Share on Facebook Share on Twitter Share on Google+ Share on Reddit Share on Pinterest Share on Linkedin Share on Tumblr The year 2017 has been a year of the data breach, and expose of breaches in the past. Here is the list of biggest security breaches that happened or fully came to light in 2017.With great data comes great responsibilities. Biggest and Greatest firms have been on target of hackers around the globe and there have been massive data breaches that leaked photos, usernames, passwords, emails, addresses, phone numbers, credit card details etc.For your security and privacy you must go through following list, and if you had anything to do with these companies you must take precautionary measures right away.Following is the list of biggest data breach expose of 2017, starting from the largest data breach of them all. Yahoo Data BreachYear of Breach2013 (Exposed in October 2017)Data CompromisedUsername, passwords, emails, AccountsUser AffectedYahooAffected Company3 Billion (100 % of all Yahoo Users)Mode of AttackHacking, Phishing. Yahoo Data Breach is biggest data breach in the history till now, all of the 3 Billion user accounts were affected. Although the hack went down in 2013, it is on the list because the news was broken only in October 2017.Yahoo was acquired by Oath, a Verizon Subsidiary, in 2016. As a part of integration mandatory disclosure by Yahoo revealed that 1 Billion user accounts were compromised in the year 2013. As a due diligence, Verizon conducted a full 3rd party forensic review of the hack. The investigation by Verizon revealed that all 3 Billion user accounts were compromised by the Hack. Yahoo has since sending emails to all users who were affected to change passwords and security Questions.FOR YOUR ACTIONIf your account was among the hacked ones you need to take the following actionChange your Passwords immediately.Change passwords to linked accounts like Facebook, Twitter, Bank account etc.Switch to 2 Factor Authentication.If your social media or bank accounts are affected, If you noticed any unusual transaction that wasn’t done by you, immediately contact Bank and ask for a course of action. Kaspersky Hacked by Russia, NSA Data leaked.Year of Breach2014-16 (Exposed in October 2017)Data CompromisedSensitive Data (classified)User Affected Kaspersky, NSA-USAffected CompanyUnknown.Mode of AttackHacking. Wall Street Journal (WSJ) reported that Russia based company Kaspersky’s Data has been breached. The attack was targeted toward one single user. An NSA Contractor that has been using Kaspersky as an Antivirus Solution. The NSA Contractor was a Vietnamese national who was working on replacing hacking tools leaked by Edward Snowden. Somehow the Russian Hackers got a wind of contractor’s alignments and a massive amount of data was taken from his system.So, the issue is not straightforward, the report itself says that it got information from “unnamed sources”. It’s understandable that WSJ is trying to save its Informant. Perhaps the informant is trying to save itself, but it does take away credibility. However, the NSA confirmed that there has been a data transfer of otherwise unsuspecting files using Kaspersky, these files were not affected by any malware, Trojan or virus yet they have been transferred using a Russian Proxy. This indeed red-flagged Kaspersky.Kaspersky’s StandMr Eugene Kaspersky denied all allegation of the charges and maintained that Kaspersky is committed toward its users. In his Defence, he stated that they are constantly working in direction of making their product more secure. For securing the Kaspersky even more they conduct data breach contest, which helps them finding bugs in the software and securing it before any mishap. He claims that his company has become a casualty in the geopolitical cold war between USA and Russia.A Security researcher, “Tavis Ormandy”, revealed that Kaspersky had a vulnerability that can lead to an exploit for taking control of the Antivirus’ sandboxing features, that allows attaching a zip file to payload and Kaspersky will simply take it as a harmless file. Credit GoogleProjectZeroYou might also like Top 3 YouTube Hacks River City Media.Year of Breach2017Data CompromisedPersonal User Data, DNS Recodes, Hipchat logs, Business Data etc. River City MediaUser Affected1.4 BillionAffected CompanyRiver City MediaMode of AttackSpamming, Incompetence In March 2017, a group of Spammers, Running their operation by the name “River City Media” failed to properly protect their collection and consequently also managed to get it leaked into open Internet. River City Media had a massive accumulation of Data, collected by Spamming people. Not only these guys were spamming people and collecting data, they were not careful enough to protect their bounty.Since the River City Media is a marketing firm, like other firms of same nature they collect data through various means. A security researcher, Chris Vickery of MacKeeper found out about the leak and told the appropriate authorities before the leak could become nuclear. The data leak was due to bad backups, and the trackers and online search engines made their way through their backups. This data contained emails, Hipchat logs, domain registration records, accounting details, infrastructure planning, production notes, scripts, business affiliations, Credit History, Credit Card details etc. This event is now famous as “Spammergate”. Online Spambot.Year of BreachAugust 2017Data Compromised Personal User Data, DNS Recodes, Hipchat logs, Business Data.User AffectedAn independent Spambot operationAffected Company711 Million Records.Mode of Attack Spamming, Just like the River City Media breach, an online Spambot managed to get information of hundreds of millions of users. This Online Spambot breach has 711 million records. This Spambot has millions of user emails, with other data like passwords, uploaded on the Internet and it’s up for grabs. The maker of Spambot didn’t care much about securing the data. There are two files on the server, one file is 14 GB in Size while other is 150 MB. These two files reportedly contain 711 Million user data records. This issue was first notified by Security researchers, Mr Benkow and Mr Troy Hunt.Online SpamBot leak Credit Troy Hunt Deep Root Analytics.Year of BreachJune 2017Data Compromised Personal User Data, Voter List with Registrations, DOB, Home Addresses, Phone numbers etc.User Affected Republican National Committee, Deep Root AnalyticsAffected Company198 millionMode of Attack Hacking, Non-Security Measures In 2016, The Republican National Committee, (RNC) took services of an Analytics Firm, specializing in Geo-Political Demographical Interest based research. The Deep Root Analytics was tasked to perform analysis of Voter Interest. For the “research purposes“, the RNC provided the company with voter data of US Voters (somehow perfectly legal to do that!! ). But they were not careful enough, A Cyber Risk Analyst found out that a 1.2 TB of Dataset is publically accessible on Amazon Cloud Server. To worsen the situation remained unprotected for 14 days. There is no information how many people had accessed this data, but it was later secured. Blue Cross Blue Shield / Anthem.Year of Breach2017Data Compromised Personal User Data, DOB, SSN etc.User AffectedAmericas JobLinkAffected Company4.8 MillionMode of AttackHacking Anthem is a US Health Insurance Company. In 2015 Anthem suffered a massive Data Breach across their subsidies that ultimately affected 80 Million user records. Anthem data breach occurred across Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare brands. As soon as Anthem learned about the hack, they notified the FBI and took appropriate measures to minimize the impact of Data Breach. In 2017. Anthem settled for $ 115 Million as repercussions for the data breach. Dun& Bradstreet.Year of Breach2017Data Compromised Personal User Data, names, work email addresses, phone numbers, Business Data etc.User Affected Dun & Bradstreet, U.S. Department of Defense, the U.S. Postal Service, AT&T, Wal-Mart, and CVS HealthAffected Company33 MillionMode of AttackData Sharing Violation. In March 2017, Dun and Bradstreet, a business service company discovered their database on the open Internet. This database had 33 Million Corporate contact records. This information was leaked due to Data sharing violation, as the information was sold to companies across the country. Since the sheer size of the database was 52 GB, which indicates the massive amount of data. The Company had information about employees from organizations like US DOD, US Postal Services, AT & T, etc. Equifax.Year of BreachSeptember 2017Data Compromised Personal User Data, SSN, Driver License Numbers, Credit Card Details, DOB, Phone Numbers, Home Addresses etc.User Affected Equifax, US CitizensAffected Company143 MillionMode of AttackHacking Ironically dubbed as one of the worst data breaches in the history, the Equifax is among the three largest credit agencies in the USA. They amass citizen’s credit history and provide it to banks so that they can evaluate the city’s financial standing. So there is no need to say that Equifax has probably most valuable database about US Citizens. The Data that got stolen is highly sensitive, according to Equifax, the data included Credit Card History, SSN, Driver’s licenses, Date of Birth, Phone Numbers, and Home Addresses etc. The breach occurs between May to July by exploiting Equifax’s Website. Gmail.Year of Breach2017Data Compromised Email, Username, passwords.User AffectedGoogleAffected Company1 MillionMode of Attack Scamming, Phishing. About one million Gmail users were directly targeted in a scam using a third party App. This App gains access to accounts through with user’s consent. Users were getting an email that was made to look like they were from a user’s trusted contact. This email usually contains a link to Google Doc Sharing. Upon click, the link takes them to an online App that asks them to allow the app to manage their Gmail account. Once clicked the auth code was saved by the App and the attacker gets full access to victim’s Gmail account. The attack was however detected and ceased within an hour. According to Google about and notified the Million accounts were affected within one hour. It is not something you expect from Gmail, there are, however, legitimate apps that compromise your privacy all the time. America’s JobLink.Year of Breach2017Data Compromised Personal User Data, DOB, SSN etc.User AffectedAmericas JobLinkAffected Company4.8 MillionMode of AttackHacking America’s JobLink is an online Job Application aggregator that connects the job seekers and employers. The America’s JobLink was attacked by a single hacker who was able to exploit a misconfiguration in the application code. The Attacker gained access to personal information of 4.8 Million users during the hack. Since this information included SSN, DOB, Name, Addresses etc, the nature of breach is appaling. Deloitte.Year of BreachSeptember 2017Data Compromised Personal User Data, DNS Recodes, Hipchat logs, Business Data.User AffectedDeloitteAffected CompanyUndisclosedMode of Attack Spamming, Perhaps the most ironical and embarrassing hacks ever. The Deloitte brands itself as Best Cyber Security Consultant in the World. In September 2017, Deloitte was breached. Deloitte is an MNC with several Administrators around the company infrastructure. A hacker was able to exploit one of the Admin and gained his password. Since the two-factor authentication was not enabled on the Admin’s portal, the hacker gained full access to entire Deloitte global database. Deloitte maintained that attacker did not access user data, but a fraction of high profile client data was accessed.If you had accounts with any of above services then we suggest that you immediately switch to 2-factor authentication, and change all passwords. If you liked this article please do share it with friends and family. Subscribe to our blog for latest updates in Tech. Kedi RAT can steal your information and send it through GmailKedi Rat is a new Trojan that can steal your information and send it back home using Gmail. With advancement in knowledge resources, common people should also This attack is not new and adding to a long list of keeping themselves updated about new developments in online security.