The last decade accounted for over 4 billion records tampered and stolen, with 10 of the 15 biggest data breaches of all time taking place in the 2010s. Vincentas Grinius, CEO of Heficed, the IP address infrastructure service provider, introduces the major cloud data breaches of the past 10 years and discusses how similar crimes could be avoided in the future.
Biggest cloud security breaches of the decade
Data breaches are more advanced than ever, and even tech giants like Facebook, Apple, or Adobe fall into hackers’ traps.
Advanced data breaches are difficult to spot, not to mention, to investigate and find suspects. It might take years before a breach is detected, and by then it could’ve already caused millions of accounts to be affected.
One of the unfortunate examples was the Apple iCloud breach in 2014, when many accounts were hacked and their information was leaked, including private photos of celebrities. The accident resulted in Apple strengthening its cloud security and introducing two-step verification, which is still commonly used in finance, legal, and data storage sectors. While the event caused public indignation, now the company is considered to use one of the highest user security and privacy measures.
At the beginning of the decade, Adobe faced a data breach that caused over 150 million users’ records to be compromised. According to Adobe officials, hackers mainly attacked invalid or inactive accounts and accounts with weak protection. Although the company contacted affected users and solved the problem rather fast, they recognised that hacks like that could be avoided with better encryption and increased user data security.
In recent years, the social media giant Facebook wasn’t in the best light. After the Cambridge Analytica scandal, the company jeopardised their users’ trust, but even bigger data breach occurred in 2019, resulting in 540 million Facebook users’ records being illegally stored on Amazon Cloud. Half the billion identification numbers, comments, reactions, and account names were available for everyone. The breach caused users’ outrage and pushed the company to increase security and investigate its third-party applications and networks.
It’s easier to protect smaller accounts from cybercrimes, as it’s more obvious when something is impaired. Then it comes as no surprise when large incumbents like Facebook or Apple take months if not years to detect breaches.
While the decade marked one of the worst cloud breaches of all time, 2019 was the worst year of all. Last year, KrebsOnSecurity found that 885 million mortgage deal documents were leaked since 2003. First American Financial Corp was responsible for leaking such information as bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images. This data was used for phishing and scams, and identity thefts, as everyone who knew where to look could access the information.
Actions to tackle cybercrimes
Although these crimes affect billions of people, they are a hard lesson that needs to be learned. It also shows that companies and public organizations have a long way to go to improve cloud security.
I have been working in the field for years and in his opinion, data breaches advance together with improved cybersecurity. It’s impossible to fully eliminate data breaches because whenever a new security system enters the market, hackers are challenged to take it down. The only thing organisations can do is to constantly work on improving security measures and covering blind spots that are usually how hackers compromise data.
Cybersecurity is not a private issue anymore, and many governments around the world are recognizing the need to improve the sector. More financing, implementation of smart technologies such as artificial intelligence, automation, and blockchain can significantly benefit the industry and help fight and minimise the aftereffects of data breaches. And even though the scope of cybercrimes is rising, so does cybersecurity.