From eBay details to Twitter handles, here are the largest attacks of the year so far.
Cyber security has never been more important for more companies than now, and the first half of 2014 has only served to demonstrate that fact. As we’re now deep into summer we thought it would be a good time to revisit the biggest hacks of this year. Well, so far, anyway.
In February and March the auction site eBay was hit by hackers who gained access to a database containing customer names, addresses, phone numbers, passwords and dates of birth. In total 145 million users were affected by the attack, making it one of the biggest in history.
For some time after the hack eBay took no action, which the firm was later criticised for. Justifying the delay, eBay president of marketplaces business Devin Wenig told Reuters: "For a very long period of time we did not believe that there was any eBay customer data compromised."
2) European Central Bank
Only a few weeks ago we learnt that the European Central Bank (ECB), the state bank of the European Union, had suffered a breach. While financially sensitive data was not taken, the contact information of event attendees was lost.
Keith Bird, managing director at security firm Check Point, said: "The European Central Bank was clearly unaware it had been infiltrated as it first found out when the attackers issued a ransom for the data they had obtained."
3) University of Maryland
The sort of data kept by schools make them ideal targets for hackers, as was proved when 300,000 records of staff and pupils were taken from the University of Maryland. Hackers made off with social security numbers, dates of birth, and university ID numbers, but no financial, academic or health data was taken.
In an interesting move, the university offered a year of free credit monitoring to those who had been affected. Alumni took to Twitter to register their dissatisfaction, with some asking that the monitoring service be extended for the rest of their lives
4) Montana Health Department
Not much data is considered to be as sensitive as health and welfare information, so imagine the panic when Montana’s Department of Public Health and Human Services was breached, with 1.3 million people said to have been affected.
Eyal Firstenberg, vice president of cyber research at security firm LightCyber, was outraged by the length of time between breach and discovery. "With no system in place to monitor the internal network in real-time, attackers are effectively allowed to explore, compromise and exploit the network at their leisure," he said.
5) Boxee TV
Users of Samsung’s online television service Boxee TV were alerted that data associated with their forum histories was circulating the net only when security researchers like Scott McIntyre found a public file online containing 158,000 user records from the site at the end of March.
Credit for the hack was claimed by someone called "ProbablyOnion" who said that he did it "mostly to make fun of Samsung, and whatnot. Plus, really, they’re running unsecure software and I’m still sitting with a backdoor on it, so really, they’ve learned nothing."
6) Michaels Stores
Though this attack dates back to May of 2013, the victims only discovered what was happening this January. According to Michaels Stores, an arts and crafts company, 2.6 million cards were exposed to the attack, which targeted point-of-sales units with malware.
Its subsidiary Aaron Brothers had also been affected, with 400,000 customers "potentially impacted" between June 2013 and February of this year. The company confirmed that it had received some reports of card and bank fraud as a result.
More than half a million customers were affected when criminals exposed customer data at 34 stores belonging to Spec’s, a food and drink outlet. Astonishingly the breach begun as early as Halloween of 2012, and continued for a year and a half.
The only relief was that less than 5% of the total transactions had been affected, according to the company. Following their discovery of the breach Spec’s decided to hire a private investigator, and enlisted the help of a "leading cyber security" company.
8) @N Twitter Handle
Though not a breach on the scale of others on this list, the theft of the vaunted Twitter handle @N shows the lengths some will go to obtain trivial intellectual property. The handle belongs to Naoki Hiroshima, creator of location sharing app Cocoyon, and was coveted enough that he once received an offer of $50,000 for it.
One day a hacker managed to take control of his PayPal and GoDaddy accounts, according to Hiroshima, before blackmailing the app creator into trading his Twitter name. Eventually Hiroshima had his Twitter account restored, with PayPal quibbling his version of events.