Three recent website security breaches that occurred within the past 2 years, that I’ll discuss and analyze in this article are ones that occurred affecting the popular websites or web apps of Uber, Equifax, and Adult Friend Finder. I’ll discuss each of the websites or web apps security breach story, what was the actual security mishap that took place, as well as what type of security concern was the posed threat; I’ll also come up with possible solutions to protect itself or customers in the future.
Uber; where in 2016 a couple of hackers stole information such as names, email addresses, phone numbers and more from a third-party server, where they found access to via a public github repo that was said to have credentials to Ubers AWS server within. “The hackers were able to access Uber’s GitHub account, where they found username and password credentials to Uber’s AWS account. Those credentials should never have been on GitHub.” points out author Taylor Armerding in his relevant article on the topic titled ‘The 17 biggest data breaches of the 21st century’. “Uber disclosed Tuesday that hackers had stolen 57 million driver and rider accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom.” revealed Mike Issac of the New York Times. Obviously the threat here is not wanting personal and private information such as addresses and more to the public; and also how that could correlate to later obtaining credit card information. A solution to this security breach would be keeping sensitive data, especially credentials, off of the internet, let alone public social websites.
Equifax; “Equifax, one of the largest credit bureaus in the U.S., said on Sept. 7, 2017 that an application vulnerability on one of their websites led to a data breach that exposed about 147.9 million consumers. The breach was discovered on July 29, but the company says that it likely started in mid-May.” exclaims Taylor Armerding, author of article on the topic titled ‘The 17 biggest data breaches of the 21st century’. Additionally, Forbes writes; “Included among files accessed by hackers was a treasure trove of personal data: names, dates of birth, Social Security numbers, addresses.”, this is obviously concerning because information as sensitive as SSN’s were taken. The cause was allegedly, a legacy code base that had vulnerabilities within it; presumably accessed in a similar way as the Uber breach and or Friend finders.
Adult Friend Finder; experienced a very large breach, allegedly via their SQL databases, using weak and outdated cryptography methods; “Most of the passwords were protected only by the weak SHA-1 hashing algorithm, which meant that 99 percent of them had been cracked by the time LeakedSource.com published its analysis of the entire data set on November 14.” as written in Taylor Armerding’s same article published on csoonline.com. “The attack on Friend Finder Networks is the second in as many years. The company, based in California and with offices in Florida, was hacked last year, exposing almost 4 million accounts, which contained sensitive information, including sexual preferences and whether a user was looking for an extramarital affair.” illustrates Zack Whittaker on the seriousness of the breach on an article posted on zdnet.com. A solution could be using updated security procedures and practices pertaining to passwords and server authentications.
Armerding, T. (2018, January 26). The 17 biggest data breaches of the 21st century. Retrieved from https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html
Whittaker, Z. (2016, November 13). AdultFriendFinder network hack exposes 412 million accounts. Retrieved from https://www.zdnet.com/article/adultfriendfinder-network-hack-exposes-secrets-of-412-million-users/
Isaac, M., Benner, K., & Frenkel, S. (2017, November 21). Uber Hid 2016 Breach, Paying Hackers to Delete Stolen Data. Retrieved from https://www.nytimes.com/2017/11/21/technology/uber-hack.html
Mathews, L. (2017, September 08). Equifax Data Breach Impacts 143 Million Americans. Retrieved from https://www.forbes.com/sites/leemathews/2017/09/07/equifax-data-breach-impacts-143-million-americans/#677653a6356f