What causes a company like the stock price of Facebook to fall in just two hours by 6 percent? It is likely that two major data breaches will be announced in one year. In 2018, the dark side had a pretty good year with more than 700 million records exposed in just 10 big data breaches, with lots of nice big names dragging along the way through the mud. Literally, hundreds of millions of people’s secret and sensitive data were torn open and exposed, then aggregated for sale on various Dark Web lists. It doesn’t matter what you do, what’s interesting about cybersecurity, it’s never enough and you have to keep improvising and improving. If you stagnate, you die, and it was pure negligence in a few cases last year that hackers just stumbled across data treasure troves. Let’s take a look at the five biggest 2018 data breaches:
Hotel chain Marriott International has experienced a breach that has affected nearly 500 million people, but what matters even more is the accompanying announcement that hackers have had access to many of its hotels ‘ reservation systems for the past four years. The breach is said to have exposed up to half a billion customers in private details including sensitive information such as where and when people are traveling and with whom. While the company initially announced it was investigating how the breach occurred, there was no explanation as to why it only recently detected an issue that obviously started four years ago. Apparently, when Marriott announced its acquisition of Starwood Hotels and Resorts Worldwide four years ago, it also acquired its security risks. The data breach originated from the Starwood guest booking database and while acquisitions are generally a good thing, security checks are a must to ensure that all systems are up to speed. Starwood reported suffering a massive credit card hack in 2014, adding that the company’s website was home to a SQL injection bug in the midst of public offers to hack it from the dark web, Hold Security founder Alex Holden told Forbes. Just goes to show how security is such an important aspect of acquisitions now and a slight supervision can cause calamities.
In 2018, not one but two major data breaches were reported by the tech giant Facebook due to exploited network vulnerabilities. The larger of the two, late September, made it possible for hackers to exploit a weakness in Facebook’s code to access the privacy tool “View As.” Facebook now says 30 million users have been affected by the breach, which is about 20 million less than the company first announced at the end of September. Of the 30 million users affected, 14 million were exposed to their names, contact details, and sensitive information such as gender, relationship status, and recent location check-ins. What these breaches indicate is that there’s actually a lot more going on with microservices architecture than we can humanly keep track of, and even Facebook sometimes has trouble keeping up. While some reports suggest that Facebook infrastructure is stretched to its maximum, others point to a lack of both built-in security and robust third-party security processes. The interesting part about this breach is that it combined various features in a combination that was not even known to the Facebook QA team. What this points to is that there will be a lot of unforeseen complexities as we scale up with microservices and it’s important to keep evolving your game plan to deal with them.
Keep watching this space for more.