There’s no such thing as “too big to fail” these days, especially when it comes to . cybersecurity and cyberattacks Even the world’s biggest organizations aren’t immune to data breaches. They seem to have all the money and resources to invest in preventing hackers from compromising their systems, but recent history shows that whatever they are doing simply isn’t enough. The and data breaches are just a couple of high-profile attacks that made headlines within the past five years and there have been plenty of others. Sadly, 2018 has been no different. According to non-profit privacy advocate , are believed to have been exposed or compromised through breaches just this year. Yahoo! Equifax PRC over 1.35 billion records These attacks illustrate how relentless the nasty kind of hackers can be, especially given how little they have to gain. Financial and personal data may fetch only in the black market, but given that companies can have millions of these records stored, a breach of a sizable database could be a massive payday for attackers. a few dollars each Image source: https://www.mcafee.com/enterprise/en-us/security-awareness/hidden-data-economy.html Breaches also aren’t cheap to deal with, costing large companies on the average. So, it’s a wonder why they continue to commit lapses that leave their data vulnerable. millions of dollars Here are three big-name businesses that exposed their customers’ data in 2018. Facebook is the world’s biggest social platform. Based on its most recent figures, the company claims to have , with more than half using its product daily. Facebook 2.27 billion active users monthly Last September, hackers were able to in Facebook’s code allowing them to gain access to users’ personal information. A bug in Facebook’s “View As” feature, which lets users see how their profile pages look like to other users, allowed attackers to see all the data on a victim’s profile. Third-party websites that let users authenticate and log on using Facebook accounts were also reported to have possibly been affected. exploit errors Facebook has since patched the vulnerability and forced affected users to change passwords to prevent further exposure. Around 50 million users were estimated to have been affected by the breach who are now exposed to an increased risk of identity theft. This is the largest breach the company had experience since it was created back in 2004. Yet, this isn’t the only data-related issue that Facebook faced recently given its recent involving Cambridge Analytica. security scandal Under Armour Athletic apparel company has taken its place among the likes of and as the industry’s giants. It has since diversified into fitness tech, with the acquisition of fitness app . The app lets users set fitness goals, log their workout activities and meals and track their calorie intake. Under Armour Nike Adidas MyFitnessPal Last March, it was revealed that an unauthorized party had to the app’s database a month prior to the disclosure, potentially exposing the private information of 150 million users including their usernames, emails, and hashed passwords. gained access The company how its database was hacked, but it did state that not all user data were exposed as a result of the breach. For instance, credit card data shared by customers to the service to make purchases was not compromised. The app also doesn’t collect other identifiers such as social security and driver’s license numbers. has yet to reveal MyFitnessPal claims that most of the stolen passwords , which, when applied to lengthy and complex passwords, should result in a hash that will be difficult and time-consuming for attackers to crack. Unfortunately, some user passwords were still stored using weak SHA-1 encryption which are less secure and prone to decryption should the hackers make the effort. used the Bcrypt hashing function Tinder While Tinder wasn’t compromised directly, a third-party integration solution ended up being the weak link, which saw the popular dating app’s user data left for bare. , a mobile engagement solution used by many top shelf companies, had contained a cross-site scripting (XSS) flaw that was recently found in a Tinder subdomain used as part of Branch.io’s mobile traffic attribution mechanism. Branch.io Personal information of are estimated to have been exposed by the vulnerability. 685 million users XSS vulnerabilities are quite dangerous, since hackers can inject client-side scripts that can perform all sorts of malicious acts on victims. For instance, clicking on a link containing the affected subdomain may trigger scripts that could steal data or hijack systems. Given that that code is made to appear to come from a legitimate origin, attackers could even bypass access controls and gain deeper access into systems. News about the Branch.io flaw has been downplayed in mainstream news, but one can’t overlook the scale of the issue. Tinder is already to be working on fixing the issue. Unfortunately, the exposure was not limited to the dating service and appears to have affected other Branch.io users as well. Fortunately, there has been no reports yet where the flaw was actually exploited by malicious actors. reported The Future of Security It’s quite scary that even big companies are vulnerable to cyberattacks. These brands are popular, and they are bound to attract more customers who will share information with them. With big data comes big responsibilities. Cyberattacks are expected to grow even more rampant as hackers come up with more ingenious ways to breach systems. Companies should take all measures available to prevent the exposure of their customers’ information to malicious actors.
