Want to know about biggest Cloud Security Breaches?
If yes then you are in the right place.
Organizations globally are quickly adopting hybrid and multi-cloud solutions. This explains why the cloud computing market has grown from $28.1 billion in 2019 to $53.3 billion in 2021.
There is no doubt that cloud technology is the future of organizations’ applications and solutions. Its relevance has been brought about by its ability to keep organizations and stakeholders in the loop.
However, organizations should be wary of cloud computing technologies. With the increasing adoption of cloud computing solutions, there has been a corresponding increase in cloud security data breaches.
According to Ermetic’s research, 80% of enterprises have fallen victims to cloud-related data breaches in the last eighteen months. The same report also shows that 43% of organizations have reported more than ten cloud data attacks.
And now let’s move to the list of breaches…
8 Biggest Cloud Security Breaches Till Now
Organizations will continue facing Cloud Security Data Breaches for as long they fail to take the necessary measures to protect themselves. How large cloud-related breaches might become in the future remains speculation. However, they are already hitting enormous magnitudes, as showcased by the following infamous data breaches.
In November 2019, Alibaba, a multinational technology company, fell victim to a cloud-related data breach. The attack targeted one of its shopping websites referred to as Taobao. It left more than 1.1 billion pieces of customer data exposed. The attack took place over 8 months as malicious cyber attackers trawled through the websites until Alibaba realized later on what was happening.
Some of the stolen details included phone numbers, IDs, personal addresses, and customer comments. Although encrypted information remained out of reach by the hackers, the breach was so severe that Alibaba had to notify the relevant authorities as soon as possible.
One lesson we should all learn from this breach is the importance of data encryption. Data encryption has always made it hard for hackers to get past it. Today, data encryption has been made easier with the availability of several SSL certificate options.
Installing an SSL cert keeps out MiTM attacks by encrypting the in-transit data between the web browser and the client server. Website owners should ensure that they secure all website components, including all subdomains. For E-Commerce owners with unlimited first-level subdomains under the main domain to secure, a wildcard SSL cert is the best bet. Trusted wildcard SSL certificates such as Comodo Positive Wildcard SSL, and Comodo Essential SSL wildcard are premium yet cheap options that a business owner may consider investing in.
In 2017, Verizon Communication was a victim of a Cloud Security Breaches that resulted from a misconfigured cloud server. The data breach exposed over 6 million pieces of data belonging to Verizon’s customers. Some exposed user data include account details, names, addresses, and PINs of over 14 million Verizon customers.
NICE acknowledged the blunder by agreeing that one of its engineers created a cloud-based file repository meant to store clients’ call data which Verizon also used for backend operations.
The exposure of PINs was particularly alarming as cybercriminals can use such information to access user accounts and acquire cloned SIMS. This data breach is a perfect example of how risky third-party vendors can be when handling sensitive customer data.
3. Booz Allen Hamilton
Booz Allen Hamilton, a leading US technology consulting company, was found to have exposed over 60,000 files on the publicly accessible AWS servers. The breach was discovered by Chris Vickery, an analyst at UpGuard. Some of the sensitive files that might have been left exposed include those tied to the US military projects, unencrypted passwords that belonged to government contractors, and security credentials of a lead engineer at Booz Allen Hamilton.
Following the incident, former US senator Claire McCaskill issued a public statement saying that the incident was real and the firm would be held accountable for the data leakages.
4. Republican National Committee Cloud Security Breach
According to an investigation report by Deep Root Analytics, a security flaw on the Amazon Web Services S3 bucket, which belonged to the Republican National Committee (RNC), exposed details belonging to over 198 million American voters. The details revealed include voters’ dates of birth, phone numbers, email addresses, physical addresses, racial backgrounds, and affiliated parties.
The source of the security was a technical blunder committed by an engineer at deep root analytics, which at that moment was providing data storage services to the republican national committee. According to the investigation report by deep root analytics, the engineer configured the storage platform as public and not private, thereby making all content available for public view and download.
Accenture, a leading global professional services company, fell victim to an embarrassing data breach. At least 4 of its Amazon Web Services in its public Amazon S3 bucket were left exposed. All data available on this media was then available for download. Following this attack, some of the data that became vulnerable include login credentials, Application Programming Interface data, digital certificates, client’s sensitive data, decryption keys, and much other information that hackers could find valuable and use to mint money.
A security analysis conducted by UpGuard revealed that over 137 gigabytes of data were available for download by the public. It was a gift for the hackers who went ahead to steal sensitive data and posted it on the dark web.
A report published by UpGuard stated the following: “Taken together, the significance of these exposed buckets is hard to overstate. In the hands of competent threat actors, these cloud servers, accessible to anyone stumbling across their URLs, could have exposed both Accenture and its thousands of top-flight corporate customers to malicious attacks that could have done an untold amount of financial damage.”
Although it has been almost a decade since this breach occurred, it is still one of the most devastating cloud computing security breaches in terms of sheer numbers. The attack took place in 2013, but Yahoo did not announce it until 2016.
The attack’s impact was so devastating to the extent that everyone who had a Yahoo account in mid-2013 was affected. According to Yahoo, only one billion customers were affected. However, the final tally escalated to 3 billion.
Just recently, Alibaba also fell victim to a Cloud Security Breach. The breach affected over 700 million Linkedin subscribers. The data stolen was available for public view. In June 2021, the data from the cyber breach was available for viewing on the dark web forum.
8. Capital One
Capital One is one of the most prominent companies in the US. At the time of the attack, the company was using Amazon Web Services. A misconfigured Web Application Firewall is blamed for the breach. Attackers took advantage of the misconfiguration to generate a fraudulent access token. The access token was then used to fetch data from the Amazon Web Services.
As a result, over 700 folders containing sensitive customer information and datasets were exfiltrated. The attackers went unnoticed, not triggering any alerts because the volumes of data and folders transferred from the Capital One networks aligned with the normal network traffic loads.
That’s it for now…
So, that’s all about the list of all major cloud data breach incidents and attacks that have been occurred till now. As users continue to adopt cloud computing solutions, they should also ensure adequate security protocols to help them prevent such security threats.
For instance, users should take advantage of Identity and Access Management solutions, strong and unique passwords, two-factor authentication, and frequent system audits and examinations to check the status of the cloud computing technologies.
Lastly, because nothing is guaranteed in cloud computing, users should backup and recovery solutions to cushion their data from unexpected occurrences.