All Courses
Login / Sign up
Get started

By signing up, you agree to our Terms of Use and Privacy Policy.
Reset your password
Enter your email and we'll send you instructions on how to reset your password.

Diary of Cyberattacks

A compendium of major cyberattacks over the years.

It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.
 
– Stephane Nappo.
 
Between January 1, 2005 to November 30, 2019 there have been a total of 11,126 data breaches (Source: ID Theft Resource Center), and as per Juniper Research’s report, the cost of data breaches will be $5 trillion by 2024.

In this section, we keep tabs on cyberattacks that take individuals, business organizations, and even states by storm. 



Filter by:

2019 Updates

Virtual Care Provider, Ransom Attack — November 2019
Ryuk Ransomware infects IT services provider Virtual Care Provider Inc.'s network and rendering 110 nursing homes' operations such as email services, patient records, client billings, and phone systems unusable or inaccessible.

Links:
Suprema Biostar, Data Leak — August 2019
Suprema's Biostar falls victim to a data leak amounting to a total of 27.8 million records consisting of fingerprints, images and facial recognition data.

Links: 
Bulgarian NRA, Data Breach — July 2019
A hacker breaks into Bulgarian National Revenue Agency's tax database, stealing the social security number, salary info and other financial information of 5 million taxpaying citizens of the total 7 million.

Links:
Tech Data, Date Leak — June 2019
An unsecured server was found with 264 GB of personal and financial data of customers including names, email addresses, plain text passwords, invoices, card company, card holder name and expiry dates.

Links:
Canva, Data Breach — May 2019
Hacker 'GnosticPlayers' of notorious fame, rips off 139 million user-provided data such as username, email, real name etc; and 61 million highly secure user passwords of Canva's profile database.

Links:
Github, Ransom Attack — May 2019
A few hundred Git repos were seemingly erased by an unknown actor in exchange for 0.1 BTC ransom. The repos were untouched, and it was found that the attacker had discovered cached access tokens and credentials on a remote server.

Links:
Docker, Data Breach — April 2019
An intruder gained brief access to Docker's server that contained usernames, hashed passwords and associated Github and Bitbucket tokens, potentially affecting 190,000 accounts. Docker recommended changing login credentials and relinking Github and Bitbucket.

Links:
AWS, Data Breach — March 2019
Paige "Erratic" Thomas executes a Server Side Request Forgery and exploits a misconfigured Firewall on AWS to collect confidential financial and private information of a 100 million people.

Links:

2018 Updates

Facebook, Data Breach — September 2018
Exploiting the "View As" feature, hackers have exfiltrated personal information of millions of Facebook users. Facebook's shares drop by 3% on disclosure.

Links:
Marriott, Data Breach — September 2018
Marriott's Starwood brands were victim to a massive data breach with hundreds of millions of passports and credit card numbers stolen. Marriott incurred breach costs of $28 million that was mostly covered by insurance and was charged a fine of $120 million by UK's Information Commissioner's Office for privacy rights violations.

Links:
British Airways, Data Breach — September 2018
500,000 passengers' card details were stolen, alongwith passengers' names, travel plans, email address, billing address and the card verification value. British Airways faced a fine of £183 million.

Links:
Iranian Phishing Campaign — March 2018
Over 300 institutions, including 144 US universities fell prey to a series of spear-phishing campaigns. The hackers were able to steal 31 TB of intellectual property that is estimated to be worth $3 billion. The US Department of Justince has accused nine Iranian hackers of the cybercrime. 

Links:
MyFitnessPal, Data Breach — February 2018
Roughly 150 million contacts including usernames, passwords, emails and IP addresses were stolen from the app "MyFitnessPal". While no financial data was leaked, the stolen data can be crosschecked on other platforms, and can affect users that reuse passwords.

Links:

2017 Updates

Washington DC surveillance cameras hacked — December 2017
Over a 100 outdoor surveillance police cameras of Washington D.C were hacked by what are suspected to be two Romanian hackers. Additionally, they used the hacked systems that controlled the cameras to also spread ransomware by sending 179,000 phishing emails.

Links:
Alteryx, Data Breach — October 2017
123 million household details were exposed putting American families at the risk of an identity theft. Each household had a staggering 248 fields of data, from financial history to mortguage details to pet ownership, making it possible for identity thieves to piece together and identify households despite the repository not containing names.

Links:
Equifax, Data Breach — July 2017
In an elaborate cyber attack on Equifax, 143 million customers' personal information such as their names, social security numbers, birthdates, addresses and 209,000 consumers' credit card numbers were stolen. The cyberattack costed Equifax $1.38 billion in breach costs and 1.4 billion in legal costs.

Links:
NotPetya, Ransomworm — June 2017
NotPetya feigns to be a ransomware, but isn't with no intentions to collect ransom. NotPetya used exploits like EternalBlue, EternalRomance, and an accounting software pacakage by the name M.E.Doc prevalent in Ukraine to spread over the network and infect unpatched systems. NotPetya encrypted everything in such a way so as to destroy stored information and render it unretrievable. It has been estimated to have caused damage to the tune of atleast $10 billion.

Links:
WannaCry, Ransomware Attack — May 2017
WannaCry, a ransomware that used an exploit developed by United States' National Security Agency called Eternal Blue that allowed for running arbitrary code on Windows, infected and locked up over 200,000 systems demanding payment via bitcoin for reverting the encryption of the victims' systems.

Links: