Data is becoming more valuable by the day and for crooks looking for a quick buck, easiest route to billions. But not every data breach is a result of hackers. More often and not, ‘loopholes’ and unprotected servers give back actors access without even having to break in. Here are some of the biggest data breaches of 2019 that affected users in India.
SBI leaves its server without any password protection: SBI left one of its servers unprotected which exposed the data of its 422 million customers. The server, situated in Mumbai, contained partial bank account numbers, bank balances and phones of individual using the bank’s SBI Quick service.
Biggest single card database sale on the darknet: More than 1.3 million credit and debit card details from Indian banks were spotted for sale in October. Group-IB, a Singapore-based cybersecurity company, found that the information was being sold for $100 a piece.
Hackers steal records of 6.8 million users: A US cybersecurity firm, FireEye, spotted that a hacker by the name of ‘fallensky519’ stole the data of 6.8 million users from an Indian healthcare website in February. It did not disclose the name but did point to who might be responsible — Chinese hackers.
Personal information of 100 million JustDial users on unprotected servers: An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy “88888 88888” customer care number.
Kudankulam Nuclear Power Plant (KKNPP) and ISRO hacked: India’s biggest nuclear power plant and the county’s apex space agency were hacked in September. Malware was installed on computers at the Kundankulam Nuclear Power Plant (KKNPP) and the Indian Space Research Organisation — and all it took was one click on the wrong type of link.
Airtel’s security flaw only took 15 minutes to find: Leading telecom operator Airtel risked the personal data of its subscribers, more than 300 million people, due to a critical security flaw in its mobile app. The issue existed in the Application Program Interface or API of the Airtel app but was prevented from being exploited after the folks at BBC alerted the company.
Facebook and Twitter users personal data leaked through malicious apps: Facebook and Twitter were in the crosshairs for undermining data privacy yet again, in November. According to India’s cybersecurity watchdog, CERT-In, user data was being stolen by malicious thirdparty apps using One Audience and Mobiburn software development kits (SDKs).
Dating apps reveal location threatening individual safety: Dating app Grindr came under the scanner for revealing the location of its users. Grindr, along with three other dating apps — Romeo, Reco and 3fun — was found to be giving the precise location of its users, according to an investigation.
Facebook stores passwords of 600 mn users: An investigation by KrebsonSecurity found that Facebook user passwords were available in plain sight to the firm’s thousands of employees. Passwords dating back to 2012 were unencrypted and being stored as plain text on Facebook’s servers.
|No. of Victms||422m||Link to view full Story|
|No. of Victms||1.3m||Link to view full Story|
|No. of Victms||6.8m||Link to view full Story|
|No. of Victms||100m||Link to view full Story|
|No. of Victms||2||Link to view full Story|
|No. of Victms||Over 300 million (might be hacked)||Link to view full Story|
|No. of Victms||Unknown||Link to view full Story|
|No. of Victms||3M Users||Link to view full Story|
|No. of Victms||Between 200 million and 600 million||Link to view full Story|