In 2022, there was a surge of more than 4,100 publicly reported data breaches, exposing around 22 billion records.
According to the cyber security publication Security Magazine, the numbers for 2022 are predicted to be up to 5% higher.
Data breaches are forms of cyberattacks that occur when there is a leak of confidential, sensitive, and private data for the purpose of ill intent.
In this article, we list the top 10 cyber security news stories of 2022.
Which includes phishing, malware, and cyber-attacks, as well as data leaks and breaches.
You will learn about the data security incidents at Revolut, Twitter, Uber, and Rockstar in the following paragraphs.
10. More than 50,000 consumers’ information is exposed due to the Revolut data leak.
More than 50,000 users of the finance startup Rvoluolt had their personal data leaked, On September 11, 2022. This data breach allowed scammers access to Revolut. The incident involves a third party gaining access to Revolut’s database and 50,150 users’ personal data.
Names, residential and email addresses, and some payment card information was among the data obtained; however, Revolut has confirmed that card details were hidden.
Revolut took “rapid steps to eliminate the attacker’s access to the company’s client data and terminate the incident,” according to the Lithuanian authorities after it was detected.
9. SHEIN was penalized US$1.9 million for a data breach that affected 39 million consumers.
The state of New York fined Zoetop Business Company, the company that owns the fast fashion brands SHEIN and ROMWE, US$1.9 million in October for failing to report a data breach that affected 39 million customers.
In the July 2018 cyber security issue, SHEIN’s payment systems were improperly accessed by a malicious third party. The SHEIN payment processor contacted the company and disclosed that it had been “contacted by a large credit card network and a credit card issuing bank, each of which had information indicating that [Zoetop’s] system[s] have been compromised and card data stolen,” according to a statement released by the state of New York’s Attorney General’s office.
8. Data breaches involving student loans and Social Security numbers totaling 2.5 million
In June 2022, a data breach at student loan servicer Nelnet Servicing resulted in the disclosure of more than 2.5 million individuals’ private information.
On August 17, 2022, the inquiry came to the conclusion that from June until July 22, 2022, an unidentified third party had access to the student loan account registration data, which included names, home and email addresses, phone numbers, and social security numbers.
Nelnet Servicing informed law enforcement and the US Department of Education about this discovery.
7. Twitter says that information was taken from 5.4 million accounts.
On the hacking forum BreachForums in July 2022, a hacker using the handle “devil” announced that they were selling the data from 5.4 million Twitter accounts.
Email and phone numbers belonging to “celebrities, companies, randoms, and OGs” were among the stolen data. The term “OGs” describes Twitter handles that are short—one or two letters—or that contain a desirable screen name, such as a first name without any misspellings, numerals, or punctuation. According to the hacker ‘devil,’ they would not consider bids “lower than [$30,000]” for the database.
A Twitter vulnerability that was identified in January 2022 led to the data breach.
6. A hacker apparently targets Rockstar and Uber.
A hacker allegedly targeted Rockstar and Uber, two companies that make ride-sharing and video games, between September 15 and 19, 2022.
As a result of a contractor’s computer being infected with malware and their login credentials being sold on the dark web, Uber’s internal servers were accessed on September 15th. The hacker gained access to numerous more employee accounts, granting them the use of numerous corporate tools. The hacker then published a message to a public Slack channel for the business and changed Uber’s Open DNS settings so that some internal websites showed a graphic picture to employees.
On September 19, 2022, it was revealed that Rockstar Games, the company behind the Grand Theft Auto (GTA) video game franchise, had been hacked.
On the Grand Theft Auto fan site GTAForums, “teapotuberhacker” posted: “Here are 90 footage/clips from GTA 6. I might soon release more information, including the GTA 5 and 6 source code and assets, as well as the GTA 6 testing build.
The hacker stated in the post’s comments that they had “downloaded [the gameplay footage] from Slack” by breaking into a channel meant for discussing the game.
Through a “network incursion,” according to a statement released by Rockstar Games via Twitter, an unauthorized third party was able to “illegally access and extract confidential material from [its] systems,” including the stolen GTA 6 footage.
Let Us dig Into The Top 5
5. Information on 9.7 million people was stolen in the Medibank data breach
Australian healthcare and insurance company Medibank discovered some “strange behavior” on its internal systems on October 13, 2022. The malevolent party then got in touch with the business on October 17 with the intention of “negotiating with the [healthcare] company on their purported removal of client data.” But Medibank made it clear that it would not give in to the hacker’s demands.
On November 7, Medibank disclosed the full scope of the attack.
They noted that the hostile actor had illegally accessed 9.7 million previous and present customers’ data and stolen it. The data includes private and personally identifying details about medical procedures, including codes linked to diagnoses and prescribed operations.
On November 9, 2022, the hacker published files including customer data labeled “good-list” and “naughty-list” after Medibank’s continuing unwillingness to pay a ransom.
According to reports, the alleged “naughty-list” contained information on those who had sought medical attention for eating problems, drug or alcohol addiction, or HIV.
On November 10, they uploaded a file with the label “abortions” to a website supported by the Russian ransomware organization REvil. This file appeared to contain details on treatments that policyholders have reportedly claimed on, such as miscarriages, terminations, and ectopic pregnancies.
4. A hacker tries to sell 500 million WhatsApp users’ data on the dark web
On November 16, 2022, a hacker uploaded a file to Breach Forums that purported to include the most recent personal data for 487 million WhatsApp users in 84 different countries.
The alleged hacker claimed in the article that those who purchased the information would get “very recent cellphone numbers” of WhatsApp users. The information for 32 million US users, 11 million UK users, and 6 million German users is allegedly contained in the 487 million records, according to the bad actor.
The hacker just stated that they had “applied their method” to get such a significant amount of user data; they made no mention of how they had done so.
3. The Optus data breach exposed 11 million people’s personal and medical information.
On September 22, 2022, the Australian telecommunications company Optus experienced a major data breach that allowed unauthorized access to the personal information of 11 million consumers.
Customers’ names, birth dates, phone numbers, email addresses, residential addresses, driver’s license and/or passport numbers, and Medicare ID numbers were among the data accessed.
After Optus declined to pay a ransom demand made by the hacker, files containing this private information were shared on a hacking forum. The alleged hacker allegedly contacted the victims and demanded payment of AU$2,000 (US$1,300) or else their data would be sold to other nefarious parties.
2. A hacking forum exposed more than 1.2 million credit card data.
Carding markets are dark web sites where individuals trade credit card information that has been stolen in exchange for financial wrongdoing, which typically involves huge sums of money. BidenCash, a carding marketplace, freely provided information of 1.2 million credit cards on October 12, 2022.
Along with other information required to conduct online purchases, a file put on the website included information on credit cards that would expire between 2023 and 2026.
In order to promote the website, BidenCash already disclosed the information on thousands of credit cards in June 2022. Some cyber security experts hypothesized that this fresh disclosure of data might be another attempt at advertising since the carding marketplace had been forced to create new URLs in September three months earlier as a result of numerous DDoS attacks.
1. Twitter is accused of hiding a data breach that has millions of people affected.
Chad Loder, a cyber security expert located in Los Angeles, posted a warning on November 23, 2022, about a data breach at the social media platform Twitter that had purportedly affected “millions” throughout the US and EU. According to Loder, the data breach “has not been reported before” and happened “no earlier than 2021.” In July 2022, Twitter had already acknowledged a data breach that had compromised millions of user accounts.
But according to Loder, unless the firm “lied” about the July breach, this “cannot” be the same breach as the one they reported on. Loder claims that because the data from the November breach is in a “totally different format” and includes “different affected accounts,” it is “not the same data” as that from the July hack. According to Loder, the breach was caused by bad actors who used the same vulnerability as the hack that was revealed in July.
All this information was put together not to scare you, But to sensitize you about the need to protect yourself from these data breaches.
Tell us what you think about these data breaches in the comment section.
