Jump to the Section

Today’s fast-paced digital transformation has increased the volume of data supply and computing. Eventually, data breaches have scaled up. The term “tolerable data loss” originates from the business world. For 83% of companies, the question is not if a data breach happens but when (*Source: IBM). We have prepared the spookiest stories that scared some companies’ socks off. If you dare to read them, then keep the light on this night.

HBO’s worst scenario

The first widespread chatter about the data breach happened in late 1987. Millions of users were watching the night movie when their screens displayed the message from the mysterious Captain Midnight:

Though the company didn’t suffer any losses because of a few-minute signal break, it was the first loud case of jamming the satellite signal.

 

Unburied data 

In 2019, Facebook experienced the biggest data loss accident simultaneously in multiple countries, including the USA, the UK, and Vietnam… yet one year after the announcement of the actions taken to enhance data protection. Over 540 million records on users’ phone numbers, locations, gender, and usernames leaked out to open sources. Indeed, the databases were not hacked but just occurred to be unprotected by passwords or encrypted. 

 

Ride-sharing to hell

In late 2016, Uber suffered from a hacker attack stealing the personal information of 57 million users and 600 thousand drivers. Two hackers accessed the drivers’ names, emails, mobile phone numbers, and license numbers. As a cherry on top, they found credentials to Uber’s AWS in the GitHub account. Another data breach happened in 2022 when some systems, including Slack and internal tools, were temporarily disabled for employees. One of the corporate Slack channels showed the message: “I announce I am a hacker, and uber has suffered a data breach,” the message said.

 

Apokalypsis is gonna happen today

On October 2013, Adobe experienced one of the most significant attacks. Over 153 million accounts were breached, and users’ IDs, usernames, encrypted passwords, and hints were stolen. The encryption was weak, and many were quickly resolved back to plain text, the password hints added to the damage making it easy to guess the passwords of many users. As a result, the company lost $1.1 million in legal fees and $1 million to affected customers.

 

Big octopus attack

In September 2022, Australian large telecom company Optus – with 9,7 million users across the country – suffered one of the most massive attacks this year. The hackers breached the company’s firewall, exposed sensitive data such as names, birth dates, phone numbers, and emails, and accessed some users’ home addresses and passport numbers. Consequently, the government said that Optus should pay for issuing new passports and raised the question of enhancing the national data collection and protection laws. 

 

The last sigh happened twice

This summer, Twitter confirmed the data breach affecting 5.4 million users. The attacker scraped personal information and sold it on twice with the further announcement that he may release the data for free in the future. Earlier in May 2018, Twitter notified users of a glitch that stored the passwords unmasked, allowing them to be accessible to the internal network. This time, approximately 330 million users were affected.

 

No stranger to data breaches

The giant hotel group Mariott International reported another massive attack and breach with 20 GBs data stolen. The data included guests’ credit card information and confidential information about guests and employees. The unnamed hacker group claimed that they were responsible for the attack and used social engineering to trick an employee. Consequently, approximately 300-400 individuals were notified regarding the accident.

In 2014, hackers managed to access 340 million of Mariott’s guest records. The leak was undetected till 2018, leading to over $24 million fine. On January 2020, Marriott was attacked once again, this time, the incident affected around 5.2 million guests.

 

Open grave

On January 2021, Sociallarks – a rapidly growing Chinese social media agency – suffered a massive data leak through an unsecured Elastic Search database. The problem was in the unprotected server: it was neither password-protected nor encrypted, and the asset was exposed to the public. It means that anybody who knew the server IP could access the data. In this case, the server stored the scraped data of Facebook, Instagram, and Linkedin users. The damage included sensitive data such as names, phone numbers, emails, and follower and engagement data of 200 million users.

 

Godzilla attacks Malaysia

On May 2022, the public attracted attention to the Godzilla-size attack on the database of the National Registration Department of Malaysia. The group of hackers claimed that they had access to the personal details of 22.5 million Malaysians between 18 and 82 years. Local tech forums estimated the leakage to be over 160 GB in size and that the data has been selling for $10,000 on the dark web. The stolen data contained the IC’s full name, address, date of birth, gender, IC number, race, religion, and photo. Moreover, to prove the genuineness of the database, the attackers provided samples of records belonging to the Home Minister itself.

 

Galaxy invaders

On March 2022, CNBC reported hackers accessed Samsung’s internal data, including access to some source codes of Galaxy-branded devices like smartphones. A hacking group named Lapsus$ took over the responsibility for the breach and claimed via its Telegram channel that it had stolen 190 GB of confidential Samsung source code. However, the company announced they had made an internal investigation and found out that no personal information of their customers was impacted. This incident didn’t anticipate business operations or customers. 

Already in August, Samsung confirmed a similar incident. The company has determined another attack and that the personal information of certain customers was affected. The spokesman stressed that hackers didn’t get access to users’ social security numbers or payment cards.

 

Did you get frightened and want more? Discover Halloween edition 2021 – 10 Horror Stories From the Tech World.

author

Incognito Sigmaer

This mysterious Sigmaer appears once a year on Halloween. Though, we still love his spooky stories.

  • cybersecurity
  • special edition

Join our BOO-TEAM

Discover open positions at Sigma Technology

join us!