The biggest and most dangerous hacks and Data breaches of the year 2021, so with that let’s go ahead and get onto the list now, while I could have easily based this on how many users’ data was breached in each and every single hack of the year.
Many of the major ones that had the biggest effect were based around vulnerabilities that were exploited to wreak havoc causing discourse or they were just used to gain access to multiple companies downstream who all use the same type of infrastructure and as such many of these causes do not have an end in sight even months later.
So some of these on my list are currently being actively exploited, so let’s go ahead and get started with number five which is twitch.
The Biggest Hacks and Data Breaches of the Year 2021
The growing hacking activities and Data Breaches are the major concern for Businesses, Organizations, Governments, and Individuals. Here is the list of the Biggest Hacks and Data Breaches of the Year 2021 that caused the loss of millions of dollars.
Twitch Data Breach
In October 125 gigs of data were posted online from Twitch. Twitch stated that an attacker gained access to their servers due to a faulty configuration change that exposed it to the internet.
Credit card numbers were not exposed nor were login credentials which were hashed with being crypt or passwords but all the stream keys were reset.
The source code repo and payout data were exposed including about 6000 internal repositories and SDKS red teaming tools and creator payouts. Some creators disclosed that the leaked payout data was accurate for their specific accounts.
Now while this breach did not affect users it was still advisable to reset keys, change passwords, and turn on 2factor Authentication if not already enabled.
This was also a blow to creator and employee privacy, given internal documents, and payout information was leaked. Source code was leaked which could eventually lead to vulnerabilities being exploited as well.
LinkedIn Data Breach
Now on to number four, In April Linkedin disclosed a leak of data from their site including profile details for over 500 million users.
In this case, it included full names email addresses, phone numbers, genders, and more. Linkedin pointed out that this data was public profile data that was scraped from their site as well as other platforms too.
So they stated that this was not a data breach since no private information was included but they also mentioned that scraping data from their site does go against their terms of service.
Now while that may be so this scrape of publicly accessible data makes it easy for phishing to occur against any user contact information and they could be held liable if found in violation of GDPR.
Next are the three big ones that really had lasting effects not just leaks of user data with numbers.
Colonial Pipeline Data Breach
In May colonial pipeline had to take their operations offline due to a ransomware attack.
All of their main lines and some additional pipelines were taken offline while an investigation and remediation were prioritized to handle this attack and the company slowly brought their network back online in a stepwise fashion.
Since colonial pipeline handles 45 percent of liquid gasoline and diesel fuel for the east coast and they are the largest pipeline in the US, this ended up being a major blow to fuel transportation during the event.
Due to panic and stations running out of fuel this was limited to the information systems, no data leak actually occurred and it did not hit the industrial control systems but the US department of transportation set up temporary exemptions for servicing hours so that truckers were still able to transport loads of fuel during this attack.
The dark side ransomware gang stated that they were involved and eventually all pipelines came back online even though there was no data leak and the systems were back to normal pretty quickly.
This was a huge concern because it made the government much more aware of how infrastructure can be affected when a group targets a single company with ransomware.
Microsoft Data Breach
Now for number two, After the solar winds debacle of 2020, I’m sure everybody remembers that which led to tons of breach disclosures and after effects leading into 2021.
We then had the Microsoft exchange vulnerabilities discovered in March of this year.
The exchange had several security flaws which led to at least 60 000 known victims globally at least 30 000 companies which were in the united states, attackers from many groups took advantage of these vulnerabilities and they attacked servers leading to several reported breaches throughout 2021.
Now some of these notable hacks were meat processor JBS foods and pc manufacturer ACER both of whom were hit by the Reville hacker group.
JBS foods paid an 11 million dollar ransom one of the largest in history. ACER was hit up for 50 million dollars in ransom.
Microsoft reported that the Chinese hacking group called hafnium was the perpetrator of the original attacks on exchange and the flaws were eventually patched by the tech giant.
Log4J Vulnerability Exploitation
Now let’s talk about the last big hack of 2021 I think this one is most important. It’s log4j and the recently disclosed exploit which was called log4shell.
I’m kind of glad that I waited until late December to post this article because this news blew up this month. So Log4J the logging tool which is built into a lot of applications has a vulnerability that is being exploited by an attack.
Log4shell can allow an attacker to use a very simple script to gain remote access to a server and hit it with remote code execution attacks, potentially leading to compromises of data or leaks or even malware or ransomware even botnet infections, and more.
This is a current issue that is very problematic because of how easy it is to exploit what makes it worse is the fact that the first patch released to fix this also had a newly discovered vulnerability as well.
So now the patch has to get patched and another patch was just released for another log4j vulnerability, and it all has to be patched on multiple parts of any of the vulnerable servers.
So it’s a whole thing it’s not just a one-off fix and unfortunately, it’s taking days upon days for responsible admins to patch and check.
Log4j is found in millions upon millions of applications and the exploit has been successful against many brands and products are ready.
Final Remarks on Biggest Hacks and Data Breaches of the Year
It’s also being exploited in the wild as we speak so as you can see a lot of attacks occurred against infrastructure and tools used within companies.
The attacks were not necessarily designed to target individual users but to take down as many victims as possible in one swift move.
2021 ended up being a year where we saw not only the most attacks we have ever seen but we also saw a change in the direction that a lot of hacker groups are choosing to go in order to make the biggest disruption.
This is the list of the Biggest Hacks and Data Breaches of the Year 2021.
So what kind of trends do you think that we will see next year in terms of cyber security? I am very curious about what you think is going to happen in the new year so leave your comments down below.