Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Bad News In Tech: 2016's biggest data breach fails (so far...)

By Tamlin Magee | Dec. 19, 2016
2016 was no exception for security breaches

hardest-to-find tech skills

For the year that brought you the deaths of David Bowie, Alan Rickman, and Lemmy Kilmister, plus the catastrophic political bonus balls of Brexit and the election of Donald Trump, these technology disasters might seem like they pale in comparison. Nonetheless, there's a strong mixture of misery to sift through this year.

Barely a day goes by without some high-level data breach putting customers at risk and 2016 was no exception. Here are just some of the worst.

Yahoo

In September this year, Yahoo disclosed that a "copy of certain user account information" had been compromised in 2014 - to the tune of 500 million user accounts.

New-ish Yahoo CISO Bob Lord said at the time in a statement that the business believed the compromise was linked to a "state-sponsored actor" and could have included everything from names to email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

The announcement came less than a year after a blustering interview in which Lord described the creation of a new team called the Paranoids, who would work tirelessly to protect Yahoo's billion users.

Senators were quick to criticise Yahoo for its apparent reluctance to disclose the hack.

"Millions of Americans' data may have been compromised for two years," they said. "This is unacceptable." Yahoo responded at the time by claiming to have only discovered the extent of the attack in an unrelated security audit following a separate incident.

Most recently, Yahoo admitted in a securities filing that some employees were aware of the attack in 2014, however, the timeline remains unclear - and the company did not say if this was communicated to senior management.

According to the New York Times, 23 lawsuits have been filed against Yahoo, both in the US and elsewhere.

Oracle

Database and cloud supremo Oracle disclosed that its Micros payment subsidiary had been compromised by a Russian criminal group, and commentators suggested that the attack was likely linked to a series of cash-grabs and online fraud.

Independent infosec journalist Brian Krebs unearthed the evidence, and noted that when Oracle acquired Micros in 2014, the latter was in use at more than 200,000 food and drink outlets, 30,000 hotels, and at least 100,000 retail stores - providing wide scope for financial gain.

Krebs' source believed that the breach probably began with one infected system in Oracle's network - which was then used to gain access to others. The attackers were also believed to have installed malware on the Micros support forum which was then used to steal Micros customer usernames and passwords.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.