Security Incidents that shaped the world in 2018

Social media, the restaurant industry, credit reporting agencies – it looks like none of the industries were spared the impact of breaches in 2018. With the year reporting lesser breaches than 2017, it was still a whopping 945 breaches that led to a leakage of 4.5 billion records in the first half of 2018. (6 Months, 945 Data Breaches, 4.5 Billion Records) Along with breaches and hacks of 2018, there was a single regulation of ‘GDPR’ that impacted the security of organizations throughout the world. Let us first take a look at GDPR and the important breaches and hacks that shaped 2018.

GDPR:

With clichéd statements such as ‘Data is the new oil’, data privacy has definitely taken a hit. In the wake of this, the ‘GDPR’ or ‘Global Data Protection Regulation’ came into effect on May 25^th, 2018. GDPR aims to protect the citizens of EU from data breaches. It not only holds good for businesses operating in the EU but also to organizations processing data of EU citizens (even if those organizations are present outside the EU) Here are a few salient points of GDPR:

1. ‘data retention’(subjects decide how long their data can be held on organizations servers)
2. ‘right to access’ (subjects can ask how their data is being processed and they can also ask a copy of their data free of charge in electronic format)
3. ‘breach notification’(subjects have to be notified of a data breach within 72 hours of the breach)
4. ‘right to be forgotten’ (subjects can demand controllers of data to delete all data pertaining to them)

‘GDPR’ is the single most riveting regulation that has definitely redrawn the security map of many organizations in 2018 and will continue to do so in the future. Organizations that do not comply with GDPR face huge penalties.

Now let us have a look at the important breaches of 2018:

1. Facebook:

The social media giant suffered several security glitches in 2018. From fake news to politics to security glitches, Facebook was spinning in a security vortex in 2018. In May 2018, a security glitch saw 14 million users inadvertently have their posts settings to ‘public’. This bug was eventually corrected on May 22^nd,  2018.

In our new era of being digitally social, there are over 2.2 billion users on Facebook and it is not easy securing the entire Facebook landscape.

Another attack on Facebook network in September 2018 exposed the personal information of 50 million users. Software flaws in Facebook’s systems also exposed the accounts of the top executives in Facebook such as Mark Zuckerberg and Sheryl Sandberg.

2. Quora:

The popular question and answer portal suffered its data breach in December 2018. 100 million users had their questions, answers, name, email addresses, encrypted passwords and data linked from other accounts compromised.

All users of Quora were immediately logged out and were asked re-login again with a new password.

3. Twitter:

Twitter did not suffer a data breach per-se, but in May 2018, it safely logged 330 million users out of their accounts, since it guessed that the users passwords might have been stored as plain text on its servers.

Normally, passwords are ‘hashed’ and stored on servers to avoid revealing the passwords directly. Twitter masked user passwords by the ‘brcypt’ function which was the industry standard. Due to a bug, the passwords were written “as is” in the internal log.

Even though there is no evidence that the passwords might have fallen into wrong hands, Twitter logged out all users and encouraged them to change their passwords and adopt other security measures.

4. Marriott hotels:

In November 2018, Marriott hotels stated that it too had fallen prey to a security breach. Its Starwood guest reservation system was hacked and sensitive information such as names, addresses, passport numbers, date of birth, gender and credit card information of about 500 million guests was exposed. The Starwood group includes Sheraton Hotels and Resorts, Le Meridien hotels and resorts, Westin hotels and resorts, and W Regis. The breach may have begun as early as 2014.

Marriott set up an informational website and a call center to help the victims of the cybersecurity fraud. In addition, customers could also avail of free monitoring service that could track if their personal information appeared on any social media site.

GDPR compliance:

In the wake of several breaches in 2018, all organizations are expected to be compliant with GDPR rules and regulations or pay hefty fines. In this regard, if Facebook is found to have violated GDPR rules and regulations, it is expected that it will be asked to pay about $1.63 billion by Ireland’s data protection commission. Similarly, Marriott could also face a fine of 20 million euros or 4% of its total annual turnover if it is found to have violated GDPR.

We have seen the breaches and security incidents that shaped our world in 2018 along with the most important regulation of 2018. How will 2019 be? Stay tuned for the next post…

AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst

“ Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train. “