2019 is probably one of the biggest years yet filled with massive cyber attacks and data breaches throughout the year with millions, if not billions of people affected and their data breached and compromised by hackers and cybercriminals. Many big and small companies were victims of these cyber-attacks and a lot of individuals were also affected by the endless creation and spreading of new Malware and Ransomware by hackers.

Now that the year 2019 is almost coming to an end and we are looking forward to 2020, a start of a new decade, we thought it would be a good time to discuss some of the worst cyber attacks of 2019. These attacks range from data breaches, user account compromises, and even permanent data losses and they have affected people in large numbers ranging from a few thousand to a few billion.

Related: Top 4 Dangerous Android Malware discovered in 2019

The top 10 cyber-attacks of 2019 based on their impact and scale have been mentioned in this article. It will also discuss some of the security measures that could have been taken by these organizations to avoid these types of cyberattacks and recommendations to avoid them in the future.

Top 10 worst cyber attacks of 2019

Fortnite cyber attack

When?

January 2019

What happened?

Fortnite became hugely popular in 2019, which also attracted hackers and cybercriminals to perform cyber attacks on the game. Back in January, Epic Games announced that they have discovered a bug in the login page of the app, which allowed hackers to log in to millions of player’s accounts and purchase in-game currency using the registered credit cards.

Hackers were able to exploit this bug in the login form and impersonate users who used third-party services like Facebook or Xbox Live to login to the game. Hackers then transferred their purchases to other Fortnite accounts that they control.

fortnite

What could have been done to prevent this?

With a massive fan base and millions of active players playing the game every day, the developers behind the immensely popular game Fortnite should have been more cautious about any bugs or vulnerabilities present in their game, especially in a crucial page like the login page.

Players are also recommended to not use the same password they use for other services in Fortnite and to frequently change their passwords to avoid becoming the victim of such cyber attacks.

Verifications.io cyber attack

When?

March 2019

What happened?

The verifications.io data breach is considered to be one of the biggest cyber attacks in the world with the private data of over 800 Million people getting exposed. Verifications.io is an email marketing company and it has apparently left a database with around 763 Million email addresses along with names, contact details, and addresses of millions of people publicly accessible and unsecured.

While the company immediately took down the database as soon as 2 security researchers informed them about it, chances are the database was already accessed by an unknown number of people during the time it was publicly accessible.

This massive data breach potentially opens the doors for numerous scammers and attackers to target specific individuals with phishing emails or Malware attacks. However, there were no passwords or social security numbers in the database which is a bit of a relief.

Related: Purelocker Ransomware: Working and evasion

What could have been done to prevent this?

Obviously, the organization to which the database belonged to could have been more careful about the visibility and the safety of their database, especially considering millions of people’s data was involved. They should have made the database as private and could have even encrypted all the sensitive information if it was feasible.

In the future, the organization could regularly check all their systems and databases to check their visibility status and whether or not they are secured with multiple security mechanisms and access control protocols to avoid such cyber attacks.

Facebook cyber attacks

When?

April, September, November 2019

What happened?

2019 has been a very bad year for Facebook, mostly because of the numerous data breaches and cyber attacks that the organization had to encounter this year. The first data breach was back in April when around 540 Million records of user data including user names, Account ID, comments and likes were found on a public database uploaded to the AWS server. Some of these data also included location information from user check-in

There was another Facebook associated database in September, where a total of 400 Million phone numbers linked to Facebook user accounts of users from across the USA, UK, and Vietnam were leaked. This data was found on an unsecured databased that was publicly available and could have been accessed by anyone. Some of the information also included the account name of the user and user location.

cyber attacks

Facebook once again encountered a massive cyber attack this November when Facebook announced that around 100 third party app developers had improper and unauthorized access to information about Facebook users including their group member names and profile pictures. This was because of some misconfiguration with the Group API, which Facebook has since fixed and has restricted access to the third-party app developers.

Related: Malvertising: The most popular way to spread Malware

What could have been done to prevent this?

Facebook has faced a lot of heat this year from both users and the government and media for not protecting their user information even after repeatedly ensuring that they would be more careful. With billions of people actively using Facebook every month, Facebook should start taking user privacy more seriously and ensure that databases with confidential and private information are well secured and are restricted access to unknown people.

Facebook should also apply more security protocols and access control mechanisms and follow a proper security framework to ensure that its databases are secure and cannot be accessed by hackers or cybercriminals. Facebook has also announced that it would be tightening the security of its platform and would remove any illicit or suspicious accounts to avoid such incidents in the future.

MongoDB cyber attacks

When?

March, May, and July 2019

What happened?

MongoDB, one of the most popular database management systems available today was the victim of multiple huge data breaches this year. Just like the verificatons.io data breach, an unprotected database was the reason for the MongoDB data breach as well. The first big MongoDB data breach of this year was back in March when more than 800 million email records were leaked in this data breach containing personal information including phone numbers, business leads, addresses and more.

mongodb

Following this, in May there was another massive cyberattack that resulted in a data breach of a publicly available MongoDB database where over 275 Million records of Indian citizens were leaked containing personally identifiable information. Once again in September, around 188 Million records were exposed to a MongoDB database that contained information like names, gender, addresses and even details of family members.

What could have been done to prevent this?

The main reason most of the MongoDB databases got exposed is that most of these databases are left unprotected in public domains with no passwords or any other authentication mechanisms enabled. This allows the databases to be vulnerable and be accessible by anyone from a remote location. Sometimes an administrator might also change the security configuration of the databases as by default the databases are set to restrict the internet traffic.

So, the recommended steps that could have been taken to avoid such cyber attacks include, using complicated and unique passwords for different databases instead of using the default ones or reusing the same passwords. Adding new firewall rules and setup network configuration to filter out unwanted and unauthorized traffic from accessing the databases.

Toyota cyber attacks

When?

February, March 2019

What happened?

Toyota faced two major cyber attacks this year, the first one was back in February, when Toyota’s Australian server was attacked by someone unknown entity, preventing its employees from accessing their emails from the internal server. Notably, this was the first time Toyota Australia has ever been a victim of a cyber attack. As a consequence of the cyber attack, Toyota employees were unable to provide an estimate of when the customer’s newly ordered vehicles would be delivered, due to the inability to access the central server.

Toyota

Toyota was once again a victim of a cyber attack later the same year in March when the Toyota Japan systems were breached and data of several sales subsidiaries were accessed. This also included sales information of over 3 million customers.

What could have been done to prevent this?

It is unclear what exactly happened with Toyota’s cyber attack incidents as the company never really disclosed any detailed information related to the attacks However, the company announced that they would be conducting a thorough internal audit of all its IT systems to make sure that such incidents do not occur in the future.

Instagram cyber attacks

When?

May, September 2019

What happened?

Instagram, one of the social networking services owned by Facebook, suffered the same fate as Facebook this year in experiencing multiple severe cyber attacks. With billions of active users, Instagram is a popular target of attackers and cybercriminals alike and this May sensitive information of over 49 Million Instagram users were found to be exposed by security researchers. This was because an AWS database with all this data was left unprotected online without a password for 3 days by a marketing agency in India.

cyber attacks

The leaked information also included personal details of numerous celebrities and influencers including their phone numbers, email id, location, and follower details. A similar kind of incident occurred in September, where a white hat hacker identified a database with the personal information and contact details of millions of Instagram users available online without any protection.

What could have been done to prevent this?

As mentioned earlier, the reason for this data breach is the AWS database with the personal information of the millions of Instagram users that were left unprotected. Since Instagram and its parent company Facebook have a massive user base, they naturally attract a lot of attackers to scan and identify any publicly available databases to be able to use for malicious purposes. So, it is highly recommended that such companies do not leave massive databases such as these without any authentication mechanisms even for a limited amount of time, even though it is convenient in certain instances.

Capital One cyber attack

When?

July 2019

What happened?

Capital one, a banking company specializing in credit cards, witnessed one of the biggest cyber attacks in history back in July when they detected a hacker has gained unauthorized access to over 100 million credit card customer’s personal information including their social security numbers, bank account details, transaction information and also their payment history among other information.

The hacker was able to gain unauthorized access to the company’s server by exploiting a vulnerability in a web application firewall. The individual was later found out to be a former employee of AWS, the cloud service used by Capital One.

capital one

What could have been done to prevent this?

Capital One is one of the largest banking organizations in the US and given that they primarily handle sensitive and confidential information of millions of users, it is highly important that they regularly scan all of their systems for any known vulnerabilities or problems and apply patches immediately to avoid any such incidents in the future.

Hostinger cyber attack

When?

August 2019

What happened?

Hostinger is one of the biggest web hosting service providers and they suffered a massive cyberattack this August when they discovered someone has gained unauthorized access to their database containing information about millions of their customers. The database contained over 19 million customer’s personal information including their usernames, passwords, and email addresses.

cyber attacks

What could have been done to prevent this?

The Hostinger cyber attack was due to a vulnerable system present in their internal environment and a hacker was able to exploit the vulnerability and gain unauthorized access to their database in their RESTful API server. The company could have prevented this cyber attack by properly investigating their systems and patching any vulnerable ones and ensuring that there are no unnecessary access tokens present in their servers that would allow anyone to access their internal systems.

OnePlus cyber attack

When?

November 2019

What happened?

Over 40,000 customers of OnePlus were affected when the company was hit by a cyber attack this November. OnePlus’s servers were attacked and hackers have made fraudulent purchases using the credit card information of several customers.

The company immediately stopped all of its payment channels for purchases on its online store with the exception of PayPal, following this cyber attack. While the company was not able to find the exact cause of this attack, but it is suspected that this might be an insider attack.

cyber attacks

What could have been done to prevent this?

To avoid insider attacks, companies generally have a strict screening policy when hiring employees responsible for the security of their companies. In this case, OnePlus could have restricted access to their servers to their employees and should have had strict protocols in place to authorize employees who needed access to the servers with confidential information. This access control protocol could have played a major role in preventing such cyber attacks.

Disney+ cyber attack

When?

November 2019

What happened?

Disney+, a brand new streaming service launched by Disney this November, immediately became the target of hackers when they hijacked thousands of user accounts and attempted to sell the login details on the black market for a cheaper price than the subscription cost of Disney+. The hackers essentially logged into these user accounts, changed their account passwords and logged them out of all their devices thus disabling access to their accounts.

cyber attacks

What could have been done to prevent this?

As opposed to the other cyber attacks in the list, there is actually very little Disney could have done to prevent the attack on their user accounts and hackers hijacking thousands of user’s accounts. This is because the attackers might have followed multiple ways to gain access to user accounts ranging from using brute force methods to guess their passwords to using the leaked passwords found in several leaked databases.

Related: Cyborg Ransomware spreading via fake Windows update

This is possible because most users reuse the same password on multiple services and to avoid being affected by such attacks in the future, the users could use unique and complex passwords for all their services and also change their passwords frequently.