Biggest Data Breaches of 2013

8,060 views
7,902 views

Published on

Year 2013. will definitely be remembered as year with largest number of data breach incidents. Some incidents are already recognized as synonyms for word breach:

1. Edward Snowden vs. NSA
2. Adobe - 150 million records exposed
3. Target - 110 million records exposed

Moreover, year 2013. had almost double the number of breaches from 2011., totaling amount of 822 million data breaches.

In my presentation, I tried to illustrate and point out most important facts about those breaches.

Hope you'll like it - feel free to share!

Mihajlo Prerad

Published in: Technology
1 Comment
6 Likes
Statistics
Notes
No Downloads
Views
Total views
8,060
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
3
Comments
1
Likes
6
Embeds 0
No embeds

No notes for slide

Biggest Data Breaches of 2013

  1. 1. YEAR OF THE BREACH @appnetsecurity linkedin.com/in/mprerad mprerad@gmail.com
  2. 2. 1993.
  3. 3. 1993. 2013.
  4. 4. 2164 Data breach incidents
  5. 5. 2164 Data breach incidents 60% HACKING
  6. 6. 2164 Data breach incidents 60% HACKING 71.2% EXTERNAL
  7. 7. 2164 Data breach incidents 60% HACKING 71.2% EXTERNAL 822 MILLION DATA RECORDS STOLEN IN 2013
  8. 8. THAT‘S ABOUT 1/9 OF WORLD POPULATION IN 2013 ONLY
  9. 9. 96.8% of all exposed records involved outside the organization activity
  10. 10. 540+ MILLION OF RECORDS EXPOSED NEARLY 1/2 OF INCIDENTS 66.5% of ALL exposed records
  11. 11. 369 million exposed records
  12. 12. TOP 5 BREACHES OF 2013
  13. 13. “ There are only two types of companies: those that have been hacked and those that will be hacked.” Robert S. Mueller, III Director, FBI
  14. 14. LARGEST DATA BREACHES OF 2013
  15. 15. Biggest breach in history 152+ MILLION username + hash password combo 2.8+ MILLION credit card information + source code leak
  16. 16. 110+ MILLION RECORDS EXPOSED 70+ MILLION NAMES, EMAILS, PHONES 40+ MILLION CREDIT/DEBIT CARDS
  17. 17. 58+ MILLION names, encrypted passwords, emails
  18. 18. 54 MILLION ID‘s, addresses, names “in two hours hackers downloaded all the information.” 70% of whole Turkish population Hacked system (for Database and website Management) didn’t have ANY security product installed.
  19. 19. 50+ MILLION names, encrypted passwords, emails
  20. 20. 50+ MILLION names, encrypted passwords, emails, date of birth Good Job: credit card info stored on separate system Bad Job: SHA1 hashing algorithm used – low protection
  21. 21. 42 MILLION name, encrypted password, emails, birthday * 56 Homeland Security Dept. employees
  22. 22. 22 MILLION user ID‘s (login), no passwords stolen No real big value, except possible SPAM or selling database of emails
  23. 23. 20+ MILLION emails, physical address, phones * data stolen from hotel reservations
  24. 24. 6 MILLION email and/or phone number Bug in DYI (Download Your Information) feature Allowed downloading contacts from friends Facebook keeping it as small story as possible outcome is companies blocking access to FB from work again
  25. 25. 4.6 MILLION Usernames and phone numbers Announced on 31st December, soon after declining Facebook offer. Coincidence?
  26. 26. 4+ MILLION username and password combo No credit card data stolen, stated by Groupon Taiwan
  27. 27. 2nd largest HIPAA breach ever reported to HHS 4+ MILLION names, addresses, social security number, date of birth How? 4 unencrypted computers were stolen from HQ
  28. 28. 2.4 MILLION social security numbers, bank accounts, drivers licenses. Waited 7 months to notify affected persons!
  29. 29. 2.4 MILLION full credit card details Started by infecting PC‘s with Malware! It will cost Schnucks several millions of $$$
  30. 30. 2 MILLION names, addresses, ID‘s, bank details, phone numbers INSIDER INTRUSION!
  31. 31. „PONY“ BOTNET ATTACK 2+ MILLION username, passwords 318.121 70.532 59.549 21.708 Keystroke logging used
  32. 32. 1.82 MILLION username, password, email
  33. 33. by exploiting Adobe’s ColdFusion app server 1 MILLION drivers license numbers, names 160.000 social security numbers
  34. 34. 1+ MILLION usernames, emails, hashed passwords Infected through 3rd party software
  35. 35. 860.000+ usernames, emails, hashed passwords Zero Day Remote Code Execution “We found a critical vulnerability in all vBulletin versions 4.x.x and 5.х.x. and have successfully uploaded our shell on the official vBulletin server and dumped their database after getting root access. ”
  36. 36. Critical breach! 850.000 credit card numbers, expiry dates and associated names and addresses 241.000 high or no-limit American Express including Fortune 500 CEOs and A-list celebrities
  37. 37. 465.000 unknown portion of data Data of card holders leaked through temporay unencrypted log file
  38. 38. 300.000 names, email addresses, passwords, phone numbers Hackers tried to BLACKMAIL company asking for $50.000 for stolen data
  39. 39. 250.000 usernames, emails, passwords
  40. 40. 100.000+ usernames, emails, addresses Researcher hack, not real threat
  41. 41. BUT...
  42. 42. 1 EVENT BECAME HISTORY
  43. 43. ...AND 1 BECAME FUNNIEST  * Anonymous hacked North Korean websites, twitter, flickr...
  44. 44. 1 HACKER GROUP WAS VERY ACTIVE
  45. 45. Hacked by Syrian Electronic Army
  46. 46. Let me remind you of... Biggest incidents in 2011/2012
  47. 47. 2.5 BILLION TOTAL NUMBER OF STOLEN RECORDS * in history
  48. 48. THAT‘S ABOUT POPULATION OF + India China
  49. 49. SEE WORLD‘S BIGGEST DATA BREACHES VISUALIZED http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  50. 50. HAVE YOU BEEN HACKED ???
  51. 51. Mihajlo Prerad slideshare.net/mprerad @appnetsecurity linkedin.com/in/mprerad mprerad@gmail.com
  52. 52. Thank You!

×