2023 was quite a year for digital security, or let’s say, the lack of it in some cases. We saw big and eye-opening cyber attacks. While those were pretty numerous, today, we will only review five of them. These incidents shook us up and taught us a thing or two about keeping our digital world safe.
5 Biggest Attacks of 2023
#1 Kid Security Data Exposure
The Kid Security app, which parents rely on to watch over their kids’ online activities, accidentally exposed over 300 million records. This big oops moment happened due to some missteps in setting up Elasticsearch and Logstash. Bob Diachenko, a sharp-eyed security researcher, stumbled upon this error. He revealed that user activities, phone numbers, email addresses, and even some payment details were left unprotected for over a month. Things got pretty serious when a ransom note popped up in the data, demanding Bitcoin to return the files.
Lesson: This mishap teaches us that even with the best intentions, one oversight can lead to a cascade of troubles. We need to move beyond checklists and cultivate a culture where everyone understands the weight of responsibility in handling data.
#2 SAP SE Bulgaria Data Exposure
SAP SE got hit with a major data leak when researchers at Aqua Nautilus discovered something alarming. Kubernetes Secrets, basically the keys to the kingdom containing passwords and tokens, were just sitting out there in public GitHub repositories. This slip-up led to nearly 95.6 million records being exposed, which included some pretty important stuff like credentials and access permissions.
SAP SE didn’t waste any time to give them credit. They jumped on it with a solid action plan, digging into what happened and keeping the researchers in the loop about what they were doing to fix things.
Lesson: Here’s a real-world lesson on the butterfly effect in cybersecurity. A small oversight in one corner of the internet can unleash a storm elsewhere. Every decision, no matter how small, contributes to the larger security landscape.
Learn more about two-factor authentication and its importance for online security.
#3 TmaxSoft Data Leak
TmaxSoft, an IT company from South Korea, left over 56 million sensitive records out in the open on a 2 TB Kibana dashboard. And get this, it was just sitting there unprotected for over two years! The worst thing here is that it wasn’t just any old data. It included stuff like employee details and company secrets.
Even after people found out and tried to let them know, TmaxSoft hasn’t fixed the leak. So all that information would just hang out there for anyone with bad intentions. The reputational damage was immense, of course.
Lesson: TmaxSoft’s experience is a stark reminder that inaction can be the most expensive action of all.
#4 ICMR Indian Council of Medical Research Data Breach
The ICMR Indian Council of Medical Research hit the headlines for all the wrong reasons. In 2023, they faced one of India’s biggest data breaches ever, with the personal details of a whopping 815 million people ending up on the dark web. Imagine that — Aadhaar numbers, passport details, you name it, all out there for sale. Resecurity, a cybersecurity firm from the US, was the one to break this alarming news.
The sheer size and seriousness of this breach got everyone’s attention, big time. Security pros and even politicians were up in arms, demanding a deep dive into what went wrong at ICMR and the Ministry of Electronics & IT.
Lesson: It’s a reminder that behind every number is a person, and the stakes are personal.
#5 23andMe Genetic Data Breach
In October 2023, 23andMe had a major scare when they realized a ton of their users’ super personal genetic ancestry info might have been swiped. They think someone snagged login details from somewhere else and used them to sneak into customer accounts, probably using some slick data scraping tricks. Then, they found out the “DNA Relatives” feature, where you find out who you’re related to, was hit, risking all that sensitive genetic and personal info.
Next thing you know, a hacker is out there on the dark web, selling this genetic goldmine from potentially millions of people, diving right into their heritage and identity.
Lesson: It’s a call for a new kind of vigilance, one that combines cutting-edge technology with a profound respect for the privacy and dignity of every individual.
So what were these five incidents from 2023 after all? Well, in the first place, they were huge wake-up calls. We need to be on our toes, always ready, always vigilant. Let’s take these stories to heart — not just as tales of what went wrong but as blueprints for doing better. Stay safe in 2024!