cybercrime - Cybersecurity - cybersecurity insider threats - hacking

Why Cybersecurity Matters – The 7 Worst Hacks of 2022

A devastating security breach isn’t hard to find these days. Cybercrime is estimated to cost the global economy $10.5 trillion annually by 2025, an increase from $3 trillion in 2015. The global Covid-19 pandemic, political instability in Ukraine, and the global economic downturn are among the factors contributing to cybercrime, Forbes reports.

Due to the constant emergence of new threats, cybersecurity is a growing market. If you’re considering a career in cybersecurity, there are plenty of opportunities right now, or in the future.

Here are the seven biggest breaches in 2022, their impact, and what they mean for those considering careers in cybersecurity.

No.1 Uber

Employees at Uber were surprised on September 15, 2022, when they found an unauthorized user posting in their company’s Slack channel. Although the suspected hacker was arrested, the damage had been done. The hacker had left an explicit image within Uber’s internal systems and exposed how they had hacked the company using social engineering.

In another Uber data breach in December 2022, about 77,000 employees’ information was stolen. The breach resulted in the theft of a variety of internal company information as well as other internal corporate data.

The security investigation concluded that the organization’s system was hacked, with attackers gaining access to the critical infrastructure. Hackers also breached Uber’s systems in 2016, gaining access to 57 million users’ names, email addresses, and phone numbers.

No.2 Medibank

On October 13, 2022, Australian healthcare and insurance provider Medibank detected some “unusual activity” on its internal systems. In October, the malicious party contacted Medibank, attempting to “negotiate with the company regarding its alleged removal of customer data“. However, Medibank refused to comply with the hacker’s demands publicly.

The malicious hacker gained unauthorized access to and stole 9.7 million customer data from Medibank on November 7, revealing the full extent of the security hack. Information on medical procedures and codes associated with diagnosis and procedures given included confidential and personally identifying information.

On November 9, 2022, the hacker released files containing customer data titled “good-list” and “naughty-list” after Medibank refused to pay a ransom. 5.1 million Medibank customers and 1.8 million international customers are included in the breach of 9.7 million current and former customers.

No.3 Crypto Theft

Nearly 500 people’s cryptocurrency wallets were targeted in this attack on January 17, 2022, in which hackers stole a total of $18 million in Bitcoins and $15 million in Ethereum, as well as other cryptocurrencies. This was primarily possible thanks to the hackers’ ability to bypass two-factor authentication and access users’ wallets.

A company must be aware of the risks associated with cryptocurrency theft. The best way to protect against this type of fraud is to encrypt all sensitive data. As a result of the security hack, the exchange has migrated its two-factor authentication system to a new architecture, and revoked all existing 2FA tokens, which means that all customers will have to switch over to the new system.

No.4 WhatsApp

In November 2022, a hacker posted a dataset to BreachForums containing what they claimed was personal information of 487 million WhatsApp users.

According to the alleged hacker, those who bought the datasets would receive “very recent mobile numbers” of WhatsApp users, including information on 32 million US, 11 million UK, and 6 million German users. It was unclear how such a large amount of user data had been collected; the hacker only said that they had “used their strategy.”

No.5 Twitter

Over 200 million Twitter users’ names and email addresses were published on a notable hacker forum in January 2023. This data did not appear to include passwords or other highly sensitive information. This security hack follows a string of similar leaks, all obtained through a vulnerability identified in late 2021 involving the same API.

The data was scraped by exploiting an API vulnerability that existed between June 2021 and January 2022. This vulnerability was exploited repeatedly by multiple hackers, resulting in multiple ransomware attempts and leaks. In late December 2022, a hacker known as Ryushi attempted to ransom the data for $200,000.

The number of compromised accounts has been estimated at 400 million in some reports, but after removing duplicates, the final number appears to be around 210 million.

No.6 Microsoft Data Breach

On March 20th, 2022, Microsoft was targeted by a hacking group called Lapsus$. The hacking group posted a screenshot on Telegram indicating they had hacked Microsoft, and in the process, compromised Cortana, Bing, and several other products. After retrieving some Microsoft material, the hackers announced by March 22nd that Microsoft had stopped the hacking attempt and that only one account had been compromised.

In addition, Microsoft said that no customer data had been stolen. In this case, Microsoft benefited from the publicity it received for its effective security response. The Lapsus$ group had targeted Nvidia, Samsung and plenty of other companies previously, so Microsoft’s security team was well prepared.

No.7 Cash App Data Breach

In April 2022, Cash App was victim to a malicious cyberattack by a former employee. After being terminated from Cash App, a former employee accessed customer financial reports as revenge against the company. The individual successfully accessed customer names, stock trading info, account numbers and portfolio values plus a range of other sensitive financial data.

In order to keep their customers informed and protected, they contacted over eight million users to notify them of the breach. Fortunately no one’s credentials were stolen and only a finite amount of identifiable information was taken.

Get Started with Your Cybersecurity Career

At every level, cybersecurity professionals have the opportunity to play a critical role in protecting organizations, governments and individuals from cyber threats. Cybersecurity offers plenty of opportunities today and tomorrow for those considering a career in the field.  

Udacity’s Intro to Cybersecurity Nanodegree program can help you gain the essential skills needed for a career in this high-demand field.

Monique Roberts
Monique Roberts
Monique enjoys traveling, photography, and connecting with Udacity students around the world in addition to writing about digital transformation, career upskilling, and innovative technologies.