This web site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To find out more and change your cookie settings, please view our cookie policy.

Search
  • Videos
  • Smart Cities
  • Windows 10
  • Cloud
  • Innovation
  • Security
  • Tech Pro
  • more
    • ZDNet Academy
    • Microsoft
    • Mobility
    • IoT
    • Hardware
    • Executive Guides
    • Best VPN Services
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
  • Newsletters
  • All Writers
    • Log In to ZDNET
    • Join ZDNet
    • About ZDNet
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Smart Cities
    • Windows 10
    • Cloud
    • Innovation
    • Security
    • Tech Pro
    • ZDNet Academy
    • Microsoft
    • Mobility
    • IoT
    • Hardware
    • Executive Guides
    • Best VPN Services
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
      • Log In to ZDNET
      • Join ZDNet
      • About ZDNet
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet China
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan
  • Dozens of data breaches, millions affected

    Dozens of data breaches, millions affected

    During 2012, almost every industry -- from banking to insurance, government departments and even security companies that help to protect against such attacks -- were hacked or breached and vast amounts of data siphoned off from company networks.

    Many of the successful attacks came from those part of or connected with hacking collective Anonymous, but not all. From Social Security record breaches to a year of poor company policies on password and user details protection, along with massive hacking attacks that gave the ordinary citizen an insight into the shady private intelligence world, here's a look back at some of the major hacks, leaks and breaches of the year. 

    • Read more:  A year in cybersecurity and cybercrime: 2012 review
    • Tech blunders, catastrophes and epic fails of 2012: review
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • January: Symantec Norton source code theft

    January: Symantec Norton source code theft

    In January, hackers breached a network belonging to the Indian intelligence service and acquired a vast amount of Symantec's Norton anti-virus source code. It was subsequently posted on Pastebin, often used by hackers to post leak data and source code anonymously.

    Symantec was quick to state that the source code does not reflect the firm's current work. By analyzing the anti-malware source code, malware writers would be able to find weaknesses in order to bypass the software and hijack machines for malicious purposes. It's understood that the Indian authorities intended to inspect the source code, which was stolen from an insecure network.

    • Read more: Symantec confirms hacker theft of Norton anti-virus source code
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • 24 million affected by Zappos hack

    24 million affected by Zappos hack

    Online retail store Zappos suffered a significant data breach that exposed the accounts of about 24 million. Security experts thought it was the largest consumer data breach of 2012.

    Amazon.com-owned Zappos said hackers attacked an internal corporate network through a Kentucky-based server, and swiped customer account information, including email addresses, the last four-digits of credit card details, and cryptographically scrambled passwords. 

    • Read more: Zappos hacked, 24 million affected
    • Zappos breach highlights fragile password, personal data security
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • February: Statfor hacked, Anonymous hands emails to Wikileaks

    February: Statfor hacked, Anonymous hands emails to Wikileaks

    Loose-knitted hacking collective Anonymous successfully attacked Stratfor, a private U.S. intelligence firm, and swiped around five million emails . The data was then handed to Wikileaks for later publication. The email cache included invoices and details of sources connected to news media outlets, and employees of governments located around the world.

    Once the full email cache was released, a controversy began when a number of Western Allied governments were accused of using TrapWire surveillance software . It was an overblown fear, not quite the 'global network of cameras' as suggested by a number of media outlets, but was nonetheless a potentially liberty-infringing network. 

    • Read more: Stratfor's 5m emails spilled by Wikileaks
    • Wikileaks uncovers TrapWire surveillance: FAQ
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • March: Global Payments hacked; MasterCard, Visa customers affected

    March: Global Payments hacked; MasterCard, Visa customers affected

    MasterCard and Visa customers were warned after a massive data breach that affected more than 1.5 million credit and debit card owners. While a hacker initially claimed responsibility for the data breach, it was quickly debunked by a source within the banking industry speaking to ZDNet.

    Global Payments, the company that was hit by the data breach, explained that only credit card numbers -- not names, addresses, or Social Security numbers -- but would ultimately cost the card processing firm around $84 million to clean up. 

    • Read more: Warning over 'massive' MasterCard, Visa security breach
    • Hacker claims mass bank breach; releases Visa, Mastercard data
    • Data breach to cost $84m for Global Payments
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • April: Anonymous attack Chinese Web sites, defense contracts stolen

    April: Anonymous attack Chinese Web sites, defense contracts stolen

    A hacker associated with hacktivist collective Anonymous posted thousands of internal documents claimed to be associated with the Chinese government, most notably defense contracts signed by the country.

    By hacking the Beijing-based China National Import & Export Corp. (CEIEC), the hacker was able to acquire and publish a range of contracts and business memos linked to the U.S. military, including many relating to the U.S.-led war effort in Afghanistan. The CEIEC denied the claims and called them "groundless" and "defamatory." 

    • Read more: CNET News: Anonymous hacks hundreds of Web sites in China
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • May: U.K. government caught snooping on citizen data

    May: U.K. government caught snooping on citizen data

    A U.K. government department was found snooping on citizen data and many civil servants were reprimanded for looking at medical records, National Insurance numbers, (the U.K. version of 'Social Security') and even criminal records, according to a series of Freedom of Information requests.

    Ultimately, it was found that there were 150 'breaches' of data security by staff at the U.K. Department for Work and Pensions, and the National Health Service (NHS)-running U.K. Department of Health over a 13-month period. 

    While the secure and confidential data may not have ended up in the hands of criminals or anyone outside of the department, it was a gross invasion of citizen privacy nonetheless. 

    • Read more: U.K. government staff caught snooping on citizen data
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • June: LinkedIn password breach affects 6.46 million users

    June: LinkedIn password breach affects 6.46 million users

    A Russian forum user claimed to have downloaded 6.46 million passwords belonging to LinkedIn users, though the stolen passwords were cryptographically hashed. However, many of those passwords weren't salted, meaning it was relatively easy to convert the simpler passwords into a readable format.

    LinkedIn shortly confirmed the data breach but did not explain how the passwords were accessed. Affected accounts were disabled and password reset emails were sent out. The later cleanup effort cost the professional social networking company around $1 million , and another $2-3 million in forensic work and security upgrades.

    • Read more: 6.46 million LinkedIn passwords leaked online
    • Breach clean-up cost LinkedIn nearly $1 million, another $2-3 million in upgrades
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • Password breach hits 1.5 million eHarmony users

    Password breach hits 1.5 million eHarmony users

    Only a few days after the LinkedIn breach, dating Web site eHarmony was hit with a similar attack that led to the exposure of 1.5 million hashed passwords. The firm's security practices were not as strong. Its security systems only saved the user's password -- despite some users owning multi-case passwords -- in upper-case characters only, further weakening the system.

    • Read more: Sex Tech: eHarmony password scandal
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • Last.fm next in line to suffer massive password breach

    Last.fm next in line to suffer massive password breach

    Next in line to suffer a security breach in June was Last.fm, which after claims of a similar attack on the online music social network. (ZDNet and Last.fm are both owned by CBS).

    It became quickly apparent that the incidents were linked, but led to further widespread criticism of the password encryption standards and security features offered by Web services. In the aftermath, many Web sites and services bolstered their security to prevent such breaches occurring again.

    • Read more: Last.fm investigating 'security issue', passwords leaked
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • July: Yahoo password breach exposes 450,000 user logins

    July: Yahoo password breach exposes 450,000 user logins

    Yahoo, beleaguered by corporate failures and a revolving door of CEOs, came under fire once again after hackers were able to attack the firm's networks by exploiting a flaw and downloading 450,000 plain-text login credentials .

    While the breach was not as large as others, such as LinkedIn or Global Payments, but details of the breach were soon reported and it became quickly apparent how easy it was to acquire the vast cache of data. Using a union-based SQL injection attack, it showed just how insecure Yahoo's security was.

    Yahoo was subsequently sued for negligence shortly after the hack in a San Jose, California court. The hackers said in a blog post: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat." A week later, the former Web portal giant gave the all clear and resumed its operations.

    • Read more: 450,000 user passwords leaked in Yahoo breach
    • Yahoo sued over stolen usernames and passwords
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • Nvidia developer forums hacked, company investigates

    Nvidia developer forums hacked, company investigates

    Graphics unit maker Nvidia suffered a relatively minor security breach that affected the firm's developer forums. Coming only a few weeks after the LinkedIn, eHarmony, and Last.fm password debacles, by comparison the breach was not as bad as those who suffered breaches earlier.

    The firm said that it had secured the hashed passwords with "random salt values" making it slightly more difficult for the passwords to be decrypted, but Nvidia still sent all of its forum users a temporary password that must be changed on first use.

    • Read more: Nvidia suffers data breach; investigation under way
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • Formspring password breach, mass password reset follows

    Formspring password breach, mass password reset follows

    Formspring was also next on the list of companies to be attacked and passwords stolen. As soon as the firm realized there had been a security breach , Formspring sent out an email to those affected asking them to change their password. 

    Around 420,000 password hashes were posted to a security forum, but username and other data were not submitted, making it almost impossible to do anything with. However, the form-based question firm used the SHA-256 algorithm to secure its user's accounts and passwords were hashed with random salts. Formspring now uses bcrypt in order to secure accounts even further.

    • Read more: Formspring resets millions of passwords amid breach
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • August: Dropbox hacked (again…)

    August: Dropbox hacked (again…)

    One of the world's most used cloud-storage services was attacked by hackers -- and not for the first time -- which led to spam messages being sent to email accounts used in some cases exclusively for Dropbox. The security community was quick to claim there had been a data breach, but Dropbox held off with any definitive answers for some days.

    Eventually, the firm said that usernames and passwords stolen from other sites, such as LinkedIn, eHarmony, and Last.fm, were used to gain access to some Dropbox accounts. Along with this, a stolen password was also used to access a Dropbox employee's account with passwords as part of an internal project.

    The firm then put in place additional security measures and has since implemented two-factor authentication, requiring two proofs of identity, such as those sent to your mobile device.

    • Read more: Dropbox gets hacked... again
    • CNET: Dropbox confirms it was hacked, offers users help
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • September: Apple's UDID leaks linked to Florida data breach, not FBI

    September: Apple's UDID leaks linked to Florida data breach, not FBI

    With the rollout of iOS 6 imminent, a wave of unique iOS-powered device codes (UDIDs) were stolen by Anonymous, allegedly from the FBI, and were uploaded to the Web. UDID codes are used by developers for analytics, but could also be used to personally identify users. There was enough suspicion to suggest either Apple had passed on the device codes for FBI surveillance, or the iPhone and iPad maker was forced to. It blew up a privacy brouhaha for close to a fortnight.

    Apple said, in a rare public statement , that the data had not been requested by the FBI or provided it to any organization. Eventually, after both Apple and the FBI denied any knowledge or involvement, a small company in Florida admitted to a data breach , which led to the UDID codes leaking to the Web. Apple's iOS 6 mobile operating system was rolled out only a few weeks later, which removed UDIDs from iOS-powered devices. 

    • Read more: AntiSec claims to have snatched 12M Apple device IDs from FBI
    • Apple: We didn't pass iPhone, iPad device IDs to FBI
    • Apple UDIDs leaked by Anonymous came from Florida firm, not FBI
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • October: Ghostshell hacks universities, massive data breach

    October: Ghostshell hacks universities, massive data breach

    Records from a number of prominent universities were made public after a Ghostshell hacker obtained more than 120,000 records and sets of data . Most of the data was SQL-related content.

    The leaked data contained more than 36,600 email addresses were identified and tens of thousands of university student, faculty, and staff names were disclosed. While the details of only one bank account were disclosed, much of the data included ethnic, nationality and other personally identifiable information, as well as a whole range of passwords.

    The Ghostshell group is known for its higher education agenda, with focus not limited to tuition fees and troubles in the post-graduation job market. 

    • Read more: GhostShell university hack: By the numbers
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • South Carolina suffers huge Social Security records theft

    South Carolina suffers huge Social Security records theft

    The state of South Carolina suffered a massive data loss of more than 3.6 million Social Security records , after government servers were breached. With a population of 4.6 million, this breach represented about 78 percent of the state's population. 16,000 credit card details were also stolen without encryption.

    The figure also included 670,000 businesses  affected by the data breach. It took close to three weeks before the hack came to light after U.S. Secret Service first received information regarding an incident on October 10, 2012.

    • Read more: South Carolina suffers theft of 3.6M social security numbers
    • Up to 657,000 businesses hit in South Carolina hack
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • Barnes & Noble credit card machines breached, card data stolen

    Barnes & Noble credit card machines breached, card data stolen

    Barnes & Noble had 63 stores hit -- including its flagship "world's largest bookstore" in New York City, after hackers stole vast amounts of credit card data from around the United States. The data was stolen from the credit card machines part of the 63 store's cash registers . A public letter said the book giant had disabled its 7,000 keypads in hundreds of its stores, despite only one store being hit in the successful hacking attack. 

    The hack was kept quiet for more than five weeks for the U.S. Justice Dept. and the FBI to investigate. Barnes & Noble said it was "working with banks, payment card brands and issuers" to identify any accounts that may have been compromised.

    • Read more: Hackers steal Barnes & Noble credit card numbers: 63 stores hit
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • November: Hacker leaks VMware ESX kernel source code to the Web

    November: Hacker leaks VMware ESX kernel source code to the Web

    More from Anonymous, as hackers associated with the collective leaked the VMware ESX Server's kernel source code to the Web. The 2MB file (compressed) was small in size but the independently verified source code was out in the open.

    Because kernel source code doesn't change much , "some core functionality still stays the same," the hacker said, indicating that users of the bare bones operating system-independent virtualization server could be at risk for future hacks. VMware said in a public statement that "more related files will be posted in the future," as the virtualization giant scrambled to update its platform to ensure its customers are secure.

    • Read more: Hacker leaks VMware ESX kernel source code online
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • December: Nationwide Mutual hacked, 1.1 million Americans affected

    December: Nationwide Mutual hacked, 1.1 million Americans affected

    And last but not least, insurance giant Nationwide Mutual suffered a hack that affected 1.1 million Americans , according to North Carolina Attorney General. It's thought that the hackers may have been from overseas, and may not have been on U.S. soil.

    Customers' names, Social Security numbers, and driver's license details were all pilfered by the hackers, and the possibility of date of birth and marital status, gender and their employers name could not be ruled out. The extent of the hack may not be realized until the early part of 2013. The insurance company prepared a statement and said it was "very sorry," but was not aware of "any misuse of customers' information."

    • Read more: Nationwide Mutual hack affected '1.1 million Americans'
    Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

    Caption by: Zack Whittaker

  • 0
  • Dozens of data breaches, millions affected
  • January: Symantec Norton source code theft
  • 24 million affected by Zappos hack
  • February: Statfor hacked, Anonymous hands emails to Wikileaks
  • March: Global Payments hacked; MasterCard, Visa customers affected
  • April: Anonymous attack Chinese Web sites, defense contracts stolen
  • May: U.K. government caught snooping on citizen data
  • June: LinkedIn password breach affects 6.46 million users
  • Password breach hits 1.5 million eHarmony users
  • Last.fm next in line to suffer massive password breach
  • July: Yahoo password breach exposes 450,000 user logins
  • Nvidia developer forums hacked, company investigates
  • Formspring password breach, mass password reset follows
  • August: Dropbox hacked (again…)
  • September: Apple's UDID leaks linked to Florida data breach, not FBI
  • October: Ghostshell hacks universities, massive data breach
  • South Carolina suffers huge Social Security records theft
  • Barnes & Noble credit card machines breached, card data stolen
  • November: Hacker leaks VMware ESX kernel source code to the Web
  • December: Nationwide Mutual hacked, 1.1 million Americans affected
9 of 20 NEXT PREV

2012: Looking back at the major hacks, leaks and data breaches

ZDNet looks back at the year, on a month-by-month basis, at some of the most publicized hacks, leaks and data breaches of 2012.

Read More Read Less

Password breach hits 1.5 million eHarmony users

Only a few days after the LinkedIn breach, dating Web site eHarmony was hit with a similar attack that led to the exposure of 1.5 million hashed passwords. The firm's security practices were not as strong. Its security systems only saved the user's password -- despite some users owning multi-case passwords -- in upper-case characters only, further weakening the system.

  • Read more: Sex Tech: eHarmony password scandal
Published: December 17, 2012 -- 10:02 GMT (02:02 PST)

Caption by: Zack Whittaker

Related Topics:

Security TV Data Management CXO Data Centers
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • Adjust these Facebook privacy settings to protect your personal data

    Social Enterprise

    Adjust these Facebook privacy settings to protect your personal data

  • Social media cannot be trusted without these features

    Social Enterprise

    Social media cannot be trusted without these features

  • Facebook alternatives: Social apps you need to try

    Mobility

    Facebook alternatives: Social apps you need to try

  • The best VPN services: Our 10 favorite vendors for protecting your privacy

    Security

    The best VPN services: Our 10 favorite vendors for protecting your privacy

ZDNet
Connect with us

© 2018 CBS Interactive. All rights reserved. Privacy Policy | Cookies | Ad Choice | Advertise | Terms of Use | Mobile User Agreement

  • Topics
  • All Authors
  • Galleries
  • Videos
  • Sponsored Narratives
  • About ZDNet
  • Meet The Team
  • Site Map
  • RSS Feeds
  • Reprint Policy
  • Manage | Log Out
  • Log In to ZDNET | Join ZDNet
  • Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy