2023 Data Breach Report

Overview of Major Data Breaches in 2023 and What You Need to Know

In 2023, several significant data breaches impacted millions of individuals and organizations worldwide. Let's break down these incidents in a simple way:

1. Twitter - January 4, 2023

• Problem: A flaw in Twitter's system allowed attackers to buy a dark web database containing email addresses of around 200 million users for just $2.
• Impact: Data exposure from June 2021 to January 2022.
• Current Status: Even after fixing the issue in January 2022, some data is still being shared with bad actors.

2. Reddit - February 5, 2023

• Problem: A phishing attack on Reddit led to a breach, giving hackers access to internal documents, source code, and employee data.
• Impact: Limited information about advertisers was also compromised.
• Action Taken: Reddit secured its systems and informed affected users, assuring them that the main user data remained safe.

3. ChatGPT - March 24, 2023

• Problem: A glitch exposed customer data, including partial credit card details, due to issues in ChatGPT’s open-source library.
• Action Taken: OpenAI promptly took ChatGPT offline to address the problem, assuring users that full credit card numbers were not compromised.

4. MSI - April 6, 2023

• Problem: Ransomware attack on MSI led to financial losses and the theft of 1.5TB of sensitive data, including source code and private keys.
• Demand: Attackers demanded a $4 million ransom, threatening to release the data if not paid.

5. T-Mobile - May 1, 2023

• Problem: Unauthorized access to PIN-protected accounts led to the theft of customer contact details, ID cards, and social security numbers.
• Response: T-Mobile notified affected customers, secured its systems, and offered free identity theft protection services.

6. MOVEit File Transfer Tool - June 2023

• Problem: A vulnerability (CVE-2023-34362) allowed unauthorized access to MOVEit servers, affecting 200 organizations globally.
• Impact: Personal information of up to 17.5 million individuals exposed.
• Action Required: Organizations invested in data recovery and remediation efforts.

7. Roblox - July 2023

• Incident: A breach exposed personal information of 4,000 Roblox developers, including phone numbers and birth dates.
• Timeline: Data obtained from Roblox developer conferences held between 2017 and 2020.
• Entry Point: Attackers gained access to Roblox's systems in 2021.

8. Duolingo - August 2023

• Problem: A vulnerability in Duolingo’s API exposed personal information of 2.6 million users.
• Concerns: Names, email addresses, phone numbers, and social media profiles exposed.
• Solution: Users advised to stay alert for phishing attacks and recommended two-factor authentication.

9. Sony - September 2023

• Incident: Ransomware attack on Sony resulted in the theft of over 6,000 files, including build logs and Java files.
• Threat: Attackers threatened to auction off stolen data unless ransom demands were met.
• Note: Specifics of the breach's origin are unknown.

Stay informed about these breaches, and remember to update your security measures regularly to protect your personal information.