The number of data breaches affecting companies in different sectors across the world keeps rising in 2022, following the trend witnessed in the last few years. Here are five key data breaches that have occurred this year:

Shanghai National Police database

In July 2022, hackers claimed to have breached and exfiltrated 23 terabytes of data from the database of the Shanghai National Police. According to the hackers, who were offering the data for sale in a popular hacker forum, the data contained the information of over one billion Chinese citizens. This included citizens’ names, addresses, phone numbers, national ID numbers, and information on crimes and case details. The hackers provided a data sample of 250,000 records, which were found to contained the criminal record of citizens between the years 1995 to 2019. Journalists and cybersecurity experts who reviewed the sample data claimed it to be authentic and accurate. According to experts, the sample data also included information on children. The compromised database was being offered for sale for $200,000.

It appears that the breach occurred due to a bug in the ElasticSearch database, although this was not confirmed. According to experts, the database could have been misconfigured and left exposed due to human error since April 2021. With the records of over 1 billion citizens being allegedly compromised, the breach of the Shanghai National Police database is not only one of the largest data breaches in 2022, but could also be one of largest cybersecurity incidents to have ever occurred in China.

Twilio data breach

The communication company Twilio was the target of a breach that allowed hackers to access customer data in August 2022. Twilio provides application programming interfaces that allow businesses to set up automate call and texting services, and enhance their interactions with customers. The company also allows businesses to set up the automatic messaging system to send one-time authentication codes, as part of the two-factor authentication system.

According to Twilio, the hackers launched a phishing attack via SMS, pretending to be part of Twilio’s IT department. The message told the employees of target organisations that their password had expired, and encouraged them to log in to a spoofed web address, which the attackers controlled. The hackers were able to compromise more than 130 companies, and over 9,931 accounts. The identity authentication company Okta was among the affected companies, and revealed that the data of a number of customers was accessible to the threat actor. The encrypted communication app Signal was also a secondary victim of the attack on Twilio. It appears that over 1,900 Signal accounts were exposed, potentially allowing attackers to impersonate the users and take control of their accounts. The cybersecurity firm Group-IB reported that 114 of the compromised companies are based in the United States, and that the majority are cloud services, software development companies, and IT management firms.

Flexbooker data breached

In 2022, the online appointment company FlexBooker suffered two data breaches, just a couple of months apart from one another. The company provides online appointment booking tools that businesses can use in their websites. In January 2022, FlexBooker disclosed that threat actors had gained unauthorised access to sensitive data following a DDoS attack on the company’s AWS server, and had managed to exfiltrate the information of over 3.7 million customers.

The second breach, discovered in February 2022, was caused by an unsecured Amazon S3 bucket, which is a popular enterprise cloud storage solution. It appears that the company had failed to implement any security measures on the S3 bucket, leaving the contents exposed and accessible. The misconfigured AWS account contained over 19 million HTML files. These seemed to be the automated emails sent to users, for instance for booking confirmations, which suggests that the information of up to 19 million users could have been exposed. The information included users’ full names, email addresses, phone numbers and appointment details. The emails also contained a link to a unique code that allows users to cancel, edit and view their appointment details.

FlexBooker was informed of this security issue, and said it was working alongside Amazon to secure the servers. While the breach was successfully secured after a few days, hackers appeared to be selling the private data belonging to FlexBooker on underground forums.

Twitter data breach

The breach that Twitter suffered in late July 2022 and that affected 5.4 million users can be considered one of the largest data breaches of 2022. Threat actors exploited a zero-day vulnerability in Twitter’s systems, which allowed anyone submitting an email address or phone number to see which Twitter account is associated to it. The threat actor used this vulnerability to create a database, that was then offered for sale in a popular underground forum for an initial asking price of $30,000. The compromised information included phone numbers, email addresses, followers count, screen names, locations, picture URLs and login names.

While the data breach did not expose passwords or financial information, it still poses a significant threat to Twitter users’ privacy. This is especially the case for pseudonymous accounts of users who wish to keep their identity private on the platform for security reasons, for instance users who could face persecution in oppressive regimes, as well as whistle-blowers, activists and political opposition. The breach also poses the risk of spearphising attacks to the users of the affected accounts.

OneTouchPoint data breach

The US-based company OneTouchPoint, which offers printing and mailing distribution services for major healthcare organisations, disclosed it suffered a data breach in July 2022. According to the company, the breach was a result of a ransomware attack occurred in April 2022, although initially OneTouchPoint could not determine which files the threat actors had accessed within the network. It later appeared that the threat actors had accessed and compromised systems that contained Personally Identifiable Information of the customers of over 30 healthcare providers and health insurance carriers. This included names, addresses, dates of birth, descriptions of the services received, diagnosis codes, health assessments information, and member IDs.

OneTouchPoint initially reported that the breach affected 1 million customers, however an updated report shows that the number of impacted individuals was actually 2, 651, 396. The severity of this data breach, which infringed on customers’ privacy and put them at risk of identity theft, spurred a class action lawsuit filing.

The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.

Reference list

• https://www.bankinfosecurity.co.uk/data-breach-exposes-booking-details-19-million-customers-a-18505
• https://www.bitdefender.co.uk/blog/hotforsecurity/flexbookers-latest-data-breach-could-affect-19-million-customers/
• https://www.cpomagazine.com/cyber-security/twitter-confirms-zero-day-security-breach-exposed-anonymous-accounts/
• https://www.group-ib.com/media/0ktapus-campaign/
• https://www.hackread.com/hacker-selling-stolen-shanghai-national-police-database/
• https://healthitsecurity.com/news/additional-orgs-report-aftermath-of-onetouchpoint-data-breach
• https://healthitsecurity.com/news/geisinger-kaiser-permanente-35-others-impacted-by-third-party-vendor-data-breach
• https://www.malwarebytes.com/blog/news/2022/08/twitter-confirmed-july-2022-data-breach-affecting-5.4m-users
• https://www.reuters.com/world/china/hacker-claims-have-stolen-1-bln-records-chinese-citizens-police-2022-07-04/
• https://www.securityweek.com/onetouchpoint-discloses-data-breach-impacting-over-30-healthcare-firms
• https://techcrunch.com/2022/08/08/twilio-breach-customer-data/
• https://techcrunch.com/2022/07/07/china-leak-police-database/
• https://www.theverge.com/2022/8/8/23296923/twilio-data-breach-phishing-campaign-employees-targeted
• https://www.vpnmentor.com/blog/report-flexbooker-leak/
• https://www.washingtonpost.com/business/2022/07/06/china-hack-police/
• https://www.wired.com/story/twilio-breach-phishing-supply-chain-attacks/

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.