Skip Links

Worst security snafus of 2012

Some of the worst online security problems of 2012 came in the form of DDoS attacks, cloud outages and political unrest

By , Network World
December 10, 2012 11:53 AM ET

Page 5 of 7

• Adobe said it was investigating how user names, email addresses and encrypted passwords were stolen from a company database after an Egyptian hacker called "Virus_HimA" posted 230 of them on Pastebin.

• South Carolina disclosed a massive data breach in which about 3.6 million Social Security numbers and 387,000 credit and debit card numbers belonging to taxpayers were exposed after a server at the state's Department of Revenue was breached by what was thought to be an international hacker, according to state officials.

• A crippling series of distributed denial-of-service attacks over the course of the month struck the websites of about a dozen U.S.-based banks, including Bank of America, Wells Fargo and JP Morgan Chase, effectively cutting online bank customers off from their services for extended periods. Some U.S. authorities, including Defense Secretary Leon Panetta, openly accused Iran of being behind the cyberattacks, though no specific evidence has yet been made public and Iran rejected the charges.

• Barnes & Noble, emphasizing its working with the FBI on the case, disclosed a data breach associated with compromised PIN pad devices used in some stores located in California, Florida, Illinois, Massachusetts, New Jersey, Pennsylvania and Rhode Island may have resulted in an unspecified amount of fraud against shoppers there.

• Amazon Web Services storage service, known as Elastic Block Storage, experienced performance degradation that resulted in some downtime for certain sites, including social-media site Reddit and photo-sharing site Imgur, among others.

• A 20-year-old Arizona man, Raynaldo Rivera of Tempe, arrested in August by FBI agents, pled guilty in a California court to intentionally causing damage to the website of Sony Pictures Entertainment in an attack carried out in May 2011. A former member of the hacker group Lulzsec, Rivera also admitted to launching a SQL injection attack against sonypictures.com that allowed him to extract confidential and personal information from the website's database, which was published online. The plea agreement noted this had resulted in losses of about $605,000 to Sony to cope with the attack, including computer forensics and staff call centers and credit monitoring for individuals whose personal information was compromised. In exchange for his guilty plea, Rivera, though facing 15 years in prison, could get a reduced sentence, with that decision expected to be determined at a hearing scheduled for March 14, 2013.

November

• Twitter sent notices of an attempted hijacking to China-based foreign journalist and analysts just hours before apologizing for resetting the passwords of more users than necessary in a recent break-in of accounts. Twitter provided no details on the hacking but some, including Voice of America, speculated it may have been a censorship crackdown associated with China's Communist Party.

• Until it made changes that were needed to fix the problem, Skype temporarily disabled the account password reset option on its website after reports surfaced that this feature can be abuse to hijack Skype accounts if the attackers know the email addresses associated with them.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News