Some of the biggest – and most recent – hacks to have plagued the business world
6 min read
09 May 2016
With government research having unveiled that two-thirds of big UK businesses have been hit by a cyber attack in the past year, we took a look at some of the most recent and famous cases – and why they were thought to have happened.
(1) Ashley Madison
Controversial website Ashley Madison – which enables users to engage in extramarital affairs – was hacked on 15 July 2015. Then, several days later, hacking group “Impact Team” released some of the users’ data after the site was not shut down according to their demands.
In August the hackers once again sent a file full of user information – this time leaking the information of a whopping 32m users. And it was later revealed that the hacking group had purposely targeted the site because Ashley Madison profited “off the pain of others,” the mystery so-called vigilantes said.
Of course, one of the reasons Ashley Madison had arguably been popular was because it promised security to its users. But while the site encrypted passwords, a released statement from the Impact Team said: “Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers.”
It’s been thus suggested that Ashley Madison didn’t understand the flaws in its security system until after the hack took place, though the methods the hackers used are still unknown.
Telecoms giant TalkTalk was bombarded by several security breaches. In December 2014, the company saw customers hit by India-based scam calls after a data breach. It happened again in February 2015, when attackers stole customer information from TalkTalk’s internal systems via a third-party that had access to its network.
Its customers were also affected by an attack on Carphone Warehouse systems, in which the personal information of up to 2.4m customers was obtained. And 150,000 customer details were swiped in October 2015. The hack, according to TalkTalk, cost the company £60m and lost it 95,000 customers.
Of those who had their personal data stolen there were 15,656 full bank account number and sort codes accessed. In addition 28,000 customers has their obscured credit and debit card number accessed. The sheer number of breaches has had many claiming that TalkTalk hasn’t kept pace with the quick evolution of hacking techniques – nor the set standards for data protection.
Several arrests surrounding the hack have since been made and the police investigation is continuing.
Read on to discover arguably the greatest bank robbery of all time.
(3) Hundreds of banks
That’s right, an unknown group infiltrated hundreds of banks in multiple countries, swiping somewhere in the neighbourhood of $1bn. What is now being credited as the greatest bank robbery of 2015 wasn’t done by the traditional wear a mask and shoot at the ceiling to get everyone down on the ground standards. It was all done completely digital.
Starting at the end of 2013, cybercriminals infiltrated a number of financial firms after phishing their targets with infected email attachments. By the time the attack was uncovered by Kaspersky Lab in 2015, at least 100 banks in 30 countries, including Russia, the US, Germany, China, and Ukraine, were affected.
In many cases, the criminals used computer exploits to dispense cash from ATMs or transfer cash digitally to accounts they controlled. When the time came to cash in on their activities, the fraudsters used online banking or international e-payment systems to transfer money from the banks’ accounts to their own.
The $1bn haul was unprecedented in its scope, Kaspersky reported, joining forces with Interpol, Europol and authorities from different nations to track the gang down.
A breach of children’s toy manufacturer VTech resulted in the release of records on 4.8m parents and more than 6.8m kids in November 2015.
The breach also included thousands of image files, taken with VTech products and uploaded online. The company said no credit cards or social security numbers were taken.
However, computer security expert Troy Hunt claimed to have seen a copy of the swiped information, and reckoned he found “4.8m unique customer email addresses,” suggesting that many accounts have been raided by hackers.
He also said people’s account passwords had been one-way encrypted using MD5 – a particularly weak hashing algorithm, he said. Simple passwords can be easily cracked and revealed, he said.