The 5 big data breaches of 2020

Data breaches, no company is safe

It has been a difficult start to 2020 for many businesses. The threat of COVID-19 to companies and their sales has caused a lot of financial loss. However, businesses can’t forget that data breaches are still amongst one of the most common threats. Some of the most well-known firms have been attacked. Even the largest enterprises can be infiltrated.

Here are the 5 biggest names to have been breached in 2020.

ZOOM – 500,000 passwords stolen

The outbreak of COVID-19 had caused many people to start working from home. Because of this, ZOOM has become many worker’s choice of communication with their workplace. Unfortunately, half a million credentials have appeared online and for sale on the dark web. With the platform’s rapid expansion, hackers took the opportunity to take advantage of the site, gaining access to 500,000 passwords.

By using bots to input credentials from past data breaches into ZOOM on a mass scale, it only takes one bot to eventually find the right combination and gain access. Users are now being encouraged to use different passwords on their accounts. Prioritizing security over the convenience of having a single password for everything is important to keep data secure. The breach reinforces the importance of never using a password twice and serves as a warning to other businesses to always be aware of the risks of poor password management.

Nintendo – 300,000 accounts infiltrated

Earlier this year the gaming global giant Nintendo announced it had 140,000 of its user’s accounts breached. Now that total has come to 300,00 as the company claim that only 1% of all accounts with them were impacted by the data breach.

In a tweet on the 9^th of April, Nintendo encouraged its users to have 2-step verification for their accounts, making no reference in the tweet to the recent breach.  

The hack has seen Nintendo lose customer trust, with individuals on Twitter expressing their annoyance.

T-Mobile – Leaked customer data and financial information

A well-known service provider to have a data breach this year was T-Mobile, who had an email phishing attack in March. The attack was to an employee’s email account which gained the hacker access into the personal information of T-Mobile customers. The information at stake was not just names and phone numbers, but the billing information, addresses, and social security numbers also.

T-Mobile did release a statement on their website, explaining that they ‘regret that this incident occurred’ and were working to enhance their security to prevent similar events in the future. The company stated they were in the process of notifying affected customers and encouraged people to monitor their account statements, be aware of phishing and file a report to the police if they suspected they were a victim of identity theft.

GoDaddy – 28,000 customers affected

GoDaddy has been a popular web hosting site used by around 19 million people all over the world. Unfortunately, in a security incident that took place in October 2019, the company had strange activity on servers. This caused a discovery in April this year that a file had been unknowingly altered, meaning someone had unauthorized access.

In an article by BleepingComputer, the accounts affected have not had any evidence of modification yet. Soon after, a statement was released to customers by GoDaddy informing users their login information had been reset. Currently, the attack appears to be minor but does prove how a data breach can be unnoticed for a length of time before being caught.

In emails to customers, GoDaddy explained ‘the unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment’.

Estee Lauder – 440 million records compromised

A researcher from Security Discovery, Jeremiah Fowler, made a worrying discovery at the end of January this year. Famous cosmetic’s company, Estee Lauder, had a database which was not password protected, leaving it open for Jeremiah, and anyone else, to access it.

‘I could see audit logs that contained a large number of email addresses in each document’ – Jeremiah Fowler.

The database contained IP addresses, ports, and more but luckily this particular database did not include any customer data. As Jeremiah instantly notified the company when he made his discovery, it is unknown how long the database has been open and if anyone else has had access. Although the breach has been taken care of, it is unknown if a backlink was created. If it was, that the database could still be accessed, even after it has been password protected.

Hackers are becoming more sophisticated in their attempts to access data from businesses. Make sure your business is aware of the risks.

Learn more with Tips on Data Security.