5 key data breaches in 2022

5 key data breaches in 2022 | White Blue Ocean

The number of data breaches affecting companies in different sectors across the world keeps rising in 2022, following the trend witnessed in the last few years. Here are five key data breaches that have occurred this year:

Shanghai National Police database

In July 2022, hackers claimed to have breached and exfiltrated 23 terabytes of data from the database of the Shanghai National Police. According to the hackers, who were offering the data for sale in a popular hacker forum, the data contained the information of over one billion Chinese citizens. This included citizens’ names, addresses, phone numbers, national ID numbers, and information on crimes and case details. The hackers provided a data sample of 250,000 records, which were found to contained the criminal record of citizens between the years 1995 to 2019. Journalists and cybersecurity experts who reviewed the sample data claimed it to be authentic and accurate. According to experts, the sample data also included information on children. The compromised database was being offered for sale for $200,000.

It appears that the breach occurred due to a bug in the ElasticSearch database, although this was not confirmed. According to experts, the database could have been misconfigured and left exposed due to human error since April 2021. With the records of over 1 billion citizens being allegedly compromised, the breach of the Shanghai National Police database is not only one of the largest data breaches in 2022, but could also be one of largest cybersecurity incidents to have ever occurred in China.


Twilio data breach

The communication company Twilio was the target of a breach that allowed hackers to access customer data in August 2022. Twilio provides application programming interfaces that allow businesses to set up automate call and texting services, and enhance their interactions with customers. The company also allows businesses to set up the automatic messaging system to send one-time authentication codes, as part of the two-factor authentication system.

According to Twilio, the hackers launched a phishing attack via SMS, pretending to be part of Twilio’s IT department. The message told the employees of target organisations that their password had expired, and encouraged them to log in to a spoofed web address, which the attackers controlled. The hackers were able to compromise more than 130 companies, and over 9,931 accounts. The identity authentication company Okta was among the affected companies, and revealed that the data of a number of customers was accessible to the threat actor. The encrypted communication app Signal was also a secondary victim of the attack on Twilio. It appears that over 1,900 Signal accounts were exposed, potentially allowing attackers to impersonate the users and take control of their accounts. The cybersecurity firm Group-IB reported that 114 of the compromised companies are based in the United States, and that the majority are cloud services, software development companies, and IT management firms.


Flexbooker data breached

In 2022, the online appointment company FlexBooker suffered two data breaches, just a couple of months apart from one another. The company provides online appointment booking tools that businesses can use in their websites. In January 2022, FlexBooker disclosed that threat actors had gained unauthorised access to sensitive data following a DDoS attack on the company’s AWS server, and had managed to exfiltrate the information of over 3.7 million customers.

The second breach, discovered in February 2022, was caused by an unsecured Amazon S3 bucket, which is a popular enterprise cloud storage solution. It appears that the company had failed to implement any security measures on the S3 bucket, leaving the contents exposed and accessible. The misconfigured AWS account contained over 19 million HTML files. These seemed to be the automated emails sent to users, for instance for booking confirmations, which suggests that the information of up to 19 million users could have been exposed. The information included users’ full names, email addresses, phone numbers and appointment details. The emails also contained a link to a unique code that allows users to cancel, edit and view their appointment details.

FlexBooker was informed of this security issue, and said it was working alongside Amazon to secure the servers. While the breach was successfully secured after a few days, hackers appeared to be selling the private data belonging to FlexBooker on underground forums.


Twitter data breach

The breach that Twitter suffered in late July 2022 and that affected 5.4 million users can be considered one of the largest data breaches of 2022. Threat actors exploited a zero-day vulnerability in Twitter’s systems, which allowed anyone submitting an email address or phone number to see which Twitter account is associated to it. The threat actor used this vulnerability to create a database, that was then offered for sale in a popular underground forum for an initial asking price of $30,000. The compromised information included phone numbers, email addresses, followers count, screen names, locations, picture URLs and login names.

While the data breach did not expose passwords or financial information, it still poses a significant threat to Twitter users’ privacy. This is especially the case for pseudonymous accounts of users who wish to keep their identity private on the platform for security reasons, for instance users who could face persecution in oppressive regimes, as well as whistle-blowers, activists and political opposition. The breach also poses the risk of spearphising attacks to the users of the affected accounts.


OneTouchPoint data breach

The US-based company OneTouchPoint, which offers printing and mailing distribution services for major healthcare organisations, disclosed it suffered a data breach in July 2022. According to the company, the breach was a result of a ransomware attack occurred in April 2022, although initially OneTouchPoint could not determine which files the threat actors had accessed within the network. It later appeared that the threat actors had accessed and compromised systems that contained Personally Identifiable Information of the customers of over 30 healthcare providers and health insurance carriers. This included names, addresses, dates of birth, descriptions of the services received, diagnosis codes, health assessments information, and member IDs.

OneTouchPoint initially reported that the breach affected 1 million customers, however an updated report shows that the number of impacted individuals was actually 2, 651, 396. The severity of this data breach, which infringed on customers’ privacy and put them at risk of identity theft, spurred a class action lawsuit filing.

The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.

Reference list

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

Related news

2020 FireEye Breach

On the 8 December 2020, prominent US-based cybersecurity company FireEye announced on its blog that they had been the victims of a cyber-attack. The nature of the attack has led to experts to theorise that it was carried out by a state-sponsored hacking group, currently believed to be Cozy Bear (also known as APT29).

Read more
Juspay Data Breach

A statement released by Juspay on 5th January 2021 confirms that the Indian-based company has been the target of a cyberattack resulting in a large-scale data breach.

Read more
Why do data leak marketplaces persist | White Blue Ocean
Why do data leak marketplaces persist?

In February 2022, the popular hacking forum and data leak marketplace RaidForums (known simply as RF) was seized by the FBI, and the creator of the website was charged with various counts of fraud and identity theft after running the website for 7 years. A few weeks later Breach Forums, or Breached, popped up and started to gain traction in the hacking community This raises two questions; ‘Will there always be some form of data leak marketplace?’ and ‘For what reasons do they persist even when there are serious repercussions for those creating them?

Read more
SIAE Data Breach

News of the latest cyberattack comes from Italy, where on the afternoon of the 20th October it was disclosed that SIAE, the Italian Society of Authors and Publishers, was targeted by a ransomware attack. SIAE, which was founded in 1882, is the Italian copyright collecting agency for artists in different areas of the entertainment industry, including television, music, theatre, visual arts and literature, and aims to guarantee that artists receive the right remuneration for their work.

Read more
Why phishing emails contain errors?

You have probably noticed that all the phishing mails are poorly written and some details may let us think they are somewhat unprofessional. Find out why.

Read more
The role of Initial Access Brokers | White Blue Ocean
The role of Initial Access Brokers

In the cybercriminal business model, initial access brokers have become a crucial figure, acting as middle-men between attackers and victims, by providing the attackers with access methods to enter victims’ networks.

Read more
The dangers of VPN credential leaks | White Blue Ocean
The dangers of VPN credential leaks

The increased reliance on VPNs made the latter an attractive target to cybercriminals. In particular, threat actors began exploiting one of the known weakest links in the chain: users’ passwords.

Read more
Killnet: the pro-Russia threat group targeting Western countries

Many threat actors have taken side in support of either Russia or Ukraine since the beginning of the invasion in February 2022. One of these hacktivist groups is Killnet, which pledged its support to Russia. Following the Russian invasion of Ukraine, the group, initially founded as a cyber gang, rather than a hacktivist collective, declared that Killnet would now be used as a name to describe the groups’ hacktivist activity in support of Russia.

Read more
The Risks of IoT in Commerce and Industry
The Risks of IoT in Commerce and Industry

IoT adoption is expanding across all industries, but there are several risks associated with IoT. In this article we explain how to mitigate risks and protect businesses from cyberattacks exploiting these new vulnerabilities.

Read more
Ransomware attack results in the shutdown of the Colonial Pipeline

The cyberattack that at the beginning of May targeted and caused the shutdown of the Colonial Pipeline, the largest fuel pipeline in the US, was a powerful example of the threat posed by the rising number of ransomware attacks, and the detrimental effect they can have not only on businesses but on national critical infrastructure.

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!