BLOGDOG

Your personal cyber security and anti-hacking news

2014 – Year of the Hack

by: Omri Toppol
Why 2014 was a year of hacks, credit card faud, and online identity theft

2014 was a record-breaking year in terms of the number of cyber-attacks that took place and the amount of information that was stolen. 2014 hacks involved large corporations like eBay and Sony, and affected millions of people around the world.

We’ve rounded up the Top 2014 Hacks that changed the hacking landscape and gave us new reasons to find better ways to protect our information.

The Home Depot


The Home Depot
The hack:

The December 2013 data breach that affected some 70 million Target shoppers was still in the news in early 2014 as more details of the incident became known. In September 2014, Brian Krebs reported on Krebs on Security that a similar incident took place again, this time affecting The Home Depot customers. In his report, he wrote that the perpetrators behind the Home Depot hack may have been the same group that was behind the Target breach. In both instances, the cybercrime store Rescator was principally responsible for selling millions of stolen credit and debit cards. A day later, Krebs reported that nearly all U.S.-based Home Depot stores were affected.

The response:

The Home Depot did not initially confirm a breach, only stating that it was working with banking partners and law enforcement to investigate some “unusual activity.” However, within a week the store confirmed that their systems had been breached from April 2014 forward, and urged customers to closely monitor their accounts and take advantage of the free identity protection services it was offering.

What you can do:

Monitor your credit cards and bank accounts for any unauthorized transactions, and report unusual activity to your bank right away.


eBay 

eBay
The hack:

On May 21, eBay reported that their customer database had been compromised in late February and early March, affecting over 200 million users. According to a Lifehacker report, stolen information included “names, addresses, email addresses, phone numbers, birth dates, and of course, encrypted passwords.” Depending on how those passwords were encrypted, attackers could potentially break through security barriers to reveal password texts.

The response:

eBay alerted customers of the breach and prompted all users to change their passwords. In their statement, they explained that financial information such as credit card numbers had not been stolen, as eBay reportedly keeps these in a separate, encrypted database that had not been compromised.

What you can do:

Always change your password for any account type for which a breach has been reported. Use unique passwords for all of your account types, and use a password manager to keep track of them.


Sony 

The Interview
The hack:

In late November, Sony Pictures Entertainment underwent a massive attack by the hacker group Guardians for Peace. The stolen information, which continues to be leaked online in portions, includes employee salaries, medical health record information and social security numbers, as well as embarrassing internal communication regarding lay-offs and more. Also stolen were scripts and video files of unreleased films.

The response:

In a move that shocked the nation, Sony chose to cancel the release of its 2014 Christmas hit comedy “The Interview.” Some weeks later, after undergoing harsh criticism from moviegoers, filmmakers, and even President Barack Obama, Sony released the film across a relatively tiny number of theaters (only 300, as opposed to the nearly 3,000 that would have originally screened it) and on digital platforms such as YouTube.

What you can do:

Watch and enjoy “The Interview.”


Evernote & Feedly

 
feedly
The hack:

In early June, Evernote and Feedly both experienced cyber-attacks. While the attacks may have been unrelated, the two companies work largely in tandem, leading many to believe the intrusions were linked. Still, Feedly suffered worse than Evernote, with its service taken down for more than two days through a DDoS (Distributed Denial of Service) attack. According to a Forbes article on the incident, the hackers were attempting to extort money from the company, and these types of attacks are “rising in popularity.”

The response:

Feedly posted details of the attack on its blog on June 11, stating that no user data was compromised during the attack. Later the same day, an update that the attack had been neutralized was published. However, over the course of the following two days, the company experienced two more waves of DDoS attacks, which they succeeded in neutralizing. Feedly did not give in to extortion demands over the course of this attack.

What you can do:

Be patient when a service provider undergoes an attack, and keep your important information backed up for good measure.

Hackers Amass One Billion Passwords

 

Hacking
The hack:

In August, the New York Times reported that a hacking group out of Russia had amassed over one billion internet passwords, the largest known collection of stolen internet credentials. In light of this discovery, which was made by Milwaukee firm Hold Security, and other massive breaches that have recently taken place, “there is worry among some in the security community that keeping personal information out of the hands of thieves is increasingly a losing battle.”

The response:

According to The New York Times, data security breaches have become “larger, more frequent and more costly,” citing a study done by the Ponemon Institute showing that data breaches to companies today cost an average of $3.5 million. Moving forward, organizations of all types will need to take more serious measures to protect their information and their clients’ information.

What you can do:

Change your passwords regularly, and use strong passwords that include numbers, letters and symbols.


Dropbox


Dropbox
The hack:

On October 13, Business Insider reported that a Dropbox hack compromised 7 million usernames and passwords. Dropbox denied the attack, claiming that “usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox.” Still, the attack shed light on the danger of allowing third party access to accounts like Dropbox, which offers criminals an indirect way to access the private information they’re after.

The response:

Dropbox reassured users that it automatically resets passwords upon detecting suspicious login activity. It also encouraged users not to reuse passwords across services, and to enable 2-step verification.

What you can do:

Listen to Dropbox’s advice and use 2-step verification to make your information more difficult for criminals to access. Use LogDog to get alerts of any suspicious activity in your Dropbox account, and to take control of your account before a hacker does.

The service can be used across all devices and OS’s, so you’re always being protected. Here’s the Android and iOS  links for you to check out.


JPMorgan Chase Bank 

JPMorgan Chase
The hack:

During the summer, a data breach on JPMorgan Chase—the largest North American bank—affected 76 million households and 7 million small businesses. A New York Times report states that the hackers responsible for this attack “appeared to have obtained a list of the applications and programs that run on JPMorgan’s computers,” and used it to gain access into the bank’s systems. Compromised information included account holders’ names, addresses and phone numbers.

The response:

JPMorgan Chase stated that account information such as social security numbers and passwords had not been stolen. Still, this breach marked a shift in the belief that banks are safe from online assaults. As reported in the New York Times article, “even if no customer financial information was taken, the apparent breadth and depth of the JPMorgan attack shows how vulnerable Wall Street institutions are to cybercrime.”

What you can do:

Don’t assume your online banking practices are any more secure than your Facebook practices. Check your statements and transaction activities frequently, and report suspicious behavior immediately.


Snapchat 

Snapchat
The hack:

The alarming Snapchat hack of October 2014 led to 100,000 leaked photos and video files, including child pornography. Content shared by Snapchat users, most of whom are between ages 13 and 17, is supposed to be deleted within seconds. But the attack happened via a third-party site called Snapsaved.com, a web client for the Snapchat app that allowed Snapchat users to save photos and videos online. Apparently, users’ private materials (which were leaked along with their usernames) was stolen through this site over the course of years.

The response:

Snapchat received strong criticism for its lack of security. A CNN Money article pointed out a number of holes in Snapchat’s system that make user information vulnerable to theft. In a statement to Business Insider, Snapchat addressed some of these issues, stating they expressly prohibit use of third party apps to send and receive Snaps, and also underlined that their own servers were never breached.

What you can do:

When using any app to transmit personal information, always familiarize yourself with the app’s Terms of Use and know how and where your information may be saved.


iCloud 

iCloud
The hack:

The most serious breach to Apple took place in early September when private photographs belonging to over 100 A-list celebrities such as Jennifer Lawrence and Kirsten Dunst were published online. The targeted attack, in which phishing and brute-force tactics were used over a period of months, leaked nude photographs that eventually spread across a number of online channels including Reddit, Imgur and Tumblr.

The response:

A number of stars took to Twitter and other social media outlets to condemn the attack as well as those who view and comment on the leaked images. Security experts said the incident may have been avoided if users enabled two-factor authentication. Meanwhile, Apple denied fault over the hacked photos, stating that “None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.”

What you can do:

iPhones may automatically store photos online for up to 30 days or until they are downloaded. Be aware of where your photographs are stored and enable two-factor authentication to increase security.


Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.

Written by  Omri Toppol

Omri is LogDog's marketing guy. He is passionate about technology, digital marketing and helping online users to stay safe and secure

« | »

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Posts

Get Protected

Enter your email and receive security updates * 100% privacy guaranteed, we will never spam you.
Mobile Analytics