Halloween is upon us! Gather round the fire(wall) and let us regale you with six tales of cybersecurity horror for 2021… so far.
[Get the latest on privacy and security in your inbox. Sign up for the ExpressVPN Blog Newsletter.]
Half a billion compromised Facebook profiles
In April this year, it was discovered that personal details for half a billion Facebook profiles were leaked on a publicly accessible hacking forum. Sensitive data leaked included account emails, Facebook IDs, mobile phone numbers, dates of birth, and user locations.
Facebook wouldn’t disclose which users were affected by the leak, which resulted from a scrape of the site rather than a direct hack on company servers. Why? Because they didn’t know which users were compromised.
We promise this wasn’t an April Fools joke—believe us, we checked.
Read more: 10 times Facebook violated your privacy
Ransomware attack on Colonial Pipeline
U.S. oil producer Colonial Pipeline fell victim to a devastating ransomware attack that resulted in the shutdown of a 5,500-mile-long gas pipeline—accounting for roughly half the gasoline supplied to gas stations on the Eastern Seaboard.
Unsurprisingly, this resulted in gas shortages, inflated prices, panic buying, and hoarding. Colonial Pipeline ended up paying 4.4 million USD in Bitcoin to the ransomware group DarkSide.
Nuclear secrets exposed in apps
Netherlands-based investigative journalists Bellingcat announced in May that they discovered publicly visible flashcards on apps like Chegg, Quizlet, and Cram, that displayed the location of U.S. nuclear weapons in Europe. It turns out that U.S. military personnel were using said apps to memorize security protocols without realizing that the information they entered into the apps would become publicly searchable.
Visible information included weapons and security locations, personnel identification, secret codes, and patrol schedules.
Pegasus is spyware that was developed by an Israeli technology firm called NSO Group and sold to various world governments. Once on your phone, Pegasus can copy your messages and media, record your conversations, film you through your phone’s camera, and pinpoint your geographical location.
In July, reports began to appear that Pegasus had been used to monitor civilian groups. Some 50,000 phone numbers, believed to belong to activists, journalists, lawyers, politicians, and executives across 50 countries (among others), were leaked. NSO went on record to clarify that the software had only been sold to countries with good human rights records.
Electric eye Down Under
In August, Australia passed a surveillance bill that allows police to access a citizen’s smart devices, modify data, and take over a suspected criminal’s social media accounts to gather information in ongoing investigations.
Those called upon to assist in an inquiry by the government must comply and will receive protection from civil liability. Those who refuse face up to 10 years in prison.
The heist to end all heists
600 million USD was stolen by a hacker dubbed “Mr. White Hat” after a vulnerability was discovered in the decentralized finance platform Poly Network. In a strange plot twist, the hacker maintained an open discourse with Poly Network, eventually returning all funds stolen, claiming that the goal was to draw attention to the platform’s vulnerabilities.
The Poly Network heist is the largest cryptocurrency theft of all time… until the next one comes along of course!
Read more: 8 of the biggest crypto thefts of all time
Did we miss anything? Let us know below!