Hackers revived what is largely perceived as a dormant social media site, stealing as many as 427 million customer records in 2016. Forrester reported that there was not another breach even close but it did say that 75 percent of customer records stolen belonged to just five incidents.
Hackers compromised 1 billion records in that 12-month period, with 95 percent of those belonging to the technology, government and retail industries. The research group explains that the Yahoo figures are not included in its report because the exact number of files breached hasn’t been determined.
The breach of Chinese eCommerce retailer Alibaba Group was the second biggest, with 99 million records stolen. Forrester says hackers carefully pick their victims, learn their processes, and test for vulnerabilities. When they successfully infiltrate a target, they often go undetected for weeks or months, which allows them to exfiltrate masses of sensitive data.
As reported in USA Today at the time of the Myspace breach, the data was limited to usernames, passwords and email addresses from the platform prior to June 11, 2013, when the site was relaunched with stronger account security.
Forrester said the affected users are likely not worried about digital vandalism on their Myspace pages (it’s no longer 2007); however, all affected users who still use those same credentials on other sites are now vulnerable to identity theft.
Here are a few of the bigger breaches of 2016:
Hackers obtained a database of 99 million usernames and passwords from a number of websites connected with Alibaba. The hackers used compromised accounts to fake orders on Taobao, according to Reuters. The breach of Taobao, a consumer-to-consumer online marketplace owned by The Alibaba Group, shows how attackers used those user names and passwords stolen from outside Taobao’s network in a brute-force attack that affected more than 20 million Taobao accounts. When logged in, hackers undermined the integrity of the marketplace by organizing fraudulent purchases that inflated seller ratings, Forrester noted.
Forrester cited the April breach of National Electoral Institute in Mexico with 93.4 million customer records compromised. Authorities lost the majority of these records because they misconfigured the databases to allow public access. Mexico’s Instituto Nacional Electoral (INE) filed a formal complaint about the misuse of voter registration data, citing that the data was illegally and insecurely hosted on an unprotected Amazon cloud server in the United States.
According to the International Business Times, Lorenzo Cordova Vianello, president of the Instituto Nacional Electoral (INE), said that under Mexican law his organization must share copies of the national voter list with political parties, which has raised suspicions one of them leaked the data.
Sign up for CIO Asia eNewsletters.