Complex Made Simple

Recent hack attacks, and 2020 stats for exposed data and paid ransomware

Whether by selling data to the highest bidder or extorting companies to prevent that from happening, millions are exposed and billions are made. The latest here

Records of 2.28 million dating site users were exposed A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin A data breach broker is selling the combined total of 368.8 million stolen user records for 26 companies

From dating sites to cryptos and healthcare, hackers have one thing in mind: make money.

Whether by selling data to the highest bidder or extorting companies to prevent that from happening, millions are exposed and billions are made.

Here’s a look at the latest attacks and later we reveal 2020’s most important hack stats. So read on.

Dating site hack

Data belonging to dating site MeetMindful and includes everything from real names to Facebook account tokens, and from email addresses and geolocation information was hacked and records of 2.28 million dating site users were exposed.

A well-known hacker has leaked the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher.

The leaked data, a 1.2 GB file, appears to be a dump of the site’s users database.

The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps.

While not all leaked accounts have full details included, for many MeetMindful users, the provided data can be used to trace their dating profiles back to their real-world identities.

The site’s data was released by a threat actor who goes online as ShinyHunters, who earlier this week also leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel.

Over the past few years, many cybercrime groups have engaged in a practice called sextortion, where they take data leaked from dating sites and contact site users, threatening to expose their dating profiles and history to family or work colleagues unless they’re paid a ransom demand.

Read: Remote work cyber protection lacking: GCC region under attack

Read: The very latest ways your phone can be hacked: Seriously?

Cryptocurrency hack

A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free.

ShinyHunters posted the link to an archive that contains the alleged database dumps for the Buyucoin cryptocurrency exchange.

In the past, ShinyHunters also released the stolen databases for numerous other sites, including Tokopedia, Homechef, Dave, Promo, Mathway, and Wattpad.

The user records table contains the information for 161,487 members. It includes email addresses, country, bcrypt hashed passwords, mobile numbers, and Google sign-in tokens if used when registering an account at the site.

Data breach broker selling records

A data breach broker is selling the combined total of 368.8 million stolen user records for twenty-six companies on a hacker forum. 

In a conversation with the data broker, BleepingComputer was told that Teespring is being sold for $3,800-$4,000, MyON for $2,800, and Chqbook for $1,800. The broker has not decided on pricing for the other databases.

Ransomware and health data hacks

Almost half of all data breaches in hospitals and the wider healthcare sector are a result of ransomware attacks according to new research.

Ransomware is now responsible for 46% of healthcare data breaches, according to an analysis by cybersecurity researchers at Tenable. More than 35% of all breaches are linked to ransomware attacks, resulting in an often tremendous financial cost.

Ransomware gangs are increasingly adding an extra layer of extortion to attacks by not only encrypting networks and demanding hundreds of thousands or even millions of dollars in bitcoin to restore them but also stealing sensitive information and threatening to publish it if the ransom isn’t paid. 

For healthcare, the prospect of data being leaked on the internet is particularly disturbing as it can involve sensitive private medical data alongside other forms of identifiable personal information of patients.

Despite installing security patches to stop hackers from exploiting them by the beginning of 2020, a large number of organizations have yet to apply the update.

2020 hacks in numbers

Risk-Based Security released their 2020 year-end data breach report, and despite an overall decline in breach events (security incidents), the number of breached records grew dramatically.

Other trends included a doubling of ransomware attacks from 2019 to 2020, and data breach severity rising.

Here are some of the highlights from the report:

“There were 3,932 publicly reported breach events or a 48% decline compared to 2019.  

The total number of records compromised in 2020 exceeded 37 billion, a 141% increase compared to 2019 and by far the most records exposed in a single year.

There were 676 breaches that included ransomware as an element of the attack, a 100% increase compared to 2019.

Five breaches each exposed one billion or more records and another 18 breaches exposed between 100 million and 1 billion records.

Healthcare was the most victimized sector this year, accounting for 12.3% of reported breaches.”

A deeper dive into ransomware

Another report from Atlas VPN found that ransomware made up 81% of all financially motivated cyberattacks in 2020. The average cost of a breach caused by ransomware in 2020 was $4.44 million.

“In total, 63% of cyberattacks last year were financially motivated. Out of the 63% of the financially motivated assaults, 81% were ransomware attacks, ” said the report.

One of the most significant ransomware attacks in 2020 was the Garmin breach; the company reportedly lost $10 million to its hackers. Up next is CWT Global, which paid $4.5 million to cybercriminals. The third spot is occupied by Travelex, which experienced damages of $2.3 million due to a ransomware attack.

Varonis hacking statistics worth noting

A new report from Varonis showed: 

The average cost of a data breach is $3.86 million as of 2020. (IBM)

The average time to identify a breach in 2020 was 207 days. (IBM)

The average life cycle of a breach was 280 days from identification to containment. (IBM)

Personal data was involved in 58% of breaches in 2020. (Verizon)