The aftermath: An analysis of recent security breaches
Every cybersecurity professional, no matter their role, knows that the worst-case security scenario for their employer is a security breach. However, with attacks and threats becoming more advanced and evolving, even experienced professionals at some of the world’s most successful organizations can fall victim to a cybersecurity breach.
Seeing new breaches in the headlines can seem a little discouraging at first, but learning more about the extent of these attacks, how they occurred and how some of the most successful security practitioners in the business deal with the aftermath can give you valuable insights for your education or career.
What should you learn next?
Security breach meaning
While a security breach may sound like a catch-all term for any successful attack, the term has some important implications. Not every cyber incident is a breach. A cyber breach is the next step beyond an an intrusion. The MITRE ATT&CK framework does a good job of highlighting all the steps that can occur after "Initial Access."
A breach is the confirmed sensitive data or information disclosure of a system, network or application to an unauthorized third party. Often, this is followed by the manipulation or theft of that data or information.
To learn more, read our article, What are cybersecurity breaches?
Recent cybersecurity breaches
1. Twitter zero-day vulnerability
- Date of breach: December 2021
- Type of breach: Data breach caused by API vulnerability
- Total users affected: 5,485,635
Due to a zero-day vulnerability that was exploited by a threat actor, over 5.4 million global Twitter users had their profile information illegally acquired, which was then sold to two other threat actors. The vulnerability was patched in January 2022, but by then, the email accounts and phone numbers of those users had already been exposed.
Though there were no specific instances noted, the phone numbers and email addresses of those users were left open to spearphishing attacks, and those using pseudonyms or trying to remain anonymous on the social media platform had their real identities exposed. Any high-profile or celebrity users affected in the zero-day security breach also had their private information exposed.
Twitter, now called X, had a limited response to the incident and didn’t acknowledge the breach until several months after it fixed the patch. News of the breach was followed by a former executive-turned-whistleblower decrying the company’s “negligent” cybersecurity practices.
2. Trygg-Hansa data breach
- Date of breach: October 2018 – February 2021
- Type of breach: Data exposure by backend database vulnerability
- Total users affected: 650,000
While, by definition, data was breached in this case, this wasn’t the result of an attack or threat but of an oversight that left the backdoor wide open. As an insurer, Swedish firm Trygg-Hansa kept tons of highly sensitive customer information in their backend database. However, one of their customers eventually pointed out to the Swedish Authority for Privacy Protection that all their private customer information could be accessed through a vulnerability in their client portal.
Trygg-Hansa sent quotation pages with a URL for specific client portal login pages that used that client’s member ID number. Since member ID numbers were sequential, changing a number in that one part of the URL gave anyone unauthorized access to a different client’s profile.
Among the information exposed were customer insurance details, social security numbers, financial information, personal data and health information. With such a long exposure period before Trygg-Hansa fixed the vulnerability, it’s hard to tell how many customers had their information illegally accessed; however, the Swedish Authority for Privacy Protection confirmed over 200 instances of this. In response to this cyber breach, they fined Trygg-Hansa $3 million.
3. Microsoft Azure SSRF vulnerabilities
- Date of breach: October 8 – December 2, 2022
- Type of breach: Server Side Request Forgery
- Affected: Potential security breach
Luckily, the vulnerabilities in four of Microsoft’s Azure services were exposed before a real security breach could occur. However, it’s a good example of how even the world’s leading tech giants are susceptible to potential cybersecurity breaches. While doing regular research, Orca Security found that Azure Machine Learning, Azure Functions, Azure API Management and Azure Digital Twins had vulnerabilities to SSRF attacks. What’s worse, two of those vulnerabilities didn’t even require authentication to access. If an actual attack had been carried out, hackers could’ve accessed user data and code for these cloud services. The saving grace was Microsoft’s SSRF mitigations, which prevented IMDS endpoint access.
Luckily, Orca reported these vulnerabilities to Microsoft, and the tech company patched them within weeks. No data was breached, but the cyber incident highlighted the need for frequent vulnerability and testing.
What should you learn next?
4. Slack’s GitHub account hack
- Date of breach: December 29, 2022
- Type of breach: Cyber attack resulting in code breach
- Affected: Slack employee tokens
In this security breach, a threat actor was able to violate the security of Slack’s GitHub account and download a subset of their private code. They did this by stealing Slack employee tokens used to access GitHub, but luckily, no primary code or user data was accessed in this hack. In response, Slack invalidated all their employee tokens for GitHub and reissued new ones.
Slack’s response to the hack was considerably quiet, as it came on the heels of an incident in August of the same year, where password hashes were accidentally leaked by the company.
5. Deezer data breach
- Date of breach: 2019
- Type of breach: Third-party cyberattack resulting in user data breach
- Total users affected: 228,000,000
The European streaming music service Deezer used a third-party service provider that experienced a breach attack, resulting in a snapshot of user data stolen. Among the data stolen were personal information, location data, email addresses, user IDs and registration dates.
Despite not working with the third-party provider since 2020, Deezer stated the snapshot was stolen in 2019 and undiscovered until the data appeared for sale on a breach forum on November 6, 2022. While Deezer is based in Europe, user data from around the world was breached.
In response, Deezer assured its users that, despite the third-party hack, their systems and databases remained secure. They informed their customers of the type of data leaked in the recent breach and recommended that they change their passwords to increase account security despite no reported leaked passwords.
They also reassured users and regulators that they did their due diligence when working with the unnamed third party, including vetting ISO 27001 and SOC 2 certifications, engaging in GDPR-compliant data protection agreements and obtaining certificates of data destruction. The security breach was never reported to Deezer by the third-party provider.
Common themes and lessons learned
These are just a small sample of recent breaches, but they highlight the various ways an organization can be breached — from zero-day exploits to insecure databases to third-party partners. Strengthening your organization’s network and information security is vital but ultimately not very useful if third-party service providers with access to your data don’t have a secure information security model in place. Auditing the security of companies you share data with can help you make informed decisions about whom to keep working with.
Another theme is the awareness and response each of these organizations had. The majority weren’t aware of a breach or vulnerability until it was brought to their attention by a user, a cybersecurity firm or the threat actor themselves. Creating a path for researchers and others to report issues can ensure those issues get addressed — before it becomes a messy breach.
Cybersecurity breaches often lead to significant issues, including legal and compliance issues, downtime, loss of customer trust, monetary fines and reputational damage. Creating response plans for various breach scenarios so you can be proactive rather than reactive can help shape public perception of the incident.
If you want to explore more breaches, check out the articles linked below.
More breach cases to study
- Forever 21 data breach and Android BadBazaar espionage
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- Airlines disclose pilot data breach and the Microsoft Teams bug
In this Series
- The aftermath: An analysis of recent security breaches
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
- Top 8 Microsoft Teams security issues
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security