Security Space

GajShield Blogs

The COVID pandemic has caught everyone unaware. And while we’ve all been busy adjusting to the new normal, cybercriminals have been making merry. They are taking advantage of the disrupted environment to carry out cyber attacks. This is evident as a recent study shows that the number of data breaches in 2020 has almost doubled with 3,950 confirmed breaches against 2,103 recorded breaches in 2019, with the year far from the end. About 80 per cent of the data breaches have occurred due to simple brute force attacks, which should raise serious concerns regarding data security. These cyber-attacks are also not limited to technologically weak enterprises but rather impacted big names that have strong data security measures in place. Here’s a look at six such enterprises that faced major data breaches during the COVID pandemic.

 

1. Twitter

The Twitter data breach occurred on the 15th of July 2020. Cybercriminals hacked verified accounts of influential and well-known personalities on Twitter. How influential and well-known, you ask? Well, the hacked accounts included the names of Elon Musk, Barack Obama, and Bill Gates, to name a few. The criminals behind the hack then proceeded to post fake tweets from the compromised accounts. The tweets promised USD 2,000 for every USD 1,000 sent to a Bitcoin address. The hackers had a big payday as they managed to make over a hundred thousand dollars in Bitcoin transactions.

2. Marriott International

The Marriott data breach happened on March 31, 2020. The data breach exposed data of more than 5.2 million guests who used the hotel’s loyalty application. The attack was carried out by using the login credentials of two Marriott employees. These employees had access to the customer data regarding the hotel chain’s loyalty program. Hackers accessed names, birthdays, travel and loyalty program information data in the data security breach. This is the second such attack faced by the hotel chain. The company reported a data breach in 2018, which compromised the data of around 500 million guests.

3. Zoom

Zoom, a video conferencing app, gained massive popularity during the pandemic. It simplified business meetings by allowing 100 participants for video conferencing at a time when enterprises over the world faced difficulties communicating with their workforce. This rising popularity made it the subject of a major data breach shortly. In the first week of April 2020, Zoom faced a major cyberattack. Around 500,000 Zoom account passwords were stolen and were available for sale on the dark web. Besides, the victims’ personal meeting URLs and HostKeys were available too.

4. Clearview AI

Clearview AI, a major firm dealing with facial recognition technology, became a victim of a data breach on February 26. The perpetrator of the attack gained unauthorized access to the Clearview AI’s entire client list. The data breach also left exposed around 3,000,000,000 photos scraped by the firm from social media sites such as Facebook, Instagram, and YouTube. Moreover, the number of user accounts opened by clients and the number of searches they had conducted were also compromised. The firm’s clientele includes major law enforcement agencies in the US, including the FBI and the Department of Homeland Security, and other corporate firms. The firm is already mired in controversy regarding its use of facial recognition technology for matching social media images against suspected criminals’ photos provided by the police department. The data breach further adds fuel to the fire.

While most of the data security breaches were due to external cyber attacks, there were some instances where data breach was internal and unintentional. The main reason for these data breaches were poor data security standards that left the data exposed to unauthorized individuals. Let’s have a look at some of these instances.

5. Social media accounts data breach

On August 1st, it was discovered that around 235 million Instagram, Tiktok and Youtube user profiles were compromised. This data security breach happened due to an improperly secured cloud database. A Hong-Kong based company, Social Data was storing the data without password protection on their clouds. The data could be accessed by any individual easily as it was available freely on the internet. The data contained the following records:

  • Profile name
  • Full real name
  • Engagement statistics
  • Number of followers
  • Age
  • Gender
  • Follower demographic

While most of the data mentioned above are available publicly, what’s alarming is that the database contained about 20% of the records contained a phone number or an email address. Such private information is susceptible to cyberattacks, and hence, a cause of major concern.

6. Virgin media

A Virgin media database that contained personal details of 900,000 users were accessible online for about ten months before being discovered. The data security breach occurred due to an unsecured database, as it is reported that the database was ‘incorrectly configured’ by a staff member. The database contained information regarding the phone numbers, home and email address which were used for marketing purposes by the company.

Clearly, the year 2020 has been challenging for enterprises with regard to cybersecurity. However, we must learn from past incidents to prepare for the future. Enterprises need to strengthen their data security measures as much as possible. To avoid data breaches, enterprises need to take the following steps:

  • Educate employees about cybersecurity practices
  • Update machines to the latest software
  • Destroy data before disposal
  • Use a strong data leak prevention system.

 

The Above stated breaches have one thing in common, Data. And all of them lacks stronger Data Security solution. The problem here is the reliance on an older security approach that is limited to the perimeter and lacks data visibility. These incidents could have been avoided if only their security solution had stronger visibility, deeper than the traditional layer 7 and the ability to monitor and control the use sensitive and practically enforce data handling policies over and above general verbal instructions.

GajShield’s Data Security Firewall deep dives into the Data Context of each transaction and prevents confidential data from leaking out of the enterprise’s infrastructure. It uses the power of contextual intelligence to identify anomaly and outliers in all transactions and prevents any data exploitation.  It monitors the Data Threat Surface and controls threats like Data Threat, Work From Home Threat, Identity Threat, Email Threat, Content Threat, Application Threat etc. for ensuring enterprise’s data security health. It allows enterprises to curb internal threats and implement stronger data handling and data security across the organization, ensuring data security.

 

Get In Touch With Us

Subscribe to our Newsletter
Please fill the required field.

Stay Connected

2020 © GajShield Infotech (I) Pvt. Ltd. All rights reserved.