IT Security & Network Security News & Reviews: Top Hacks, Breaches and Compromises of 2010 (So Far)
Top Hacks, Breaches and Compromises of 2010 (So Far)
AT&T Hack Exposes E-Mail Addresses
In June, researchers at Goatse Security uncovered a flaw on AT&T's Website and used it to get their hands on 114,000 e-mail addresses belonging to Apple iPad 3G owners. AT&T was not pleased, and the FBIlaunched an investigation.
Thieves Hit ECMC
Underscoring the intersection of IT security and physical security, an old-fashioned theft of two safes from the Education Credit Management Corporation endangered personal information belonging to 3.1million college students. Inside the safes were nearly 650 disks with student information belonging to the corporation, which services and insures college loans. The safes were recovered by police in Minnesota along with what is believed to be all of the disks.
Hackers Tomahawk Apache
Armed with a cross-site scripting vulnerability and a Tiny URL redirect, hackers targeted the open-source Apache Foundation and swiped passwords from the server hosting software Apache uses to track issues and requests.
Pirate Bay Heist
Argentinian hacker Ch Russo and two associates used numerous SQL injection vulnerabilities in the popular file-sharing Website
A business logic flaw in a third-party program used by health insurer WellPoint opened up 470,000 customer records for exposure. Though the glitch was fixed in March, the company reportedly only learned of the vulnerability when a California customer sued after discovering she could get confidential information about other customers by manipulating Web addresses used in the program.
iTunes Accounts Compromised
Not exactly a hack, but a compromise nonetheless. Security pros believe that 400 phished accounts were used by an iPhone app developer to fraudulently purchase his programs from the Apple App Store and boosttheir popularity ratings.
Digital River Hack
Records for nearly 200,000 people were swiped from the servers of e-commerce company Digital River. The information included names, e-mail addresses and other data originally gathered by companies offering affiliated marketing programs. In May, the company got a court order to stop a New York man from selling, altering or destroying the data after he was caught trying to sell the information to a marketing firm for$500,000.
In April, the Department of Social Services in Virginia Beach, Va., revealed eight employees were fired or disciplined over the previous year for accessing confidential information about former employees, family members and clients. The violations ran the gamut from a boss who forced her employees to gather information from a state database about her husband's child to a worker who checked the status of a dead client's Medicaid benefits.
When Google announced in January it had been breached, it touched off months of controversy and accusations that reached around the world. The cyber-attack is believed to have run from mid-2009 to that December. The attack also affected dozens of other organizations, including Adobe Systems and Juniper Networks.