X

These are the worst hacks, cyberattacks, and data breaches of 2018

Millions of records were lost, services were disrupted, and credit card data was stolen as hackers ran amok over the year.
By Charlie Osborne, Contributing Writer
screenshot-2018-11-26-at-19-05-32.png
1 of 24 Charlie Osborne/ZDNET

UK government website cryptojacking

February: Over 4,000 websites, including UK government, US, and Australian services, all experienced the same security issue at once due to a vulnerable third-party plugin used for website accessibility. Countless website visitors became victims of cryptojacking, in which their CPU power was used without consent to mine for cryptocurrency.

screenshot-2018-11-25-at-18-46-10.png
2 of 24 Charlie Osborne/ZDNET

Ticketmaster

February -- June: Third-party code on Ticketmaster's web domain was compromised, leading to the implant of credit card skimming malware on the domain. Up to 40,000 UK and international customers are believed to have been affected, with information including names, addresses, email addresses, telephone numbers, payment details, and Ticketmaster login details involved in the breach.

Researchers later connected the cyberattack to the Magecart campaign.

screenshot-2018-11-26-at-19-22-53.png
3 of 24 Charlie Osborne/ZDNET

Under Armour

March: Under Armour, a seller of fitness apparel, revealed that the firm's MyFitnessPal mobile app had been hacked, leading to the compromise of 150 million accounts. Usernames, email addresses, and hashed passwords were stolen, and while financial data was not affected, users were required to immediately change their passwords.

screenshot-2018-11-26-at-19-16-51.png
4 of 24 Charlie Osborne/ZDNET
screenshot-2018-11-25-at-18-55-38.png
5 of 24 Charlie Osborne/ZDNET

Facebook, Cambridge Analytica

March: The Facebook -- Cambridge Analytica scandal was one of the largest this year with severe consequences that are still being felt by the companies and regulators alike.

In total, information belonging to up to 87 million users was improperly shared by a developer with Cambridge Analytica for the purpose of voter profiling. It has been suggested that this may have been used to spread propaganda and help elect US President Trump.

screenshot-2018-11-25-at-18-31-31.png
6 of 24 Charlie Osborne/ZDNET

British Airways

April -- July: British Airways leaked data belonging to hundreds of thousands of customers who used a credit card to make reward bookings between April and July. The compromised information included names, billing addresses, email addresses, and payment information including card numbers, expiry dates, and CVV security codes.

The leak was uncovered following the Ticketmaster breach. It is believed the hack was the work of Magecart, which has also claimed victims including Newegg, Feedify, and broadcaster ABS-CBN.

screenshot-2018-11-26-at-18-57-39.png
7 of 24 Charlie Osborne/ZDNET

Rail Europe

May: Rail Europe, a company which sells tickets for trips around the bloc, suffered a three-month-long data breach caused by credit-card skimming malware. Credit card numbers, expiration dates, and CVV card verification codes were all stolen during the covert campaign, and while the company did not reveal exactly how many customers were involved, Rail Europe accounted for five million customers last year.

screenshot-2018-11-26-at-19-17-47.png
10 of 24 Charlie Osborne/ZDNET

Ticketfly

June: Ticketfly pulled its website offline on the basis that the event seller believed there had been a cyberattack -- a premise which turned out to be correct. The company said that information had been leaked which belonged to roughly 27 million customer accounts and included names, email addresses, physical addresses, and phone numbers.

A hacker believed to be responsible attempted to blackmail Ticketfly a single Bitcoin to keep the data from spreading.

screenshot-2018-11-26-at-19-18-57.png
11 of 24 Charlie Osborne/ZDNET
screenshot-2018-11-26-at-18-56-37.png
12 of 24 Charlie Osborne/ZDNET

Exactis

June: You would be forgiven for not knowing of Exactis, a marketing and data aggregation company, but the firm's name became somewhat well-known following a data breach which exposed 340 million records on a publicly accessible server.

Close to two terabytes of information were available in the public domain, including a range of data on US citizens and businesses.

screenshot-2018-11-26-at-16-16-05.png
13 of 24 Charlie Osborne/ZDNET

SingHealth

July: Singapore suffered the "most serious" data breach in the country's history this year when healthcare institutions group SingHealth's networks were compromised.

In total, over 1.5 million healthcare patient records, including one belonging to Prime Minister Lee Hsien Loong, were stolen. Data including patient names, national identification numbers, addresses, genders, and dates of birth were compromised.

screenshot-2018-11-26-at-17-06-46.png
14 of 24 Charlie Osborne/ZDNET
screenshot-2018-11-26-at-19-10-22.png
17 of 24 Charlie Osborne/ZDNET

Student medical records

screenshot-2018-11-26-at-19-20-49.png
19 of 24 Charlie Osborne/ZDNET

T-Mobile

August: T-Mobile detected unauthorized entry into the carrier's network, and although the intruder was quickly booted out, this was not before the attacker was able to access customer data. Roughly three percent of its 77 million customers -- or approximately 2 - 2.5 million customers -- were impacted, with information including customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types exposed.

screenshot-2018-11-25-at-18-56-20.png
20 of 24 Charlie Osborne/ZDNET

Facebook's network breach

September: If dealing with the aftermath of Cambridge Analytica was not enough, a vulnerability in Facebook's code permitted attackers to steal authentication tokens. Information including names, contact details, cities, device types, places of work, and more was also stolen from some users.

Original estimates pegged the theft as impacting 50 million users, which were later revised to 30 million.

screenshot-2018-11-26-at-15-46-28.png
21 of 24 Charlie Osborne/ZDNET

ISP, web traffic hijacks

screenshot-2018-11-25-at-18-32-21.png
22 of 24 Charlie Osborne/ZDNET

Canada Post

November: Information relating to roughly 4,500 customers of the Ontario Cannabis Store (OCS) was improperly shared and leaked, including the names or initials of nominated signatories, postcodes, dates of delivery, reference numbers, Canada Post tracking numbers, and OCS corporate names and business addresses.

While the breach was small, the sensitive subject matter -- and the recent decision to make recreational cannabis legal in Ontario, Canada -- made the incident stand out. It may now be legal, but that does not mean smokers would be happy with others knowing about their recreational use.

screenshot-2018-11-26-at-19-01-37.png
23 of 24 Charlie Osborne/ZDNET

Amazon

November: As is often the case with the most well-known companies, if a security incident occurs, they will often give out information which is necessary -- but no more. Amazon followed this pattern, admitting that a "technical error" had exposed the names and email addresses of some customers, but did not go any further into detail.

Despite a lack of concrete information, when a company such as Amazon has a security lapse, it is certainly of note.

screenshot-2019-01-07-at-07-11-19.png
24 of 24 Charlie Osborne/ZDNET

Google+

In late December, Google revealed a fresh bug in the Google+ API which had the potential to permit attackers to steal private data belonging to close to 52.5 million users. This discovery pushed the Google+ closure data forward from August to April 2019.

Read on: ZDNet

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes
Holiday lights in Central Park background

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes

21 Photos
Winter backgrounds for your next virtual meeting
Wooden lodge in pine forest with heavy snow reflection on Lake O'hara at Yoho national park

Related Galleries

Winter backgrounds for your next virtual meeting

21 Photos
Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes
3D Rendering Christmas interior

Related Galleries

Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes

21 Photos
Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos