Key data about data leakage
Let's look at a set of striking numbers first.
The data disclosure door we chased in those years
Marriott starwood data disclosure door
On October 30th, 20 18165438+10, Marriott discovered that the room reservation database of its Starwood hotel had been hacked, and the reservation was about 3.88 between September 20th and 20th10. Marriott also added that the encrypted credit card information may be leaked, and the possibility that the encryption key is stolen at the same time is not ruled out. Marriott was fined $9120,000 for data violation, and faced multiple legal proceedings, with compensation as high as $654,380+0.25 million.
Facebook was hacked.
On September 28th, 20 18, Facebook announced that the hacker attack discovered this week showed that the attacker used a code loophole to steal the user account key, which may invade and steal 50 million user accounts. The vulnerability exploited by hackers is related to the "visitor viewing" function. The function of this function is to enable users to view their own pages from the perspective of other users, and to determine whether others can see them after setting relevant privacy settings. The incident caused Facebook to lose $43 billion in market value and will face a fine of up to $654.38+06 billion.
Chegg information disclosure of online teaching material leasing company
Chegg, an online textbook rental company of 2018 September 19, said that in late April, an unauthorized group obtained the company database hosting user data, including names, emails, delivery addresses and passwords. User data of brand series including EasyBib may also be affected. After the hacking incident was revealed, Chegg's share price plummeted 12% in one day.
Big Data Company Blackmail Data Leak
2065438+June 2008, the big data company Exactis was discovered that its publicly accessible database leaked 340 million business and consumer accounts, including information of almost every American citizen, including home address, e-mail address, age, number of children, religious relationship and even family pets. Exactis this kind of information leakage is not caused by hackers breaking into the database or other malicious attacks, but because the server is directly exposed to the public database search range without firewall barrier.
Credit evaluation giant Equifax data leak
September 20 17, Equifax found that the personal information of 654.38+0.43 million users was leaked from May to July due to hacking. Nearly half of Americans' private information is at risk, including their names, social security numbers, American ID numbers, addresses, driver's license numbers, social security account numbers and so on. And the credit card numbers of 209,000 people. The personal tax credit certificate of 654.38+0.82 million people was the biggest and most destructive at that time. Equifax's share price plummeted by nearly 14% within one day after the event was announced, and fell by 3 1% within two weeks, and it faced legal, remedial, insurance and investigation costs of 439 million US dollars. The CEO of Equifax, the Chief Security Officer of CSO and the Chief Information Officer of CIO announced their retirement immediately after the incident.
The restaurant chain Sonic Drive-In was attacked.
2065438+September 2007, Sonic Drive-In found that its credit card processor was extremely active, which was probably caused by malware installed on one or more sales terminals. The target of the attack is the customer's credit card information. Of the 3,600 chain stores in the United States, 325 were attacked by malware for six months, and 5 million credit cards entered the market. Therefore, Sonic Drive-In paid $4.3 million in legal damages.
Uber was stolen by hackers.
At the end of 20 16, hackers obtained the personal data of tens of millions of Uber users and drivers by stealing the AWS instance credentials of Uber. Personal identity information of 57 million people was stolen, including phone numbers, email addresses and names. In addition, the driver's license numbers of 607,000 drivers were stolen. In the end, Uber paid a legal litigation settlement fee of 6.5438+48 million US dollars.
Yahoo! Two data leakage incidents
20 16 Yahoo! Two data leakage incidents were announced-one occurred in September, which damaged more than 500 million account holders, and the other occurred in June, 5438+February, which affected more than 1 billion account holders. The leaked information collected by hackers from 20 14 to 20 16 and 12 includes user name, email address, phone number, birthday, password and security question and answer. Yahoo! Spent more than $95 million on after-the-fact remedies and legal fees, and was fined $35 million for failing to disclose hacking to investors in time. Verizon bought Yahoo for violating regulations! This is $350 million less than the original offer.
LinkedIn, a social networking software in the workplace, was hacked.
In 20 16, Russian hacker Peace sold up to1670,000 pieces of LinkedIn user data on the dark network, of which1170,000 pieces contained account passwords, and the price was 5 bitcoins, which was about $2,200 at that time. Hacker Peace said that these materials came from an attack in 20 12, when Peace hacked LinkedIn and sold more than 6 million LinkedIn account information online.
Which company has the most serious data leakage?
Enlightenment of data leakage door
An Shu Network found some characteristics from the above data.
* Author: An Shujun, reprinted from FreeBuf.COM.