data breach computer motherboard

What we learned from the top data breaches of 2018

Throughout 2018 businesses faced an increasing number of data breaches. We’ve compiled a rundown of last year’s biggest data breaches, along with our takeaway on each.

Start the new year off right by learning from their mistakes.

Facebook

Target: 87 million Facebook users

What data was exposed: Profile info, political beliefs, friend networks, private messages

Timeframe: Disclosed September 2018

What happened: A personality prediction app was found to be passing on user data to third parties including Cambridge Analytica. Cambridge Analytica was a data analytics firm that created a targeted ad campaign for President Trump’s presidential campaign using millions of people’s voter data. While only 270,000 Facebook users installed the app, it was able to gather data on millions of the users’ friends, due to Facebook’s data sharing policies at that time.

Takeaway: The more user data you have access to the more important it is to safeguard that data. If you contract with external organizations or contractors it is imperative that you have iron-clad data policies in place to protect your users and yourself. It is also extremely important to have social media policies in place for employees.

MyHeritage

Target: 92 million MyHeritage users

What data was exposed: email addresses and hashed passwords

Timeframe: Alerted June 2018

What happened: A cybersecurity researcher alerted the genealogy site in June 2018 that a file had been discovered on an outside server containing email addresses and hashed passwords of over 92 million MyHeritage users. The company confirmed the info was legitimate and alerted its users.

Takeaway:  Breaches happen sometimes, even when you do everything right. MyHeritage discovered this breach because a cybersecurity researcher was doing his job well. The best case scenario always starts and ends with a great team of people working for your security.

Quora

Target: 100 million Quora users

What data was exposed: Names, email addresses, hashed passwords, profile data, public, and non-public actions

Timeframe: Discovered December 3, 2018

What happened: This breach was very recently discovered, therefore the investigation is still unfolding. According to Quora, a “malicious third party” gained unauthorized access to one of their systems.  A significant amount of data may have been compromised. Quora has directly notified everyone who was affected.

Takeaway: Quora was hacked on Friday and alerted their users about the attack on the following Monday. When something like this happens, communication is essential. A quick response is necessary in order to allow users to change their passwords or ask any clarifying questions they may have. People don’t take kindly to organizations that wait to disclose data breaches.

Under Armour

Target: 150 million MyFitnessPal users

What data was exposed: Usernames, email addresses, and hashed passwords

Timeframe: Late February 2018

What happened: The popular food and nutrition app was hacked and usernames, email addresses, and hashed passwords were taken. Payment information, processed through a separate channel, was not breached.

Takeaway:  If you are collecting a lot of sensitive data, such as payment information, birthdates, addresses, etc, it is essential that you segment your data. You should also consider encrypting the really sensitive stuff to make it more time-consuming for hackers to crack into.

Starwood-Marriott

Target: 500 million Starwood guests

What data was exposed: Names, email, and physical addresses, phone numbers, passport numbers, account info, birth dates, gender, travel info, and accommodation info. Some of the breached info also included hashed credit card info.

Timeframe: Discovered September 10, 2018, but could have stretched as far back as 2014

What happened: The Marriott-owned hotel chain issued a statement that its servers had suffered “unauthorized access”. Now the investigation indicates that the breach may have been caused by interference by the Chinese government for political purposes.

Takeaway: Breaches can be on-going. It is vital to have thorough security systems in place and to do regular checks and maintenance. As your business grows you should reassess whether your security needs have changed or grown, as well.