Data and security should be among the first priorities of any organization with an online presence. Data security incidences, as have proved time and again, can mess up a company in many huge ways. From causing the value of the affected company’s shares to drop and destroying its reputation to attracting federal investigations, the implications of such incidences can be far-reaching. Having said that, below are some of the biggest data security breach incidences of all time that happened to some of the biggest companies in the world that you know or you have heard/read about. While some of these companies were hit hard not because of negligence on their parts, the majority simply had to pay for their reluctance to put sufficient measures to safeguard their data and that of their users or clients:
- Facebook–in 2018, the massive social media company, which boasts almost 2.9 billion users, had its database breached, leaving the accounts of more than 50 million users compromised and in jeopardy. The historical data and security breach, which is believed to have been enabled by the company’s weak internal safeguards brought Facebook under intense scrutiny from the government. It comes as no surprise that the public did not spare Mark Zuckerberg and his team either, with some lobby groups calling for the multibillion company to be investigated. It goes without saying that the incident, which occurred at a time when Facebook was struggling to rebuild its reputation following its Donald Trump victory controversies made a lot of users rethink what personal details they should allow it to have. Notably, the data and security incidence became so serious an issue that it did lead to the summoning of the company’s CEO to congress and to the European Union parliament for grilling. Notably, this was a very bad moment for Facebook as evidenced by its shares, which plunged by 3 percent.
- First American Financial Corp is a United States-based insurance provider, which made headlines in 2019 when its database accidentally exposed an unbelievable amount of the company’s files online, leaving the financial records and sensitive personal details of millions of customers at the mercies of cybercriminals. The exposed files revealed photos of driver’s licenses, social security numbers, tax documents, bank account numbers, wire transfer receipts, bank statements, as well as mortgage records. According to the Senior Director of Information Security at Barracuda Networks–Dave Farrow, this accidental exposure of records had been orchestrated by a very common security blunder in website design known as “Insecure Direct Object Reference (IDOR)”. Basically, it involves creating a link to a webpage with sensitive information, which is intended to be viewed only by a specific party. The problem with this method is that it lacks a to actually verify the identity of who’s viewing the link. Consequently, any smart person can view the documents on the page and do whatever they like with them.
- Yahoo, which is the first search engine, in 2013, was hacked causing the company to lose the ability to safeguard billions of its clients’ data to a notorious group of hackers alleged to be associated with the Russian government. This is how the hackers did it; they first sent a spear-phishing email to a number of people who worked for Yahoo at that time. Once an employee had clicked on the link, the hackers immediately began snooping around the network. After breaching the search engine’s user database and the Account Management Tool, which enables Yahoo to edit its database, they created a backdoor on a Yahoo server to continue being able to access the database and the AMT should the company detect the breach and seal the loopholes for it! Then a few weeks later, they stole a backup copy of the company’s user database, transferring it to their computer. The hackers were able to access names, phone numbers, password challenge questions as well as answers of Yahoo’s clients. Furthermore, they were able to access their password recovery emails and even the cryptographic value unique to each account! Though it was alleged that the motive of this exercise was to access the accounts of certain users requested by the Russian government, almost 3 billion user accounts ended up being compromised.
- Friend Finder Networks, one of the largest dating sites in the world, was hacked, in 2016, leaving some 32 million users affected. The company’s poor data protection measures made it easier for hackers to get their hands on the data belonging to Friend Finder Networks users, using a method known as “local file inclusion(LFI)”. Basically, LFI is a hacking technique where the hacker uses certain tools to trick a web application into exposing files on a web server. This can lead to the disclosure of the information contained on the website’s database as was the case of Friend Finder Networks hacking incident. Though the company was spared from any lawsuit, it messed up in a number of ways. Firstly, it retained login credentials of over 15 million people who had deactivated their accounts. Secondly, Friend Finder Networks stored user passwords in plain text without any form of encryption, which was a relatively careless mistake. Thirdly, the company retained the logins for a sister site it was no longer running i.e Penthouse.com
How a VPN Can Help with Data and Security in the Cyber World
According to Ivacy VPN review, one of the most reliable ways to ensure your business is safeguarded against cybercriminals is to use a trustworthy VPN. That’s because virtual private network services are designed to create a special tunnel that prevents internet service providers, snoopers, and hackers from accessing your data and that of your clients or subscribers, using some advanced technologies. With a good VPN service, no one will peep into any data that you don’t want to be viewed without your permission. Ever had that question “whose number is this calling me?” . Get some real answers and find out.
Final Thoughts
As you can see from the case study above, hackers and other cybercriminals are no mean feats and should never be underestimated. This group of individuals has the ability to bring down any type of website, which does not have enough safeguards against their criminal activities. One of the easiest ways to ensure your data and that of your clients aren’t at risk is to use a reliable VPN service.