Twitter Breach
130 high-profile Twitter accounts were hacked in July, including those of Bill Gates, Elon Mask and Jeff Bezos. This was allegedly masterminded by a 17-year old boy in Florida, whom monetised the hack by asking thousands of their Twitter followers for Bitcoins.
The attack was planned on Discord, a popular messaging application, and they would have gotten away with it, if the forum itself wasnโt hacked by another hacking group and contents published on the web, which included personal email addresses, Bitcoin accounts, and ultimately the hackersโ identities.
The โhackโ itself was not rocket science. Twitter employees were spear phished, and duped into providing access to internal systems and changing email addresses on accounts, which then let the perpetrators fire out Tweets at will, asking for Bitcoins. I mean, who wouldnโt want to give Jeff Bezos some Bitcoins? As one of the worldโs richest people, Twitter fans should have suspected something, but went ahead and gave โJeffโ some Bitcoins anyway.
Marriott Hotels Breach
OK, so this one was discovered in 2018, but what makes it a 2020 feature is the issuance of a ยฃ18.4m fine on Marriott Hotels, for failing to secure their systems, over a period from 2014 to 2018, during which hackers were inside their networks.
The other interesting piece, is that it wasnโt Marriott Hotels per se, but Starwood Hotels Group, which was purchased by Marriott Hotels. It seems along the way, theyโd also unwittingly purchased the services of several hackers, that had been helping themselves to guestโs data over a 4-year period.
Always operate under the assumption youโve already been hacked, and carry out proper due diligence in any M&A activity.
British Airways Breach
Another example is British Airways breach which happened a few years ago. I know itโs 2020, but itโs been interesting to look at the evolution of what happened. As you know back in 2018 there was a breach detected, but nobody knows the exact details, except the threat of a ยฃ183m fine to be imposed by the ICO.
This year, a ยฃ20m fine was announced, so naturally weโre keen to find out why the ICO didnโt use their full powers.
The breach itself was handled very well, and hackers locked out within a few weeks of discovery, however that didnโt stop them acquiring details of anybody that booked a flight during those few weeks, including credit card data and personal data.
Organisations handling larger volumes of data, should be making more effort to secure data, given the higher the data volume, the higher the risk of something going wrong, and the more likely the organisation be singled out for attack.
Contact us if you have any questions. We are here to help: contact@2-sec.com,ย +44 (0)20 7877 0060