Pro wrestling giant WWE was recently the victim of a security breach leaked personal data for 3 million customers. Hackers reportedly gained access to the information after striking a database left unprotected on an Amazon cloud server. According to Forbes, residential addresses, ethnicity, earnings, and other personal details were included. As a day one subscriber of the WWE Network, I must admit that this is more than a little unsettling. But it’s also a perfect segue into our next post.
Without further ado, we rundown seven of the most dastardly cloud security breaches in history.
1. Microsoft
In late 2010, Microsoft experienced a breach that was traced back to a configuration issue within its Business Productivity Online Suite. The problem allowed non-authorized users of the cloud service to access employee contact info in their offline address books. Microsoft claims that customer had access to their data and that they fixed the issue two hours after it occured. While only a small number of users were affected, this incident is worth noting. It was not only the first significant cloud security breach, but a harbinger of things to come.
2. Dropbox
No one knew the severity of the breach cloud-based file sharing giant Dropbox announced back in 2012. In fact, it wasn’t until four years later that we learned what really happened. Hackers tapped into more than 68 million user accounts – email addresses and passwords included – representing nearly 5 gigabytes of data. But there’s more! Those stolen credentials reportedly made their way to a dark web marketplace – the price for them was bitcoins. At the time, this was equivalent to roughly $1,141. Dropbox responded by requesting a site-wide password reset from the user base. They also went into some generic spiel about its ongoing commitment to data security.
3. National Electoral Institute of Mexico
Elections and shenanigans usually go hand in hand. However, you can’t blame this next one on political chicanery. In April 2016, the National Electoral Institute of Mexico was the victim of a breach that saw over 93 million voter registration records compromised. Most of the records were lost due to a poorly configured database that made this confidential information publicly available to anyone. The icing on the cake came when we learned that the Institute was storing data on an insecure, illegally hosted Amazon cloud server outside of Mexico. Cue the silent head shake.
4. LinkedIn
Some guys have all the luck – or not. Business-focused social networking site LinkedIn felt the sting of cyber criminals when some 6 million user passwords were stolen then published on a Russian forum in 2012. Unfortunately its streak of bad luck was just getting started. In May 2016, hackers stole and posted for sale on the dark web an estimated 167 million LiknedIn email addresses and passwords. In addition to changing their passwords, LinkedIn implemented two-way authentication, an optional feature that makes you enter a pin code on your mobile device prior to logging in to the network.
5. Home Depot
DIY retailer Home Depot reminded us of the financial repercussions that may follow a major security breach. In 2014, an attack exploited the Home Depot point-of-sale terminals at the self-checkout lanes for months before someone finally detected it. The strategic onslaught affected 56 million credit card numbers, making it the biggest data breach of its kind at the time. Home Depot paid out well over a hundred million dollars in lawsuit settlements and compensation to the consumers and financial institutions affected by the incident.
6 Apple iCloud
Apple suffered what may be the largest high-profile cloud security breach due to the victims involved. Jennifer Lawrence and other celebrities had their private photos leaked online. Many of the victims initially thought that someone had hacked their individual phones. Instead, the iCloud service they used for personal storage had been compromised. In response, Apple urged users to employ stronger passwords and introduced a notification system that sends alerts when suspicious account activity is detected.
7. Yahoo
The web titans of today are using cloud infrastructures almost exclusively. That includes internet Pioneer Yahoo, who found itself on the wrong side of the history books. For whatever reason, it took the better part of three years to tally all the damage, but Yahoo finally disclosed the final numbers on the breach that occurred in 2013. Apparently more than one billion user accounts were compromised in the attack. This includes first and last names, email addresses, dates of birth, and questions and answers to security questions. This incident is on record as the largest data breach in history and unrelated to a separate incident that exposed 500 million accounts months prior.
Businesses have come to realize the cloud has both advantages and disadvantages as far as security is concerned. According to a recent study, security is ranked as both the primary benefit and biggest challenge of cloud computing for IT pros. I guess the moral of the story is that while there is plenty to love about it, addressing the security concerns is the only way to take full advantage of all the cloud has to offer.
