StartupTalky

Tag: database breach

  • Everything you Need to know about recent Facebook Data leak

    On 2 April 2021, around 533 million Facebook users data were leaked in a low level hacking forum. The published information includes Phone numbers and personal data. The data was leaked online and uploaded for free in low level hacking forums.

    The data breach was found by the co-founder and the Chief Technical Officer of Hudson Bay, Alon Gal. Hudson Bay is a cybersecurity firm. He found the cache of the leaked data online on 3 April 2021.

    Leaked data
    Previous Data Breach of Facebook
    Various possibilities to misuse the data
    Legal Solution in India
    FAQ

    Leaked data

    According to Alon Gal, all your details on Facebook which include your name, occupation, gender, marital status, relationship status, the date of joining on Facebook, the place where you work, the date of joining your occupation, your Facebook bio, etc. He said in some cases even your Email ids and Phone numbers would have been leaked on the internet.

    It is said that the exposed data includes the personal information of 533 million users across 106 countries. It is estimated that 36 million personal information has been leaked from the U.S, 11 million users personal information has been leaked from the U.K and around 6 million users personal information has been leaked from India, 8 million personal information from Brazil 3.8 million users personal information from Bangladesh, 1.2 million users personal information from Australia, etc.

    These are some of the major countries whose users data have been released on the internet.

    Previous Data Breach of Facebook

    This is not the first time the data from Facebook has been leaked on the internet. In the year 2019 the same data, the data of 419 million users was leaked. It was being sold on telegram an instant messaging platform by charging a fee of $20 per search.

    2019 Facebook Data Leak
    2019 Facebook Data Leak

    Similarly, the data was leaked in the month of June 2020 as well. Now the data has been leaked again and this time anyone who requires the data can access it for free from low level hacking forums. It is easily accessible to any individual who can misuse it.

    Alon Gal has said that he discovered the leaked data in the month of January 2021 for the first time. It was through an advertisement by a hacking forum of an automated bot. The automated bot could provide phone numbers for hundreds of millions of Facebook users in return for a particular amount of money.

    The Motherboard had reported on that bot’s existence during that point of time and also verified that the data was legitimate. He added that if you have a Facebook account then it is extremely likely that the phone number you used for your account was leaked online. Cyber researcher Dave Walker confirmed that Mark  Zuckerberg’s  data was also leaked that revealed that he uses its competitors Signal messaging app.


    Privacy Focused Messaging Apps you should use in 2021
    We all have private discussions, yeah, private! If it’s an embarrassing story, abureau gossip, or opening your emotions, and the last thing you expect issomeone to see or use your messages to serve your ads. You can leave anythingexposed unless you use an encrypted chat program. As per the most …
    StartupTalkyMichelle D’souza

    Various possibilities to misuse the data

    The leaked data is easily accessible by anybody on the internet. It can be used on different individuals for various cybercrimes. The details can be used and exploited by advertisers to target their set of customers to push targeted advertisements.

    The data can also be used by hackers to perform hacking attempts or social media engineering attacks. In simple terms, they can use your data to hack your social media profiles. Even an individual with the basic level or underdeveloped data skill can use the leaked data to perform certain Cybercrimes.

    In the year 2018, it was said that the political firm called Cambridge Analytica had mined the data from 50 million Facebook profiles. The firm had mined and gathered the data and later used it to help the political candidate from across the globe to target their candidates and making them win the elections. This was also covered in a Netflix documentary – The Great Hack.

    2018 Facebook-Cambridge Analytica Scandal
    2018 Facebook-Cambridge Analytica Scandal

    This was revealed after the backdrop of the U.S presidential elections of 2016 and the referendum of Brexit.

    According to Alon Gal, the leaked data could provide valuable information to cybercriminals who use people’s information to scam them or impersonate them into handing over their login credentials.

    He also said that the huge information and the phone numbers which are leaked on the internet will lead certain bad actors to easily take advantage of the data.

    Startup News for the Week by StartupTalky| April 2021
    Startup Ecosystem has changed the outlook on business and enterprises, and hasimpacted our economy, budgets, and a lot more. Here we bring you fresh news onstartups their operations, budgets, and all the new technology they bring forth.This week’s startup headlines include funding and investment …
    StartupTalkyAnsh Mehrey

    India is yet to have a strict data protection regulatory bill. Several countries in the West have Data Protection Regulation. In India, a bill names the Personal Data Protection bill is yet to be passed in the Lok Sabha. It has been pending since 2019.

    The bill is said to contain certain provisions regarding to the breach of personal data. However, one can rely on sections 43A and 72A of the Information Technology Act of 2000. This article provides compensation in the case of improper disclosure of personal information.

    From a security point of view, there is nothing much Facebook can do about the data leak of the users since it is already leaked on the internet and it has affected the users said, Alon Gal.

    FAQ

    How did Facebook leak data?

    The recent data breach is believed to relate to a vulnerability which Facebook reportedly fixed in August of 2019. While the exact source of the data can’t be verified.

    How to check if your Facebook data was leaked?

    haveibeenpwned.com is a site developed by Australian web-security consultant Troy Hunt, where you can enter your phone number or email address and see the result.

    How does Facebook make money from data?

    Facebook  makes most of its money by serving ads on the social media and messaging platforms it owns — Facebook, Messenger, Instagram, and WhatsApp. Advertisers pay Facebook to make their ads visible to people.

    Conclusion

    Alon Gal added on saying that what Facebook could possibly do is notifying users, so that they could stay cautious on certain phishing schemes or frauds using their personal data.

  • List of the biggest Startup Data Leaks

    The costliest and fastest-growing outcome of cybercrime is the theft of information. Millions of people’s personal and confidential data are stolen and a fast buck is substituted. To deter cybercriminals from building solutions against them, cybercriminals are continually evolving and discovering new ways to exploit online security. But hackers aren’t the product of all data violations. ‘loopholes’ and unprotected servers most frequently provide wrong actors with access without even breaking-in. The pandemic has shaken the nation, leaving private and government entities with trouble conducting their daily operations. With the unforeseen COVID 19 circumstances, corporations and organizations, including layoffs, pay cuts, and more, are among the most affected industries. The pandemic has forced companies and organizations, by using remote operations, digital platforms, etc., to transition their working formats, accelerating adoption of the technology. Sources say that 94% of organizations are currently using a cloud service, and 83% of businesses’ workloads will be in the cloud.

    1. Big Basket user data for sale online

    On October 2020 around 20 million users account information were leaked

    In October 2020 around 20 million users’ account information was leaked. According to the Atlanta-based cyber intelligence company Cyble, consumer data from the online grocery platform Big Basket is for sale in the online cybercrime market. With a price tag of 3 million rupees ($40,000), part of a database containing personal details of nearly 20 million users was available, Cyble said on November 7. The data included names, email IDs, hashes for passwords, PINs, mobile numbers, addresses, birth dates, locations, and IP addresses. Cyble said it discovered the data on October 30 and disclosed the apparent violation to Big Basket on November 1 after comparing it with the details of Big Basket users to confirm it.

    2. Twitter Breach

    130 Twitter accounts were targeted due to the twitter breach

    The attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to their internal systems. Via a phone spear-phishing attack, the famous microblogging site came under cyberattack in July this year. 130 Twitter accounts were targeted, eventually Tweeting from45, accessing DM inbox 36, and downloading Twitter Data from 7. To access the internal systems and obtain knowledge about the processes, the attackers used special employee passwords. This information then allowed them to target additional staff who had access to the support resources for the Twitter account.

    3.Whatsapp Breach

    The new policy effectively takes away the discretion that users

    The new policy effectively takes away the discretion that users had until now not to share their information with other apps owned by Facebook and third parties. While the revised privacy policy of Facebook-owned WhatsApp has stoked fears about privacy and data sharing with other apps, what is missing in the midst of the clamour is this: if India had a data protection law in place, WhatsApp would not have been able to go forward with this update in the first place. In reality, for two years now, India’s data protection law has been languishing.

    4. Zoom Credential-Based Breach

    More than 500,000 Zoom accounts were hacked in April

    More than 500,000 Zoom accounts were hacked in April and then sold for either free or less than a penny each on the dark web and hacker forums. The compromised credentials are gathered through password stuffing attacks, according to reports, where threat actors attempt to login to Zoom using accounts leaked from older data breaches. The efficient logins are then collected into lists that are marketed to other hackers.

    5. Unacademy Data Breach

    Over 20 million user accounts were exposed and sold to the Dark Web

    Unacademy, one of the prominent online educational platforms based in Bengaluru, suffered a data breach in January this year. Over 20 million user accounts, including usernames, SHA-256 hashed passwords, date entered, last login date, email addresses, first and last names, and whether the account is active, a staff member, or a superuser, were exposed to the breach and sold on the Dark Web. The big data breach was revealed by the US-based cybersecurity company Cyble, according to reports. There are also several accounts using corporate emails in the exposed database, including those of Wipro, Infosys, Cognizant, Google, and Facebook.

    6. Tetrad Data Breach

    Market research company Tetrad experienced a data breach on February 3 that included data from Tetrad customers, and it differs by the form of business and their data collection methods. The data included a spreadsheet detailing over 4,000 current and expected locations related to IBM Tririga deployments, according to reports. Other critical data, such as the sum of 130 million rows of data on US households, were compromised in addition to the data collected by retail companies.

    7. Sina Weibo Data Breach

    In March, the Chinese Weibo social network suffered a major breach of data containing 538 million Weibo users’ information. Personal details, such as real names, site usernames, gender, location, phone numbers, among others, were included in the data. The hacker was selling the Weibo data for just ¥1,799($250), according to reports.

    8. Easyjet Data Breach

    EasyJet also reported that 2,208 traveler’s credit card details were revealed

    The British low-cost airline group EasyJet experienced a large-scale data breach on May 19 this year, compromising data from nine million customers. The data included email addresses, travel information, and, in certain cases, payment card information, according to reports. EasyJet also reported that 2,208 travelers’ credit card details were revealed.

    9. MGM Grand Data Breach

    MGM announced a data breach in February for about 10.6 million customers who stayed at MGM resorts. The data, which included personal information ranging from home addresses and contact details to driver’s licenses and passport numbers, appeared online.

    10. Marriott Data Breach

    In January this year, Marriott International faced a major data infringement. In January this year, Marriott International faced a major data infringement. Contact details such as name, mailing address, email address, and phone number were included in the information, as well as loyalty account information, and additional personal details such as business, gender, and birthday, day and month, relationships and affiliations, and so on.

    11. Nintendo Data Breach

    300,000 Nintendo Network ID accounts were compromised

    Nintendo, the Japanese video gaming giant, reported in April this year that by using unauthorized logins, 300,000 Nintendo Network ID accounts were compromised. The additional Nintendo Network ID (NNID) accounts that were compromised had their passwords reset, according to reports and the related users were directly contacted.

    Conclusion

    While our hope is eternal, with the rise in data insecurity, from exposed databases to phishing attempts, from malware to data leaks from third parties, the odds do not look good. In the first quarter of2020, an increase of 273 percent over the previous year was reported. Data breaches aren’t going anywhere and we’re here to keep you up-to-date on the worst data breaches of the year putting you at risk of identity theft.