident but rather a compilation of numerous data breaches, including data from major platforms like LinkedIn, Twitter, Weibo, Tencent, and Dropbox. This aggregation likely includes data collected over time by data enrichment companies, which merge various data sources to create more comprehensive profiles. While the presence of duplicates within this dataset is acknowledged, the leaked data’s breadth and sensitivity make it a goldmine for malicious actors. Originating from a mix of past breaches and potentially containing new, unrevealed data, MOAB highlights the critical importance of robust cybersecurity measures, including immediate password changes and adopting two-factor authentication to mitigate the risk of identity theft and fraud.
Trello’s Turmoil: The Data Breach Impacting 15 Million Users
January 16, 2024, Trello, a known project management site, made headlines for experiencing a major security breach affecting over 15 million users. This breach involved collecting data such as email addresses, names, and usernames using a method that took advantage of an accessible API. The stolen data was later sold on a hacking forum, sparking concerns about the privacy and security of Trello’s user community. Under Atlassian’s umbrella, Trello is a tool in the business world for organizing tasks and overseeing projects using boards, cards, and lists. While Trello assured users that there was no entry into their systems, this incident sheds light on protecting user information from evolving cyber threats. It serves as a reminder of the importance of bolstering security protocols. It also raises awareness about the dangers of storing vast amounts of personal and professional data online.
750 Million Indian Telecom Users’ Data Sold Online
January 14, 2024, Cybersecurity firm CloudSEK revealed a massive breach compromised the data of 750 million telecom users in India, peddling the information on the dark web for $3,000. The breach involves a database of 1.8 terabytes and includes sensitive details such as names, mobile numbers, addresses, and Aadhaar numbers. This security lapse was identified by CloudSEK’s XVigil, a contextual AI digital risk platform, highlighting the activities of threat actors CyboDevil and UNIT8200, affiliates of CYBO CREW.
Detected initially through a post by CyboDevil on an underground forum on January 23, 2024, and previously by UNIT8200 on Telegram on January 14, 2024, this incident marks a significant risk to individual and organizational security in India, underscoring the escalating challenges in cybersecurity.
Global Data Breaches and Cyber Attacks in 2023 and 2024 Source: IT Governance
The Top 3 Biggest Data Breaches in 2023
In 2023, our newsfeeds quickly filled with breaking news about massive data breaches. T-Mobile faced multiple attacks throughout the year, affecting millions of customers through various vulnerabilities and system glitches. MGM Resorts suffered a ransomware attack in September, leading to considerable customer disruptions and financial losses despite not yielding to ransom demands. But here are the top 3 biggest cyber attacks and most significant data breaches of 2023.
CONCLUSION
The last twelve months have been marked by unprecedented cyber threats, with the global economy facing a potential loss of $9.5 trillion due to cyberattacks. The alarming frequency of one attack every 39 seconds highlights the critical importance of cybersecurity in today’s interconnected world. From the “Mother of All Breaches” (MOAB) affecting billions of records to significant leaks at major organizations like 23andMe, Microsoft Azure, and the Indian Council of Medical Research, the year has underscored the vast vulnerabilities in digital data security.
These breaches, affecting over 16.7 billion accounts, demonstrate the urgent need for robust cybersecurity measures, including two-step verification and multifactor authentication, to protect sensitive information against the growing threat of cybercrime.