Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The worst security SNAFUs this year (so far!)

Ellen Messmer | July 16, 2014
From denial-of-service attacks to cyber-espionage to just plain old human flubs, network security SNAFUS abound.

Security SNAFUs? How bad is it so far this year? Well, let's start with Snapchat's 4.6 million user database SNAFU, followed by a parade of retail stores including Neiman Marcus and Sally Beauty Holdings, telling their customers how their payment card information had been hacked. The hacker group Syrian Electronic Army was also busy tormenting Microsoft, among many others. And there's plenty of other mischief, such as denial-of-service attacks and cyber-espionage to round out what's only the first half of the year.

JANUARY

In the first few days of the year, gaming sites, including Steam, were hit by multiple denial-of-service attacks, with some blaming irate players.

In other New Year mayhem, malware being inadvertently served up via Yahoo's advertising network, mainly in the countries of Romania, Great Britain and France. Yahoo said it took steps to block the malvertising attack.

Snapchat, the photo app and delivery service, suffered a security gap that resulted in the phone numbers and usernames of up to 4.6 million accounts being downloaded by a site called SnapchatDB.info. Snapchat called the incident "no big deal," but would try to make it more difficult to do.

The high-end store Neiman Marcus acknowledged hackers had stolen information related to about 1.1 million payment cards of its customers, and the company's senior vice president and CIO Michael Kingston had to testify about the malware-based cyberattack before Congress.

The Syrian Electronic Army, the hacker group believed to be loyal to Syrian President al_Assad, continued its attacks, hacking the official Facebook and Twitter pages of Skype and the website's blog telling users not to use Microsoft's e-mail service Outlook claiming Microsoft sells user information to the government. The Syrian hacker group also hacked @XboxSupport Twitter pages, and the official Microsoft Office Blog. Besides Microsoft, it also hit CNN by hacking the official Twitter account and posting messages of the Syrian flag, which CNN quickly removed. Later in the year, the hacker group also hacked the websites of eBay and Paypal UK, the DNS of Facebook which Facebook quickly restored, and the Forbes website and their Twitter accounts, among others.

FEBRUARY

AIG's Variable Annuity Life Insurance Company disclosed information related to 774,723 customers had been taken on a hard drive by a former financial advisor arrested by law enforcement last September and being criminally prosecuted.

The University of Maryland suffered two breaches, the worst one in February when hackers stole personal data related to 307,079 individuals from a records database. Brian Voss, the U-MD CIO, was quoted as saying the hackers had a "very significant understanding" of the school's network security and "these people picked through several locks to get to the data."

 

1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.