总部位于美国的劳动力管理平台Prosperix经历了一次重大的数据泄露事件,暴露了大约25万名求职者的敏感信息。该漏洞是由配置错误的 Amazon AWS 存储桶引起的,导致包含个人数据(如全名、出生日期、职业历史、家庭住址、电话号码和电子邮件地址)的文件泄露。
暴露的文件还包括就业授权文件、驾驶执照、简历、工作申请表,甚至包括尿液检查和疫苗接种记录等医疗记录。
最新的數據洩露 – 2023 年
最近幾個月發生了多起重大數據洩露事件,其中包括 MOVEit 攻擊,該攻擊已損害了 200 多家公司和政府機構的安全。在本文中,您將找到最新數據洩露的概述,從最近的數據洩露開始。
2023 年 7 月:黑客通過微軟雲侵入美國機構
7月11日,微軟公開披露,一群黑客通過微軟雲服務中的漏洞對美國政府機構進行間諜活動。一家未透露姓名的政府機構於 6 月份首次發現了此次攻擊,該機構隨後將此事件通知了微軟和國土安全部。
該黑客組織被微軟視為“Storm-0558”。
2023 年 7 月:MOVEit 攻擊出現更多受害者
7 月份,MOVEit 攻擊造成了更大的損失,目前已損害 200 多家公司。新的受害者包括Radisson Hotels;一位發言人表示,“有限數量的客人記錄”被曝光,但沒有詳細說明具體有多少人受到影響。
這些攻擊還洩露了房地產公司仲量聯行 43,000 名員工的數據。多所大學受到影響,包括伊利諾伊大學、科羅拉多大學和約翰霍普金斯大學。其他著名的受害者包括德意志銀行、倫敦大學健康中心和紐約教育部。
總而言之,涉及數百萬人的敏感記錄與這一系列攻擊有關。更多細節不斷出現,隨著更多信息的曝光,我們將不斷更新本文。
2023 年 7 月:Apple 修補了零日漏洞
7 月 10 日,Apple 發布了一批針對 iOS 和 macOS 的快速安全響應更新。在有關更新的說明中,他們承認他們“意識到有報告稱此問題可能已被積極利用”,但沒有提供更多細節。
此更新現已推出,我建議您一有機會就下載它。為確保您的設備安全,請進入您的設置,檢查更新,並在必要時更新您的設備。
有關 Apple 安全漏洞的更多信息, 請參閱我們的完整時間表。
2023 年 7 月:Razer 調查涉嫌數據洩露事件
7月8日,一名匿名黑客在一個在線論壇上發帖稱,他們竊取了消費電子公司Razer的源代碼和其他數據。黑客提出以價值 10 萬美元的加密貨幣出售這些數據。
7月10日,Razer承認他們正在調查這一事件。
2023 年 7 月:微軟否認所謂的數據洩露
7 月 2 日,黑客組織“匿名蘇丹”聲稱入侵了微軟並竊取了超過 3000 萬個微軟賬戶的數據。該小組提供了數據樣本,但到目前為止尚未確定數據的具體來源。
微軟發言人表示,這些數據洩露的指控並不合法,並表示微軟“沒有發現任何證據表明我們的客戶數據已被訪問或洩露”。
2023 年 6 月:MOVEit 攻擊損害了 100 多家公司和政府機構
6 月份,一個名為 Clop 的俄羅斯勒索軟件組織利用文件傳輸工具 MOVEit 中的零日漏洞攻擊了100 多家公司和政府機構。
此次洩露事件襲擊了俄勒岡州和路易斯安那州的DMV,影響了這兩個州超過600萬居民,其中可能包括駕駛執照和社會安全號碼。多個聯邦機構受到影響,包括能源部。
勒索軟件黑客利用 MOVEit 漏洞攻擊薪資公司 Zellis,然後利用該漏洞攻擊 BBC、英國航空公司和愛爾蘭航空。他們入侵了殼牌,洩露了使用其電動汽車充電網絡的客戶的數據。他們入侵了多家金融服務公司,包括 1st Source Bank、First National Bankers Bank 和 Putnam Investments。
2023 年初,Clop 組織發起了 GoAnywhere 攻擊,導致 130 多家公司受到攻擊。
2023 年 6 月:報告發現超過 101,000 個 ChatGPT 帳戶被黑
Group-IB 的威脅情報團隊發布的一份報告表明,在 12 個月內,超過 101,000 個 ChatGPT 憑據被惡意軟件竊取。這些研究人員在暗網上發現了這些帳戶,可以與其他被盜數據一起出售。
這些帳戶受到用戶設備上的惡意軟件的危害;他們沒有因為ChatGPT本身被破壞而被黑客攻擊。
2023 年 6 月:UPS 向加拿大客戶發出網絡釣魚攻擊警報
6 月下旬,UPS 提醒加拿大的許多客戶,他們的數據可能已在 2022 年 2 月至 2023 年 4 月期間發生的一系列短信網絡釣魚攻擊中受到損害。在這種情況下,攻擊者冒充 UPS,並要求支付費用來交付所謂的“包裹” 。他們通過侵入 UPS 的包裹查找工具來提高自己的可信度,以便他們可以根據實際收到的包裹發送網絡釣魚文本。
UPS 在給客戶的通知中澄清,來自 UPS 的真實短信僅來自短信號碼 69877。
2023 年 6 月:黑客勒索 Reddit 機密數據
6 月 17 日,BlackCat 勒索軟件團伙威脅要公開在 2 月份的一次網絡攻擊中從 Reddit 竊取的 80 GB 機密數據。這些數據包括 2007 年及之前的帳戶憑據,Reddit 已通知其信息可能與此次洩露有關的用戶。
2023 年 6 月:Zacks 數據洩露發佈到黑客論壇
6 月 10 日,洩露數據庫 Have I Been Pwned添加了此前未報告的 890 萬 Zacks 用戶洩露事件,日期可追溯至 2020 年 5 月。此洩露事件曝光後不久,這些數據就在一個流行的黑客論壇上發佈出售。此次洩露事件包括密碼等賬戶數據,但似乎不包括信用卡號碼或其他財務數據。
2023 年 6 月:Intellihartx 披露影響 48.9 萬名患者的違規行為
6 月 8 日,醫療保健收集公司Intellihartx 通知法律官員,超過 489,000 名患者的敏感數據在合作夥伴公司 Fortra 的數據洩露中遭到洩露。被盜數據包括社會安全號碼、出生日期和醫療記錄。
該事件是 2 月份 GoAnywhere 攻擊的一部分,影響了 130 多家公司,主要集中在醫療保健行業。這些攻擊是由與俄羅斯有關聯的勒索軟件團伙 Clop 組織實施的,該團伙也在 2023 年發起了 MOVEit 攻擊。
2023 年 5 月:Apria 向 180 萬人通報 2021 年違規事件
2021 年 9 月 1 日,Apria Healthcare 發現涉及 180 萬名患者和員工敏感數據的數據洩露。儘管 HIPAA 要求公司在發現數據洩露後 60 天內報告數據洩露事件,但Apria 直到 18 個月後,即 2023 年 5 月才向任何人通報數據洩露事件。
暴露的信息似乎包括社會安全號碼、財務數據和醫療記錄。
2023 年 5 月:23.7 萬名聯邦僱員暴露於美國交通部違規行為
5 月 12 日,美國交通部向國會通報了一起影響 237,000 名現任和前任政府僱員的數據洩露事件。洩露的數據與 TRANServe 相關,這是一個補償通勤費用的系統。到目前為止,尚不清楚是誰發動了這次襲擊。
2023 年 5 月:PharMerica 披露影響 580 萬患者的違規行為
5 月 12 日,PharMerica 通知超過 580 萬人,他們的數據(包括社會安全號碼和醫療信息)在勒索軟件攻擊後已被公開曝光。PharMerica 在 3 月份發現了這一漏洞,但在黑客在線發布客戶數據後兩個月後才通知客戶。
2023 年 5 月:Discord 支持帳戶遭到入侵
5 月中旬,Discord 披露,第三方支持承包商的一個帳戶已被洩露。通過該帳戶,未知攻擊者能夠獲取一些個人信息,例如電子郵件地址。這次攻擊的影響似乎非常有限,但用戶應該對網絡釣魚嘗試保持警惕。
2023 年 4 月:T-Mobile 披露 2023 年第二次數據洩露事件
4 月 28 日,T-Mobile 通知836 名客戶,他們的數據在一次洩露中遭到洩露。儘管這次攻擊的規模比1 月份的攻擊要有限,但它包含高度敏感的數據,例如社會安全號碼、政府 ID 數據和 T-Mobile 帳戶密碼。
2023 年 4 月:美國律師協會披露影響 150 萬會員的黑客事件
4 月中旬,美國律師協會通知 150 萬名會員,他們的登錄憑據(包括加密的密碼數據)已被洩露。該事件發生在 3 月份,當時一名身份不明的黑客闖入了 ABA 舊網站的遺留系統。儘管被盜的數據不是最新的,但這也是不重複使用舊密碼的又一個原因。
2023 年 4 月:百勝餐飲集團承認客戶數據遭到洩露
4 月初,經營塔可鐘、肯德基和必勝客的母公司百勝餐飲集團 (Yum Brands) 承認,包括駕駛執照號碼在內的個人數據在 1 月份的一次事件中遭到洩露。該公司在發現事件後不久首次披露了這一違規行為;但最初,他們聲稱只有公司數據受到影響。
2023 年 4 月:MSI 被勒索軟件團伙破壞
4 月 7 日,計算機硬件公司MSI 證實勒索軟件團伙竊取了公司數據,包括源代碼。這個名為 Money Message 的勒索軟件團伙威脅稱,如果 MSI 不向他們支付 400 萬美元,他們將公開這些數據。
此次數據洩露似乎並未暴露客戶數據。
2023 年 4 月:Uber 律師事務所洩露司機敏感數據
今年 4 月,Uber 的律師事務所 Genova Burns 通知許多 Uber 司機 ,包括社會安全號碼和納稅識別號碼在內的敏感數據在該律師事務所的一次數據洩露中被盜。Genova Burns 和 Uber 都沒有透露有多少司機受到數據洩露的影響。
2023 年 4 月:西部數據確認違規
4月,數據存儲公司西部數據證實黑客已於3月26日侵入其網絡。此次攻擊後,西部數據的雲存儲服務出現中斷,5月,他們通知用戶一些客戶信息,例如加密的信息,密碼和部分信用卡號碼已在攻擊中暴露。
2023 年 3 月:ChatGPT 漏洞暴露用戶數據
3 月 24 日,OpenAI 確認存在一個 bug,導致客戶數據(包括聊天記錄付款信息)暴露給其他用戶。發生這種情況的原因是開源庫中存在漏洞,OpenAI 已對該漏洞進行了修補。事件發生後,OpenAI 通知了受影響的用戶,並創建了一個錯誤賞金計劃以幫助發現未來的漏洞。
這是首次報告涉及 OpenAI 的違規行為。如果將來發生事件,它們將記錄在此處以及我們有關 ChatGPT 違規的文章中。
2023 年 3 月:ILS 通知 420 萬客戶數據洩露
3 月 14 日,醫療保健提供商Independent Living Systems (ILS)向超過 400 萬客戶通報了數據洩露事件。此次洩露顯然發生在 2022 年 6 月和 7 月,涉及社會安全號碼、駕駛執照號碼、醫療記錄和其他高度敏感的數據。
2023 年 3 月:TMX Finance 通知 480 萬客戶數據洩露
TMX Finance 以 TitleMax、TitleBucks 和 InstaLoan 品牌運營,向480 萬客戶通報了數據洩露事件。洩露事件包括社會安全號碼、護照號碼、財務記錄和其他高度敏感的數據。
此次洩露事件發生在二月初。TMX 在 3 月份披露了這一違規行為,目前正面臨潛在的集體訴訟。
2023 年 3 月:勒索軟件組織聲稱擁有 Amazon Ring 數據
3 月 13 日,一個名為 ALPHV 的勒索軟件組織在暗網上聲稱他們入侵了亞馬遜的門鈴安全公司 Ring。亞馬遜發言人表示,他們“沒有跡象表明 Ring 經歷了勒索軟件事件”,並在另一份聲明中指出,第三方供應商可能遭遇了漏洞。
雖然該勒索軟件組織可能擁有與 Ring 客戶相關的數據,但到目前為止,我們尚未發現其他證據可以證實Amazon Ring 的數據洩露。
2023 年 3 月:AT&T 客戶數據因供應商攻擊而暴露
今年 3 月,AT&T通知大約 900 萬客戶,他們的數據在第三方供應商受到攻擊後遭到洩露。AT&T 將暴露的數據描述為“客戶專有網絡信息”,包括客戶無線套餐和付款金額的數據。據 AT&T 稱,敏感的個人或財務信息並未在此次攻擊中暴露。
2023 年 3 月:國會議員的數據因 DC Health Link 漏洞而暴露
3 月 8 日,數千名美國議員和政府僱員接到通知,他們的敏感數據可能因國會健康保險提供商 DC Health Link 的洩露而暴露。
那時,這些數據已經在 Breached 論壇上發佈出售。國會警察表示,他們正在與聯邦調查局合作調查這一事件。
2023 年 3 月:750 萬 Verizon 客戶的數據在黑客論壇上曝光
2023年 3 月,超過 700 萬Verizon用戶的記錄被發佈到流行的黑客論壇 Breached Forums 上。這些數據包括合同信息、設備信息、加密的客戶 ID 等,但洩露的數據似乎並未包含未加密的個人數據。
Verizon 回應稱,該問題源於外部供應商,並已於 2023 年 1 月得到解決。
2023 年 2 月:美國法警局披露數據洩露
2 月 27 日,美國執法官員承認,美國法警局於 2 月 17 日發現了一起數據洩露和勒索軟件攻擊事件。一位發言人表示,洩露的數據包括“法律程序返回的數據、行政信息以及與受害人相關的個人身份信息”。 USMS 調查、第三方和某些 USMS 員工。”
據美國氣象局稱,與證人保護計劃有關的數據與此次襲擊無關。調查仍在進行中。
2023 年 2 月:動視數據洩露事件曝光
2 月 21 日,動視暴雪承認,他們於 2022 年 12 月遭受了數據洩露,此前黑客通過短信網絡釣魚攻擊欺騙了一名員工。據一位消息人士稱,黑客訪問了一名人力資源員工的 Slack 帳戶,以及動視員工的電子郵件地址、電話號碼和工資等數據。該數據還包括即將推出的遊戲的發布日曆,但似乎不包含任何源代碼或客戶數據。
動視當時沒有向任何人通報此次洩露事件,直到安全研究組織 vx-underground在 Twitter 上曝光此事後才承認了這一泄露事件。
2023 年 2 月:百事裝瓶企業遭遇惡意軟件攻擊
2023 年 2 月,百事裝瓶風險投資公司提交了一份安全事件通知,承認他們在 2022 年 12 月 23 日經歷了惡意軟件攻擊,並於 1 月 10 日發現了漏洞。被盜數據顯然包括個人信息,例如社會安全號碼和登錄憑據,但尚不清楚這些信息是否與客戶有關或與員工有關。
目前還不清楚百事可樂是否受到此次違規行為的影響。百事裝瓶風險投資公司是美國最大的百事可樂裝瓶商,但他們與百事公司本身是不同的公司。
2023 年 2 月:330 萬患者因遺產提供者網絡洩露而暴露
今年 2 月,總部位於加州的 Heritage Provider Network向患者透露,他們在 12 月 1 日遭受了勒索軟件攻擊。超過 300 萬患者的數據在洩露中被暴露,包括社會安全號碼、醫療記錄和其他高度敏感信息。
自本披露以來,已經針對 Heritage Provider Network 及其合作夥伴提起了幾起集體訴訟。
2023 年 2 月:超過 130 家公司涉及 GoAnywhere 攻擊
2 月 1 日,Fortra向其客戶透露,黑客在其 GoAnywhere MFT 文件傳輸工具上利用了零日漏洞。幾天后,Clop 勒索軟件組織聲稱利用此漏洞攻擊了 130 多家使用該工具的公司。
受影響的公司包括 Community Health Systems,該公司在美國運營著 1,000 多個醫療機構。在 2 月 13 日向 SEC 提交的文件中,該公司估計大約 100 萬人的個人信息在數據洩露中被洩露。
此次洩露也影響到了寶潔公司,但洩露事件並未涉及客戶數據。
2023 年 1 月:PeopleConnect 2000 萬客戶的數據發佈到黑客論壇
1 月 21 日,一名黑客公開發布了有關 InstantCheckMate 和 TruthFinder 的數據,這是 PeopleConnect 旗下的兩種流行背景調查服務。這些數據包括超過 2000 萬客戶的記錄,顯然是從 2019 年的備份文件中提取的。
2023 年 1 月:T-Mobile 披露影響 3700 萬客戶的數據洩露事件
1 月 19 日,T-Mobile 披露網絡攻擊者竊取了3700 萬客戶的個人數據。T-Mobile 表示,此次洩露僅涉及“一組有限的客戶帳戶數據”,但其中包括姓名、地址、電話號碼、帳號等。
該事件發生於 2022 年 11 月。T-Mobile 於 2023 年 1 月 5 日檢測到該漏洞,隨後他們迅速關閉了相關漏洞並對事件展開調查。
事件發生後,谷歌通知 Google Fi 客戶,他們的數據也與此次洩露有關。其他谷歌服務並未受到此次攻擊的影響。
2023 年 1 月:禁飛名單因不安全的服務器而洩露
1 月 19 日,一名化名“maia arsoncrimew”的瑞士黑客報告稱,她訪問了 2019 版禁飛名單,該名單以 CSV 文件形式存在,其中包含超過 150 萬個姓名。根據她的帳戶,她在屬於支線航空公司 CommuteAir 的暴露服務器上找到了該文件。
黑客尚未公開披露這些信息,但她有選擇地與記者、人權組織和“具有合法利益的其他各方”分享了這些信息。TSA 和 CommuteAir 均發表聲明,表示正在調查這一事件。
2023 年 1 月:PayPal 報告撞庫攻擊
1 月 19 日, Paypal向近 35,000 名賬戶被不當訪問的客戶發出了數據洩露通知。該事件是一次撞庫攻擊,黑客利用了在之前涉及其他服務的事件中暴露的密碼和其他數據。
這是一個為什麼不應重複使用密碼的案例。如果您在多個網站上使用相同的密碼,則在一次數據洩露中竊取您的密碼(或在暗網上找到密碼)的攻擊者可以在使用相同登錄憑據的任何帳戶中使用該密碼。
2023 年 1 月:諾頓 LifeLock 警告客戶防止撞庫攻擊
一月中旬,諾頓 LifeLock 的母公司 Gen Digital向用戶發出了關於撞庫帳戶的警告,其中黑客通過在暗網上找到或購買的憑據闖入用戶的帳戶。
Gen Digital 在 12 月 12 日註意到“異常大量”的失敗登錄嘗試後檢測到了此次攻擊。根據他們的說法,他們已通知大約 6,450 名可能受到影響的用戶。
2023 年 1 月:Mailchimp 披露社會工程攻擊
1 月 11 日,Mailchimp 檢測到一次社會工程攻擊,其中一名黑客誘騙一名員工洩露其帳戶憑據。他們繼續訪問 133 個用戶帳戶。Mailchimp 隨後停止了攻擊,並提醒用戶可能已受到影響。
2023 年 1 月:超過 2 億 Twitter 用戶的數據庫公開
在一系列勒索企圖和洩密事件發生後,超過 2 億 Twitter 用戶的大量數據於 2022 年 12 月在黑客之間傳播,並於 1 月4 日在 BreachForums 上完整髮布。這些數據包括電子郵件地址、姓名和用戶名,但似乎不包括密碼或其他高度敏感的數據。
該數據最初是通過利用 2021 年 6 月至 2022 年 1 月期間暴露的 API 漏洞進行抓取的。該漏洞被不同的黑客反複利用,並在 2022 年下半年導致了多次勒索軟件嘗試和洩漏。最近,一名黑客已知12 月底,Ryushi試圖以 20 萬美元贖回數據。
一些報告稱被盜賬戶數量高達 4 億,但刪除重複項後,最終數字似乎接近 2.1 億。它確實包含一些知名賬戶的數據,例如亞歷山大·奧卡西奧-科爾特斯、小唐納德·特朗普和馬克·庫班的賬戶。
結論
這就是我們最近的數據洩露事件的時間表。如需了解更多信息,請查看我們2022 年和2021 年的數據洩露時間表。您還可以在此處查看 2022 年最大的違規行為。
Data breach at Russian ISP impacts 8.7 million customers
- Date: 2019-10-07
- Impact: 8.7m
- Fields: full names, addresses, mobile and home phone numbers
Beeline, a Russian telecommunications company with clients in Russia, all of Asia, and Australia, admitted to the breach.
The data of 8.7 million customers from Russian internet service provider Beeline is being sold and shared online, Russian media reported today.
The data contains personal details such as full names, addresses, and mobile and home phone numbers.
https://www.zdnet.com/article/data-breach-at-russian-isp-impacts-8-7-million-customers/
MGM Resorts hotel guests
- Date: 2020-07-12
- Impact: 142 million
The MGM breach occurred in the summer of 2019 when a hacker gained access to one of the hotel’s cloud servers and stole information on the hotel’s past guests.
The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests, and not just the 10.6 million that ZDNet initially reported back in February 2020.
Truecaller Data Breach: 47.5 Million Users’ Personal Data for Sale on Dark Web
2020-05-28
Cyble, a cybersecurity & research agency, found a ‘For Sale’ ad from a seller on a Dark Web site. The post ensured a delivery of Truecaller data dump of 47.5 Million users’ personal details for $1000. Or in Indian numbers, a 4.75 Crore Users’ Database for around INR 75,000.
the dump included details of 47.5 Million Truecaller users including sensitive information like,
- Name
- Phone Number
- Gender
- Network Carrier
- Location – City, State
- Facebook ID
- And more
Snapchat Data Breaches
May 2019: News Breaks of Snapchat Employees Spying on User Accounts
In May 2019, reports emerged that Snapchat employees were abusing their access privileges to spy on users. Along with viewing messages, employees reportedly accessed location information, phone numbers, and email addresses.
The tool involved in the spying goes by the name SnapLion internally. It was initially designed to assist with law enforcement requests, including subpoenas and court orders, giving authorized employees a way to gather the required data. Over time, it was also used for spam and abuse tracking, as well as to analyze bullying and other harmful activities.
However, former employees came forward stating that not all employees were using the capability for legitimate requests. Employees with authorization to use the tool weren’t always limiting themselves to justifiable reasons, essentially using SnapLion to spy on accounts without oversight.
It isn’t clear how many accounts were accessed inappropriately or whether there were any consequences for impacted users. Additionally, it isn’t known when the unauthorized activities began or if they are ongoing.
July 2017: Phishing Attack Captures Details on 50,000 Snapchat Accounts
In February 2018, reports emerged of a phishing attack that targeted Snapchat users in July 2017. It allowed attackers to collect account passwords from over 55,000 users, mainly by tricking the targeted users into believing they were logging into Snapchat.
The attackers created a mobile site and made use of a compromised account to send users a link. The hackers then sent messages to users containing the nefarious link, sending them to a fake site that mimicked the Snapchat login screen. If a targeted user entered their credentials, the hackers were able to collect and store that information.
After acquiring the data, the hackers published lists that contained the stolen login credentials. Anyone who accessed the list was able to see the user names and associated passwords, giving them a way to access the account.
February 2016: Cyberattack Exposes Snapchat Employee Data
In February 2016, a phishing attack allowed a scammer to access payroll information on a group of current and former Snapchat employees. An attacker impersonated the company’s CEO and requested the data. A payroll department employee didn’t recognize it was a scam and provided some requested information.
The incident was considered isolated, and no user data was involved. The exact number of impacted employees wasn’t disclosed, and the incident was reported to the FBI.
January 2014: Data Hack Exposes Details from 4.6 Million Accounts
In January 2014, news broke of a hack that exposed details from 4.6 million Snapchat accounts. A gap in the company’s security was said to be responsible. The vulnerability allowed hackers to acquire the usernames and phone numbers of millions of users. The stolen information was reportedly downloaded by a site using the name SnapchatDB.info and was made publicly accessible.
The hackers claimed that they were able to access the data by taking advantage of a vulnerability that security researchers discovered the week prior. The researchers posted about the security issue, claiming it made the app’s API hackable in a way that exposed user information.
Two days after the post, Snapchat stated that the issue wasn’t a problem and that it had taken action to make using the vulnerability “more difficult.” However, the subsequent attack made it seem as if any efforts on Snapchat’s part were insufficient.
AT&T Data Breaches
March 2023: AT&T Notifies 9 Million Customers Following Attack on Vendor
In March, AT&T notified roughly 9 million customers that their data had been compromised following an attack on a third-party vendor. AT&T described the exposed data as “Customer Proprietary Network Information,” including data on customers’ wireless plans and payment amounts. According to AT&T, sensitive personal or financial information was not exposed in the attack.
August 2022: Stolen Data Discovered on 23 Million AT&T Customers
Hold Security – a cybersecurity firm – came across a trove of stolen data featuring the names, Social Security numbers, dates of birth, and more information on approximately 23 million Americans. After analyzing the information contained within the dataset, Hold Security determined the data likely relates to current or former AT&T customers.
The reason the cybersecurity firm believes the data pertains to AT&T customers is based on email domains, plus addressing, listed states aligning with AT&T internet areas, AT&T corporate addresses appearing in the dataset, and more. A significant amount of the customer information shows birth years of 2000, which suggests the data was acquired in 2018, based on the age requirement for getting an account.
AT&T didn’t confirm or deny where the data was related to customers but did state that it didn’t seem to originate from its systems. Instead, the company said it was potentially connected to a data incident at another company without elaborating further.
August 2021: Hacker Group Lists Data on Over 70 Million AT&T Customers for Sale
In August 2021, news emerged after a hacker group claimed it was selling data on over 70 million AT&T customers. RestorePrivacy found the information and attempted to determine if the sample data listed as part of the sale was authentic, and did find some matches based on public records. However, the group couldn’t confirm whether it was connected to AT&T customers specifically.
AT&T denied that the featured data is related to a new breach. The company claimed it didn’t appear to come from AT&T systems. As a result, the genuine source of the data isn’t known.
2014: AT&T Insider Data Breach Exposes Information on 280k Customers
In 2013 and 2014, employees at AT&T call centers operating in Colombia, Mexico, and the Philippines exposed sensitive customer data to third parties. The data included the names and Social Security numbers (either full or partial) of approximately 280,000 AT&T customers.
The data wasn’t specifically collected for identity theft or similar purposes. Instead, the information was improperly accessed and sold to unlock mobile devices, likely to simplify reselling.
In April 2015, the Federal Communications Commission (FCC) fined AT&T $25 million for the breach, a record-setting amount at the time for a privacy-related issue.
June 2010: Security Flaw in AT&T’s Website and Mobile Network Exposes 114k iPad User Email Addresses
In June 2010, a hacker group claimed it had gathered email address information on 114,000 Apple iPad users associated with AT&T service. The hackers stated that they exploited a vulnerability on the company’s website and were able to collect identification numbers – the ICC-IDs – when the associated iPads communicated using the AT&T network. With that information, it’s possible to derive the connected emails.
AT&T acknowledged and claimed responsibility for the breach, though focused on minimizing the incident. The company also eliminated the feature on its website that was exploited.
T-Mobile Data Breaches
January 2023: Hacker Uses API to Access Data on 37 Million Accounts
In January 2023, T-Mobile announced that a “bad actor” exploited an API vulnerability to obtain information from customer accounts. While the exact impact of the data breach isn’t known, up to 37 million postpaid and prepaid accounts are potentially affected.
T-Mobile identified malicious activity – which took place in November 2022 – on January 5, 2023, and contained the incident within 24 hours. The company states that no sensitive information – such as credit card numbers – was gathered by the attacker during the hack.
However, the company admits that some personally identifiable information, such as names, billing addresses, phone numbers, and emails, was breached. The company began notifying customers whose details were compromised in January 2023.
August 2021: Hackers Steal Data on Nearly 77 Million T-Mobile Customers
In August 2021, T-Mobile announced a data breach involving 40 million T-Mobile customers. Over time, the number of impacted customers climbed, ultimately reaching 76.6 million. Highly sensitive data was gathered by hackers, including names, Social Security numbers, and information from driver’s licenses.
The data featured a mix of current customer records and individuals who applied for credit with T-Mobile. Account numbers, phone numbers, passwords, PINs, or financial data like credit card numbers were not part of the breach.
In June 2022, T-Mobile agreed to a settlement on a class-action lawsuit filed by customers who were harmed in the breach. The wireless company agreed to pay $350 million to settle claims made by customers and an additional $150 million to improve its cybersecurity measures.
December 2020: Hackers Access Customer Information on 200,000 Accounts
In January 2021, T-Mobile announced a data breach that it detected in December 2020. Unauthorized access to customer information was detected, and the company took swift action once it identified the attack to prevent further data acquisition.
In total, around 200,000 T-Mobile customers were impacted by the breach. The hack specifically involved “customer proprietary network information (CPNI),” such as phone numbers, the number of lines on accounts, and some call-related data. Customer names, email addresses, financial details, passwords, PINs, and Social Security numbers were not stolen during the incident.
November 2019: Over 1 Million Prepaid T-Mobile Customers Impacted by Data Breach
In November 2019, T-Mobile announced a data breach involving more than 1 million prepaid customer accounts. Hackers accessed personal information, including names, addresses, phone numbers, and account numbers. Credit card information and Social Security numbers were not part of the breach. Additionally, passwords weren’t compromised.
The attack itself was detected in early November 2019, and T-Mobile took immediate action to halt it. The exact nature of the hack wasn’t disclosed, and T-Mobile didn’t state how long the information was exposed before the attack was identified.
August 2018: Data on 2 Million T-Mobile Subscribers Stolen
A relatively short attack occurred in August 2018, but it nonetheless exposed a significant amount of T-Mobile subscriber data. By exploiting an API with a vulnerability, hackers were able to gain access to a database and collect information on an estimated 2 million T-Mobile subscribers.
Customer names, account numbers, billing address zip codes, phone numbers, and email addresses were potentially exposed during the incident. Financial data and Social Security numbers weren’t stolen. Additionally, passwords weren’t accessed.
T-Mobile informed the impacted customers with relative speed, primarily recommending password changes and vigilance. The company also broadly recommended regular password changes as a security measure to all customers, regardless of whether they were impacted by the breach.
October 2015: Data on 15 Million T-Mobile Subscribers Stolen from Experian
- Date: 2016-03
- Impact: 27M
Which was reported in October 2015, didn’t involve breaching T-Mobile systems, the impact directly hit the wireless company’s customers. Names, addresses, birth dates, Social Security numbers, driver’s license numbers, and passport numbers were compromised, with approximately 15 million T-Mobile customers being impacted.
Hackers breached the Experian network and collected T-Mobile data. The data was provided to Experian for the purpose of conducting credit checks on customers who wanted to finance phones or open up new accounts with the carrier.
Facebook Data Breaches
April 2021: Personal Data for Over 530 Million Facebook Users Leaks in Online Forum
In April 2021, a trove of data pertaining to over 530 million Facebook users was publicly posted in an online hacking forum. The leaked data appears to have been scraped from Facebook in 2019, when a group of hackers exploited a vulnerability in Facebook’s contact importer.
Back then, users could readily find people on Facebook by entering phone numbers into a contact importer. In violation of Facebook’s terms of service, hackers scraped users’ profile data by exploiting this tool. Most of the scraped data was tied to users’ phone numbers, and only 2.5 million email addresses were obtained.
Facebook fixed the vulnerability by September 2019. But they decided against notifying the 530 million users whose personal data had been scraped.
In an internal memo, Facebook dismissed the incident as a data scraping issue, unavoidable for social media platforms: “We expect more scraping incidents and think it’s important to both frame this as a broad industry issue and normalise the fact that this activity happens regularly.”
As a result of this and other incidents, Facebook has come under pressure from the European Union for violating its General Data Protection Regulation (GDPR). In October 2021, the Irish Data Protection Commission proposed a fine of up to 36 million euros for these data privacy violations.
You can check to see if your data may have been breached at haveibeenpwned.com.
December 2019: Hacker Group Captures Data from 300+ Million Facebook Accounts
In December 2019, Facebook user data from approximately 267 million accounts was found unprotected on the dark web. The data included names, phone numbers, and Facebook IDs. Then, in March 2020, a second server was discovered that contained data on 42 million more users, bringing the total up to 309 million.
Both servers were associated with the same criminal group, a collection of hackers based in Vietnam. It’s believed that Facebook API abuse or illegal scraping were involved in the data capture.
This batch of stolen data came up for sale on the dark web again in April, 2020. Once data is exposed, it’s hard to put the genie back in the bottle.
September 2019: Data for 419 Million Facebook Users Found on Exposed Server
An unsecured server holding personal data on 419 million Facebook users was found in September 2019. The server was publicly accessible, allowing potentially anyone to find the Facebook ID and phone number of the impacted user. In some cases, the user’s name, country location, and gender were also in the server records.
The server housing the data didn’t belong to Facebook, and it’s unclear who scraped the data to begin with. The server was eventually taken down.
April 2019: Facebook Uploads 1.5 Million Users’ Email Contacts Without Permission
Between May 2016 and 2019, Facebook uploaded 1.5 million users’ email contacts without their permission. When the new user opened their account, Facebook asked the person to enter their email password to verify the email. Once that occurred, the person’s contacts’ email addresses were imported automatically, all without Facebook requesting permission or the option for the new user to cancel the process. From there, Facebook began using the information to improve ad targeting and recommend friends.
April 2019: 540 Million Facebook User Records Found on Public Server
Researchers with the security firm UpGuard found approximately 540 million Facebook user records captured by app developers stored in an Amazon cloud public server, making the information accessible to the public through the internet. The data included Facebook IDs, account names, comments, reactions, likes, and more.
After the discovery, UpGuard reached out to Cultura Colectiva – the server hosting company – informing them about the unsecured data. Still, it took months before the server was ultimately secured, as no action was taken until Facebook became fully aware of the situation.
Facebook was not directly responsible for this breach, as it was the app developers who improperly stored the information. However, Facebook still bears responsibility over what happens on its platform – and in any case, they have pledged repeatedly not to share users’ information with outside companies.
March 2019: Up to 600 Million Facebook Passwords Stored in Plaintext Files
In March 2019, a report found that as many as 600 million Facebook user passwords had been stored in plaintext files, some dating back as far as 2012. While only Facebook employees had access to those files, it meant that user passwords were fully exposed to approximately 2,000 employees.
Later, it was determined that millions of Instagram user passwords were also being stored in plaintext files, leaving them exposed as well. It isn’t clear if any of the password data was ever improperly used.
September 2018: Attackers Access Data of Up to 90 Million Facebook Users
Still reeling from the damage caused by the Cambridge Analytica scandal, Facebook was embroiled in another data breach. In September 2018, Facebook announced that attackers had accessed user data, allowing them to see the entire contents of user profiles.
The breach was able to occur due to a flaw in the platform’s “View As” feature. With that feature, users can view their profile as if they were another user, giving users insights into what other Facebook users could potentially see. An issue in the code gave attackers the ability to steal a user’s access tokens, giving them the ability to view profile information that may otherwise be private.
According to Facebook, the vulnerability went unnoticed for more than one year. Once spotted, the code issue was corrected, and impacted users’ access tokens were reset. In total, the attackers accessed profile data on anywhere from 50 to 90 million users.
May 2018: Facebook Bug Makes 14 Million Users’ Private Posts Public
Facebook ostensibly gives users control over who can see their posts and their profile. Usually, users have the ability to make certain posts relatively private, limiting who can view the post to, for example, just specific individuals or those included in their list of friends on Facebook.
In May 2018, a glitch prevented the privacy settings from working correctly. As a result, 14 million users’ private posts were shared publicly even though they were initially posted with viewing limitations. These posts became public without users’ knowledge or consent.
The bug was reportedly related to a new feature Facebook was testing, which rolled out on May 18, 2018. The bug was identified fairly quickly, but a fix for the problem didn’t begin rolling out until May 22, and the bug wasn’t fully resolved until May 27.
March 2018: Cambridge Analytica Scandal Affects 50+ Million Users
In its biggest privacy scandal to date, Facebook exposed data on 87 million users to the political consulting firm Cambridge Analytica. This firm got its data through Aleksandr Kogan, a researcher at Cambridge who had access via a quiz app.
Between 2013 and 2015, Cambridge Analytica exploited a loophole in Facebook’s API that enabled it to compile profile data not just from users who downloaded the app, but also from their friend networks. Although Facebook told developers they couldn’t market or sell this kind of data, they did not enforce this policy, allowing Cambridge Analytica to harvest and sell it for years without repercussions.
This was a major breach of user privacy, but it can’t really be considered a hack. Facebook knew Cambridge Analytica was misusing user data as far back as 2015, but Facebook refused to acknowledge any issue and did not take action until the media raised the heat on its coverage in March 2018.
June 2013: Bug Exposes Personal Data of 6 Million Users
In June 2013, news broke of a bug that exposed the sensitive personal data of approximately 6 million Facebook users. The glitch – which was related to the contact information archive – allowed the users’ email addresses and phone numbers to be viewed by unauthorized individuals.
The sensitive data was typically accessed by unauthorized people in error. When a user attempted to download contact information from the connections on their friends list, additional contact details that they weren’t authorized to view were added to the download.
Technically, the issue surrounding this breach is believed to have begun in 2012. However, the bug wasn’t actually spotted until 2013. As a result, it was in place for about a year before a fix was issued.
2015 Experian T-mobile
2015-10
Date: October 2015
Impact: 15,000,000 records
Summary: Experian, the world’s largest data-monitoring firm, revealed a massive data breach that had exposed the details of T-mobile consumers. Specifically, the breach exposed the details of customers who were applying for credit checks from September 1, 2013, to September 16, 2015. These records included sensitive information, such as addresses, names, birth dates, and encrypted fields with ID and Social Security numbers.
In the spirit of fairness and transparency, CEO John Legere offered two years of identity resolution services and free credit monitoring to affected customers.