There is a high probability that the company you use has already become the target of a cyber attack and your sensitive data was also at stake. Every day, 5 100 000 sensitive data is stolen or leaked, and this number is constantly rising.
Hacks that made the headlines
We have prepared a list of hacked companies, whose services you maybe also use. Our goal is to highlight the possibility of hacking of your website, mobile app, or business infrastructure.
Black-hat hackers do not pick and choose the companies for their attack. Automated boots are often used to scan potential victims. In 2016, on average, every third visit to your website was just a “bad boot” visit. If you have not yet been the victim of a cybercrime attack, it’s only a matter of time. Are you ready for that?
Attack on a global energy supplier
The black-hat hacker group known as “Dragonfly” has placed backdoor and malicious codes in out-dated IT systems of international energy companies since 2014. This concerns the USA, Turkey, but also Switzerland and Ukraine.
What was the impact of this hacking?
The consequence of such attack was the power cut off in the whole or part of the state, as well as high fines from regulators. In addition, evil hackers have also gained control over energy supplies for large areas. In the extreme case, they could have caused an international conflict.
Hotel systems
Black-hat hackers have used employee naivety and the out-dated computer network software of several European hotels that contained a bug known as EternalBlue. They used it to access the computer and the hotel’s internal network through which they watched the guests.
What was the impact of this hacking?
Attackers could watch guests through the infected hotel system, steal their identity and obtain sensitive data (including payment cards stored in the hotel’s computer network). In addition, the network of affected hotels suffered damage to good reputation.
TalkTalk and a high fine for hacking
Black-hat hackers attacked the British TalkTalk operator and, with a simple SQL Injection attack, stole data of 150 000 customers, including 15 000 payment data.
What was the impact of this hacking?
The TalkTalk operator had to pay a fine of £400,000 (approximately € 445,000) and lost part of the customers (and profit). It will fight the damaged name for a long time. In 2017, the company received another fine of £100,000 for uncovering data of 21,000 users.
Russian websites and 200 million passwords in readable form
Russian websites Rambler.ru and VK.com have become victims of hackers who have stolen sensitive data from 100 million users from each server. All 200 million accounts were then sold over the `Internet.
What was the impact of this hacking?
Crackers gained access to 200 million accounts and passwords that were stored unencrypted on servers. In addition to damaging the reputation of these companies, hackers could misuse access data in other online accounts.
Cyber attack on the toy maker
Chinese manufacturer of toys Vtech was attacked by black-hat hacker using SQL Injection type. From their servers, the hacker downloaded a database containing 5 million sensitive parental data (including passwords, emails, and addresses) who signed up for a mobile app download. Moreover, hackers have acquired sensitive data of 200,000 children using VTech toys.
What was the impact of this hacking?
VTech has lost its reputation and its name will be damaged for a long time. It has also lost some customers and faces a serious charge for data leakage. The company saved the unencrypted data on the web (only hashed by overdone MD5). There is a risk that hackers could and still can misuse the data in the future. The problem is also that the sensitive data contained complete names and customer addresses. Security analysts say the data was available directly on the manufacturer’s website.
NHS – National Health Service of Great Britain
In March 2017, the UK National Health Service suffered a massive data leak, which contained 26 million records, particularly sensitive health information about patients.
What was the impact of this hacking?
Health data of millions of patients has been leaked, and can be misused in various ways. They included not only their health records, but also birth numbers, addresses, or other sensitive data that may be used by the attackers to commit a crime, but also for financial enrichment.
Dailymotion – social networking for sharing the video content
By the end of 2016, a black-hat hacker attacked Dailymotion servers, and due to lack of security received 85.2 million unique email addresses for users. 18.3 million accounts have also had an encrypted password that is very difficult to break (hashed with bcrypt).
What was the impact of this hacking?
The service publicly informed about the attack, lost the reputation and part of the clients. Furthermore, more than 18 million users have been asked to change their password (even in other accounts, if they use the same passwords), because theoretically, the stolen data could have been decrypted. If the GDPR regulation had been in force at the time of the attack, the company would have been probably fined a few million euros.
British insurance company AA
In the summer of 2017, British insurance company AA became the target of a cyber attack, resulting in a data leak of over 117,000 insured clients (13GB file), including sensitive information such as name, address, or even payment details (part of credit card numbers, account numbers … ). Data belonged to an online branch of the insurance company and were obtained by attacking online servers, on which the AA website runs, too.
What was the impact of this hacking?
The company did not publicly inform about hacking, but tried to hide it from customers. The case was also investigated by ICO, and the company had to take stricter security measures. However, it lost the reputation and part of the clients who did not trust it any longer.
Zomato hack
The international service for searching and evaluating restaurants was the target of a hacker attack in 2017. The malicious hacker, after attacking the company’s servers, stole 17 million users’ data containing both e-mail addresses and hashed passwords.
What was the impact of this hacking?
The black-hat hacker was selling the data on a dark web for $ 1,000. Although they were hard to break, user data was realistically at risk. Therefore Zomato asked the affected users to change their password. Part of customers lost their confidence in the service and stopped using it. The total cost of repairing damages after this attack is unknown.
Fling-hack sex dating website
In 2016, the British sex dating website Fling became the target of a cyber attack that resulted in the theft of dozens of millions of user service records. These included login data, IP addresses, birthdays, and even readable passwords in text form.
What was the impact of this hacking?
The black-hat hacker was selling the stolen data on the dark web, which actually threatened the particular users. Those were extremely sensitive data, including sexual preferences, which were simple to misuse. The website has faced sharp criticism and lost many users. Today, it would receive a liquidation fine for such a leak.
Increase your security
One of the most cost-effective ways to protect your website, mobile application, or infrastructure against attack by black-hat hackers is to create a bug program bounty. This is a long-term way to test your security with a community of more than 400 ethical hackers.
They think like black-hat hackers, but they work for you – for a reward, they will report a found vulnerability, so that you can fix it. Learn more about the history of bug bounty programs and find out that hackers are not just the bad ones. If you have any questions, please contact us.
