Hacks and data breaches are nothing new, and there have been some high-profile cybersecurity breaches in the last few years. Ransomware attacks alone were estimated to cost around 6 trillion in 2021.
Here, we will discuss some of the most notorious account breaches and hacks in recent history, what lead to these attacks, and what we can learn from them.
In one of the most recent hacks, Mike Winklemann, who also goes by the name Beeple, is a well-known NFT artist and designer, was targeted by a scammer. The hackers gained access and posted two tweets from Beeple’s account, misleading his followers. According to Crypto Daily, a Tweet was broadcasted about an exclusive NFT drop with luxury brand Louis Vuitton. Later, another Tweet was sent advertising a set of exclusive NFTs for free by the artist. The Beeple Twitter posts were not genuine, and nearly half a million US dollars’ worth of crypto and NFTs were taken from users’ accounts due to the hack.
It is not difficult to understand why these bad actors chose Beeple for the account takeover. He is arguably the most recognized digital artist in the world, with the most expensive NFT of all time, which sold for over $60 million. The attack on Beeple’s Twitter, a type of account takeover fraud, happens when a scammer unlawfully enters an account to impersonate the account owner, gaining access to funds or accounts of people who fall victim to this targeted phishing attack.
A step you could take to keep your personal details safe is always to double-check URLs carefully. Scammers often use URLs that look legitimate but are facts. For example, a URL that is a fake may just be slightly misspelled in a phishing attempt to gain access to your credentials or personal data. Where possible, always enable two-step verification or authentication, which gives you another layer of security, and use a VPN for your devices.
Highlighting the importance of taking these measures is the fact that the recent Beeple hack is not the first of this kind of account takeover of a high-profile figure. Some other well-known victims have been Mark Zuckerberg, Elon Musk, and Jeff Bezos. Beeple gave some excellent advice on his Twitter following this incident, posting, “anything too good to be true is a scam.“
Yahoo Data Breach 2013
In December of 2016, it was publicly announced that 1 billion Yahoo user accounts were breached in 2013 and that hackers had accessed account information such as dates of birth, names, email addresses, phone numbers, and security questions and answers. In 2017 it was then announced that the security breach affected 3 billion Yahoo users. While no passwords or bank details were stolen, the information that was taken, such as security questions and answers, would be helpful for any hacker trying to access other accounts owned by the same user, as many Yahoo users have multiple accounts.
The telecommunications company by the name of Verizon bought Yahoo’s business for almost $4.5 billion. Before the major security breaches were announced, Yahoo originally intended to sell its business for $4.8 billion, but Verizon cut $350 million from its original offer due to the disclosure of the recent cyberattack. It is still unclear what exactly happened to this stolen data back in 2013, but in 2016, hackers in Eastern Europe put the stolen Yahoo info up for sale on the dark web, which was reportedly sold for $300,000 to known spammers. Unfortunately, this left Yahoo users vulnerable to having their other accounts hacked, as most people use the same passwords for numerous accounts.
Facebook Data Breaches 2019
Facebook has made headlines frequently over the past few years for its massive data breaches, and 2019 was an especially bad year in cybersecurity for the social media platform. The first of such data breaches occurred In March 2019, when it was uncovered that 2,000 employees at Facebook had access to millions of users’ passwords. The next incident was in April of the same year when Facebook users’ data was found on an unsecured public server.
One of the most significant attacks occurred in September 2019, when a breach of 419 Facebook accounts was discovered on an unsecured server. Later in December 2019, another Facebook breach happened, where 267 million profiles were discovered on the dark web. This was just one of several breaches by hackers located in Vietnam who put the personal details of these Facebook users up for sale. The total number of users affected by breaches in 2019 alone is more than 1 billion, highlighting the need to take responsibility for your own online security.
A number of the most recent hacks and breaches to make the headlines have been in the cryptocurrency world. Crypto.com was hacked back in January when 483 crypto wallets were breached, and around $33 million worth of various cryptocurrencies, including Bitcoin and Ethereum, were taken. The breach occurred when scammers bypassed the supposedly highly secure two-factor authentication. Initially, Crypto.com was hesitant to admit that there was a breach. However, they later admitted that crypto had been stolen and reimbursed their users.
Crypto.com is not alone, and numerous other cryptos have been targeted. As these technologies and relatively new digital currency continue to develop, vulnerabilities have also been exposed. In September 2019, KuCoin had a breach of $150 million worth of crypto after a significant cyberattack. More recently, in March 2022, Hubspot suffered a data breach, but this time the employees’ credentials were targeted by hackers. Even if these scammers did not access crypto wallet data, they accessed valuable information, including contacts and customer information. In this instance, the breach occurred due to potential human error, which unfortunately is often to blame for data breaches.
Remember that scammers are opportunistic but also sophisticated, using phishing techniques and exploiting security vulnerabilities. Social media, crypto, and gaming are big markets for such fraudsters. You can still enjoy scrolling through your favorite social media posts or buying on a crypto exchange; you might just want to make a habit of taking a few more security measures before logging in.