Like previous years, 2020 also witnessed the dark side of cybersecurity. Organizations remained woefully unprotected when attempting to secure their critical data and the Personally Identifiable Information (PII) of their employees and stakeholders. In 2020, cybercrimes frequently made headlines and organizations faced compliance issues, financial loss, and reputational damage.
Cyber espionage operations were launched to perform data exfiltration to compromise industrial information, trade secrets, and intellectual property of a foreign government or a competing company. These clandestine operations often involved Advanced Persistent Threats (APT) to exploit target systems or networks without being detected or noticed. According to the UK’s Government Code and Cipher School (GCCS), 34 countries have established and funded cyber-espionage groups.
In this blog post, we will gain an insight into the top breaches and leakages of 2020.
Sina Weibo is one of the largest social media networks in China. It has more than 600 million users. In March 2020, the company announced that cybercriminals stole the PII of 538 million accounts and exposed phone numbers of 172 million users. That information was sold on the dark web later on for only $250. Reportedly, passwords were not included in the breach and that is the reason for the low price. The following screenshot shows the ad that sells Weibo user data on the dark web.
On 16 March 2020, Safety Detectives discovered a data breach that exposed more than 10 billion records, including the PII of the victims. The exposed data was approximately 7 TeraBytes (TB). Below is the list of sensitive information that was leaked in the breach:
• First name and last name
• Living place
• Login credentials
• Login logs and sign-up dates
• Password hashes
• User conversation
• Device info such as OS details and MAC/IP addresses
• Payment logs
• Transcript of email correspondence
• Spam/Fraud detection logs
This data breach affected the users of many countries. The following graph demonstrates a country-by-country view of the leaked email records:
Exposed records were used to perpetrate financial fraud, identity theft, blackmailing, and phishing scams. In addition, this data could also help carry out spear-phishing and ransomware attacks.
In July 2020, an attack was made on Wattpad – a host to user-generated books and other written materials. In this attack, hackers compromised 270 million records, exposing a wide range of data points. The exposed information is listed below:
• Password hashes
• IP addresses
• Facebook profile
• Country of residence
• Date of birth
Reportedly, the compromised SQL database contained one large user table that included 270,784,079 email addresses. However, they were reduced to 268,830,266 after removing the duplicates. The database mostly incorporated the following domains:
In January 2020, Marriott International suffered a cyber-attack, which affected approximately 5.2 million users. Marriott International stated, “Upon discovery [of the compromise], we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.”
In October 2020, BBC news network reported that Marriott Hotels was fined £18.4m for data breach due to the infringements of the General Data Protection Regulation (GDPR). The Information Commissioner Office (ICO) in the UK revealed that the information harvested in the breach included names, contact info, and passport details.
It is important to note that Marriott International had already suffered data breaches in 2014 and 2018. The last breach was two years after – in 2020.
In May 2020, Reuters reported that hackers stole 91 million users’ data belonging to Tokopedia, Indonesia’s largest e-commerce platform. Threat actor proposed an offer on the darknet selling data of 91 million users for $5000.
Hacker said that he was sharing the samples of 15 million users in the hope that someone could help him to crack users’ passwords to gain full access to user accounts.
Cyber-Espionage Attack on Finnish Parliament
In December 2020, an APT31 Group with alleged links to the Chinese government was blamed for a cyber-espionage attack on the Finnish parliament. The Finnish Security and Intelligence Service (SUPO) had confirmed the attack. The FireEye and Checkpoint cybersecurity companies also linked the attack with the Chinese government.
The email accounts of various parliamentarians were exploited in this cyber-espionage attack and some accounts belonged to MPs, reported by the National Bureau of Investigation (NBI).
The extent of the data breaches and leakages of 2020 demonstrate that the dearth of cybersecurity professionals make it impossible for companies to protect their organizations’ IT infrastructures and stakeholders. The data is still being leaked and cybercriminals are fast and sophisticated in their notorious operations. Security leaders must empower their Security Operation Center (SOC) and Computer Security and Incident Response Team (CSIRT) to maximize their efficiency and thwart data breaches in the long run.