History of data leaks
Data leaks have become more common and dangerous over the decades. However, some of them stand out as instructive examples of how security breaches have evolved, how attackers can orchestrate these attacks, what can be stolen, and what happens to data after a breach.
Digital data leaks began long before the widespread use of the Internet, but in many ways they were similar to the leaks we see today. One of the first notable incidents occurred in 1984 when credit reporting agency TRW Information Systems (now Experian) discovered that one of its database files had been hacked. The find was protected by a numeric access code that someone had taken from an administrative note at a Sears store and posted on a “electronic bulletin board” — a kind of rudimentary Google document that people could access and change using a landline phone connection. From there, anyone who knew how to browse the bulletin board could use the password to access the data stored in the TRW file: the personal data and credit histories of 90 million Americans. The password was revealed within a month. At the time, TRW stated that it changed the database password as soon as it became aware of the situation. While this incident is eclipsed by last year’s Equifax credit reporting agency hack (discussed below), TRW’s omission was a warning to data companies around the world that was clearly ignored by many.
Large-scale hacks, such as the TRW incident, have occurred from time to time as the years have gone by and the internet has evolved. By the early 2010s, when mobile devices and the Internet of Things had significantly expanded their interconnection, the problem of data leakage became especially relevant. The theft of username/password pairs or credit card numbers — even hacking into an array of data collected from public sources — can give attackers the keys to someone’s entire online life. And some breaches in particular have fueled the growth of the dark economy of stolen user data.
One such incident was the LinkedIn hack in 2012, in which it initially appeared that 6.5 million passwords were compromised. The data was hashed or cryptographically scrambled as a security to make it illegible and therefore difficult to reuse, but hackers quickly began to “crack” the hashes to reveal LinkedIn users’ real passwords. While LinkedIn itself has taken precautions to reset the affected account passwords, attackers still benefited greatly by finding other online accounts where users have reused the same password. This all too common poor password hygiene means that one breach can haunt users for years.
The LinkedIn hack also turned out to be even worse than it seemed at first glance. In 2016, a hacker known as “Mir” began selling account information, such as email addresses and passwords, from 117 million LinkedIn users. The data stolen in the LinkedIn hack has since been resold and resold by criminals, and attackers are still successfully exploiting the data today as many people have been reusing the same passwords for different accounts for years.
Data leaks didn’t really become dinner table food until late 2013 and 2014, when major retailers Target, Neiman Marcus, and Home Depot were hit by massive leaks one after the other. The Target hack, first publicly disclosed in December 2013, affected the personal information (such as names, addresses, phone numbers, and email addresses) of 70 million Americans and compromised 40 million credit card numbers. Just a few weeks later, in January 2014, Neiman Marcus admitted that its point of sale systems had been hit by the same malware that infected Target, revealing information about approximately 110 million Neiman Marcus customers and 1.1 million credit and debit numbers. kart. Then, after months of the fallout from those two hacks, Home Depot announced in September 2014 that hackers had stolen 56 million credit and debit card numbers from its systems by installing malware on the company’s payment terminals.
However, at the same time, an even more devastating and sinister attack was taking place. The Office of Human Resources is the administrative and human resources department for US government employees. The department administers security clearance, conducts background checks, and maintains records of all past and present federal employees. If you want to know what’s going on inside the US government, you need to hack this department. That’s what China did.
Chinese government-linked hackers have infiltrated the OPM network twice, first stealing the network’s technical blueprints in 2013, and shortly thereafter initiating a second attack in which they gained control of the administrative server that controlled the login authentication for all other servers. In other words, by the time OPM fully realized what had happened and took action to eliminate the attackers in 2015, hackers had been able to steal tens of millions of detailed records of every aspect of federal employees’ lives, including 21.5 million Social Security numbers. and 5.6 million fingerprint records. In some cases, the victims were not even federal employees, but were simply related in some way to government employees who passed background checks. (These checks include all sorts of extremely specific information, such as cards of the subject’s family, friends, colleagues, and children.)