Five Major Hacks of 2016
February 2016: Million Dollar Spelling Mistake
In February of last year, anonymous cybercriminals broke into the central bank of Bangladesh. After transferring about $80 million US they attempted to transfer another $20 million to a Sri Lankan non-profit organization. Unfortunately, they misspelled the name of the fraudulent Shalika Foundation as Shalika “fandation.” This prompted one of the intermediary banks to notify the Bangladesh central bank of the unauthorized transaction, as they sought clarification of the spelling error. According to Reuters, “Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements. The transactions that were stopped totaled $850-$870 million.”
March 2016: LinkedIn
In March 2016 over 100 million LinkedIn account credentials were leaked on the internet. According to a blog post from the site’s Chief Information Security Officer Cory Scott, the stolen credentials were taken from a data breach back in 2012 and discovered four years later. In June 2012, the business-oriented social network discovered a breach affecting over 6 million user accounts. The company failed to account for the scope of the breach, so while these 6 million users were asked to reset their passwords, an additional 100 million compromised accounts were ignored until four years later.
May 2016: Tumblr
In May of last year Tumblr, a blogging and social network site, revealed that it had just discovered a data breach that occurred in 2013. The company refused to reveal the amount of users affected but security researches estimated the number of hacked accounts to be greater than 60 million. Attackers had access to the users’ email addresses and passwords. The company announced that “Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As a precaution, however, we will be requiring affected Tumblr users to set a new password.” Tumblr was purchased by Yahoo in 2013.
September 2016: Zombie Devices Crash Security Site
In September of last year a botnet was used to attack the website of one of our favorite security reporters, Brian Krebs, with a DDoS attack. A botnet is a group of devices, in this case cameras and video recorders, which have been hacked and controlled by a third party to collectively perform the same task. The task was a distributed denial-of-service (DDoS) attack which directs a large volume of superfluous traffic to a target website, slowing it down or forcing it to go offline by overwhelming its servers.
December 2016: Yahoo Users Say ‘Yikes!’
In addition to a data breach in September of 2016 which compromised half a billion email accounts, Yahoo disclosed another breach in December which may have affected more than one billion users. The breach went undetected since August 2013 when attackers stole user data including names, email addresses and passwords.