2012 was a good year for password hackers - and a tough year for the rest of
people. In the first half of the year at least
18 million passwords were exposed in just seven cyberattacks. And with
more people - and more hackers - online than ever before, massive hacks seem
to be the here to stay. A combination of weak passwords and poor encryption
has led to some of the worst password hacks is history. Learn how many people
were impacted by these attack and how they happened.
SONY PLAYSTATION NETWORKS & ONLINE ENTERTAINMENT HACK
April 2011: 100 million users' personal information exposed
Sony Group Corporation, abbreviated as SONY, is a Japanese multinational
conglomerate headquartered in Minato, Tokyo. As a major technology company,
it is one of the world's largest manufacturers of consumer and professional
electronic products, as well as the largest video game console manufacturer
and publisher. It is one of the largest music companies (largest music
publisher and second largest record label) and the third largest film studio
through Sony Entertainment Inc, making it one of the most comprehensive
media companies. It is Japan's largest technology and media conglomerate. It
is also known as Japan's most cash-rich company, with net cash reserves of 2
trillion yen.
What happened
Passwords, account information and credit card numbers for all 77 million of
Sony's PlayStation Network users were compromised in April. Sony was
criticized for not informing users sooner, and the network was temporarily
shut down. In May, it was discovered Sony Online Entertainment was also been
hacked, compromising 24.6 million users' data.
How It happened
One of the Network's most sensitive databases was accessed. Information from
an outdated 2007 database was hacked in the Online Entertainment attack.
Possible culprits
Hacking group Anonymous reportedly named Sony as a target shortly before the
attacks, but denied involvement. More likely to be a cyberthief seeking to
profit.
Cost
ROCKYOU HACK
December 2009: 32.6 million user password & email addresses
exposed
RockYou was a company that created MySpace widgets as well as applications
for various social networks and Facebook. Since 2014, it has primarily
purchased the rights to classic video games; it incorporates in-game
advertisements and re-distributes the games.
What happened
A hacker accessed all of RockYou's accounts. RockYou Reportedly failed to
notify users, then downplayed the incident. The list served as an invaluable
resource for hackers, providing real-world data on the kind of passwords
people use.
How It happened
User data was reportedly stored in highly insecure plain text format.
Cost
RockYou paid a $250,000 penalty to the Federal Trade Commission for violating
regulations on the protection of children
LAST.FM HACK
June 2012: 17.3 million user passwords hacker
Last.fm is a music website founded in 2002 in the United Kingdom. Last.fm
creates a detailed profile of each user's musical taste by recording details
of the tracks the user listens to, whether from Internet radio stations, the
user's computer, or many portable music devices, using a music recommender
system called "Audioscrobbler." This information is transferred ("scrobbled")
to Last.fm's database either through the music player (such as Spotify,
Deezer, Tidal, MusicBee, SoundCloud, and Anghami) or through a plug-in
installed in the user's music player. The data is then displayed on the user's
profile page and compiled to create individual artist reference pages.
What happened
Announced during the "Week of Leaks," in which eHarmony and LinkedIn were also
hacked. However, the hack may have occurred a year before, with the hashes
appearing on a hacking forum in 2011. All users were asked to reset their
passwords.
How It happened
Rumor has it 95% of hacked passwords were cracked from an easy-to-break MD5
encryption.
LINKEDIN/EHARMONY HACK
June 2012: 8 million user passwords leaked
LinkedIn is an American online business and employment service that operates
through websites and mobile apps. The platform, which was launched on May 5,
2003, is primarily used for professional networking and career development,
and it allows job seekers to post their CVs and employers to post jobs.
Eharmony (also spelled eHarmony) is a dating website that debuted in 2000.
Nucom ecommerce, a joint venture of German mass media company ProSiebenSat.1
Media and American private equity firm General Atlantic, owns eHarmony and
is headquartered in Los Angeles, California.
What happened
An estimated 1.5 million eHarmony passwords and 6.5 million LinkedIn passwords
were posted in encrypted hash codes on a Russian web forum. Users also
received emails asking them to click to verify their email addresses.
How It happened
With LinkedIn numbering 160+ million users, it's believed the culprit cracked
only the easiest passwords.
Cost
$500,000-$1 million for forensic work on the hack; $2-$3 million in LinkedIn
security upgrades.
GAWKER HACK
December 2010: 1.25 million user accounts hacked
Gawker Media LLC (formerly Blogwire, Inc. and Gawker Media, Inc.) was a blog
network and online media company based in the United States. It was founded
in October 2003 as Blogwire by Nick Denton and was based in New York City.
Gawker Media, based in the Cayman Islands, was the parent company for seven
different weblogs and numerous subsites as of 2012: Gawker.com, Deadspin,
Lifehacker, Gizmodo, Kotaku, Jalopnik, and Jezebel. The Creative Commons
attribution-noncommercial licence governs all Gawker articles. The company
changed its name from Blogwire, Inc. to Gawker Media, Inc., and then to
Gawker Media LLC shortly after.
What happened
Gawker Media servers were hacked and account information, along with a
20,000-word manifesto, was available by BitTorrent. A Twitter virus was
reportedly connected, Employee usernames and passwords, including founder
Nick Denton's information, was released.
How It happened
Passwords were protected with Data Encryption Standard, weak enough that
hackers could learn the first 8 characters of a password.
Culprit
Hacking group Gnosis, possibly in retaliation for the site's coverage of
4Chan and/or hacking group Anonymous.
YAHOO HACK
450,000 user passwords & emails hacked
Yahoo! is a web services provider based in the United States. It is
headquartered in Sunnyvale, California, and is operated by Yahoo Inc.,
which is 90% owned by Apollo Global Management investment funds and 10%
owned by Verizon Communications.
It offers a web portal, the search engine Yahoo Search, and a variety of
related services such as My Yahoo!, Yahoo Mail, Yahoo News, Yahoo Finance,
Yahoo Sports, and its advertising platform, Yahoo! Native.Yahoo was
founded in January 1994 by Jerry Yang and David Filo and was a pioneer of
the early Internet era in the 1990s.
What happened
Hackers claimed they were just trying to expose weaknesses in Yahoo!'s
online security. Some non-Yahoo IDs may have been breached, as well.
How It happened
Likely breached Yahoo! Voices server using an SQL injection hack. Passwords
may not have even been encrypted, hackers said.
Culprit
D33Ds Company, hacking group.
HOW PASSWORDS ARE HACKED
50% of passwords use dictionary words, slang, or common
number/letter arrangements like "12345"
In 17 minutes, hackers can break into 1,000 accounts by taking
advantage of weak passwords + automated attacks
60% of people use the same password on multiple sites, making
them more vulnerable
Most common passwords in LinkedIn theft:
- link
- 1234
- work
- god
- job
- 12345
- angel
- the
- ilove
- sex
Choosing smart passwords and varying your passwords between sites is
your first defense.
Very good resurch keep it up
ردحذفإرسال تعليق