IT Security & Network Security News & Reviews: Top Hacks, Breaches and Compromises of 2010 (So Far)

 
 
By Brian Prince  |  Posted 2010-07-26
 
 
 

Top Hacks, Breaches and Compromises of 2010 (So Far)

 

Top Hacks, Breaches and Compromises of 2010 (So Far)

AT&T Hack Exposes E-Mail Addresses

In June, researchers at Goatse Security uncovered a flaw on AT&T's Website and used it to get their hands on 114,000 e-mail addresses belonging to Apple iPad 3G owners. AT&T was not pleased, and the FBIlaunched an investigation.

AT&T Hack Exposes E-Mail Addresses

Thieves Hit ECMC

Underscoring the intersection of IT security and physical security, an old-fashioned theft of two safes from the Education Credit Management Corporation endangered personal information belonging to 3.1million college students. Inside the safes were nearly 650 disks with student information belonging to the corporation, which services and insures college loans. The safes were recovered by police in Minnesota along with what is believed to be all of the disks.

Thieves Hit ECMC

Hackers Tomahawk Apache

Armed with a cross-site scripting vulnerability and a Tiny URL redirect, hackers targeted the open-source Apache Foundation and swiped passwords from the server hosting software Apache uses to track issues and requests.

Hackers Tomahawk Apache

Pirate Bay Heist

Argentinian hacker Ch Russo and two associates used numerous SQL injection vulnerabilities in the popular file-sharing Website to access the user database, exposing e-mails, user names and IP address information for more than 4 million users. Russo said neither he nor his cohorts did anything to alter ordelete information in the database.

Pirate Bay Heist

WellPoint Breach

A business logic flaw in a third-party program used by health insurer WellPoint opened up 470,000 customer records for exposure. Though the glitch was fixed in March, the company reportedly only learned of the vulnerability when a California customer sued after discovering she could get confidential information about other customers by manipulating Web addresses used in the program.

WellPoint Breach

iTunes Accounts Compromised

Not exactly a hack, but a compromise nonetheless. Security pros believe that 400 phished accounts were used by an iPhone app developer to fraudulently purchase his programs from the Apple App Store and boosttheir popularity ratings.

iTunes Accounts Compromised

Digital River Hack

Records for nearly 200,000 people were swiped from the servers of e-commerce company Digital River. The information included names, e-mail addresses and other data originally gathered by companies offering affiliated marketing programs. In May, the company got a court order to stop a New York man from selling, altering or destroying the data after he was caught trying to sell the information to a marketing firm for$500,000.

Digital River Hack

Abusing Privileges

In April, the Department of Social Services in Virginia Beach, Va., revealed eight employees were fired or disciplined over the previous year for accessing confidential information about former employees, family members and clients. The violations ran the gamut from a boss who forced her employees to gather information from a state database about her husband's child to a worker who checked the status of a dead client's Medicaid benefits.

Abusing Privileges

Aurora Attack

When Google announced in January it had been breached, it touched off months of controversy and accusations that reached around the world. The cyber-attack is believed to have run from mid-2009 to that December. The attack also affected dozens of other organizations, including Adobe Systems and Juniper Networks.

Aurora Attack

Rocket Fuel