The biggest data breaches and leaks in 2022
More than 4,100 publicly disclosed data breaches occurred in 2022, which equates to roughly 22 billion records exposed. Cybersecurity publication Security Magazine reported that the numbers for 2022 are expected to exceed that figure by as much as five percent.
In this article, we reveal which data breaches and leaks and phishing, malware and cyberattacks ranked in our top ten most read cybersecurity news of 2022.
Read on to hear about data breaches at Revolut, Twitter, Uber and Rockstar, and let us know if you were affected by any of the incidents covered in the comments section below.
10. Revolut data breach exposes information for more than 50,000 customers
The personal information of more than 50,000 users of the fintech startup Revolut was accessed during a data breach that took place on September 11, 2022. The breach involved a third party gaining access to Revolut’s database and the personal information of 50,150 users.
The data accessed included names, home and email addresses and partial payment card information, although Revolut has stated that card details were masked.
The Lithuanian government said Revolut had taken “swift measures to eliminate the attacker’s access to the company’s customer data and stop the incident” once it was discovered.
Find out more about public reaction to the breach in this September post.
9. SHEIN fined $1.9 million for data breach affecting 39 million customers
In October, Zoetop Business Company, the firm that owns fast fashion brands SHEIN and ROMWE, was fined $1.9 million by the state of New York after failing to disclose a data breach that affected 39 million customers.
The cybersecurity incident that occurred in July 2018 allowed a malicious third party to gain unauthorized access to SHEIN’s payment systems. According to a statement issued by the New York State Attorney General’s Office, SHEIN’s payment processor contacted the brand and revealed that it had been “contacted by a major credit card network and a credit card issuing bank, each of which had information indicating that [Zoetop’s] system[s] has been infiltrated and card data stolen”.
The discovery was made after the credit card network found SHEIN customers’ payment details for sale on a hacking forum.
Read more about SHEIN’s mishandling of the breach in this October post.
8. Student loan data breach leaks 2.5 million social security numbers
A data breach of the student loan service Nelnet Servicing led to the confidential information of more than 2.5 million users being leaked in June 2022.
It was concluded by the investigation on August 17, 2022 that due to a vulnerability in the system, student loan account registration information including names, home and email addresses, phone numbers and social security numbers were accessible to an unknown third party from June to July 22, 2022.
Following this discovery, Nelnet Servicing notified the US Department of Education and law enforcement.
Find out more about the response to the data breach in this August post.
7. Twitter confirms that data from 5.4 million accounts was stolen
In July 2022, a hacker going by the alias ‘devil’ posted on the hacking forum BreachForums that they had the data of 5.4 million Twitter accounts for sale.
The stolen data included email addresses and phone numbers from “celebrities, companies, randoms, OGs.” “OGs” refer to Twitter handles that are either short, consisting of one or two letters, or a word that is desirable as a screen name, such as a first name with no misspellings, numbers or punctuation. The hacker ‘devil’ said they would not accept offers “lower than [$30,000]” for the database.
The data breach was the result of a vulnerability on Twitter that was discovered in January 2022.
Learn more about the vulnerability that led to the data breach here.
6. Hacker reportedly hits both Uber and Rockstar
Between 15.–19. September 2022, a hacker is said to have hit both the ride-sharing company Uber and the video game company Rockstar.
On September 15, Uber’s internal servers were breached after a contractor’s device was infected with malware and their credentials were sold on the dark web. The hacker gained access to several other employees’ accounts, which then gave them access to a variety of internal tools. The hacker then posted a message to a company-wide Slack channel and reconfigured Uber’s Open DNS to display a graphic image to employees on some internal websites.
The hack of Rockstar Games, developer of the Grand Theft Auto (GTA) game series, was discovered on September 19, 2022. A user named teapotuberhacker posted on the Grand Theft Auto game series fan page GTAForums: “Here are 90 footage/clips from GTA 6. It’s possible I can leak more data soon, GTA 5 and 6 source code and assets, GTA 6 test build.”
In the post’s comments, the hacker claimed they had “downloaded [the gameplay videos] from Slack” via hacking into channel used to communicate about the game.
Rockstar Games issued a statement via Twitter saying the company had suffered a “network intrusion” that had allowed an unauthorized third party to “illegally access and download confidential information form [its] systems”, including the leaked GTA 6 footage.
Discover who orchestrated the hack and what happened to them in this September post.
5. 9.7 million people’s information stolen in Medibank’s data leak
On October 13, 2022, Australian health and insurance provider Medibank detected some “unusual activity” on its internal systems. The company was then contacted on October 17 by the malicious party, who aimed to “negotiate with [healthcare] company regarding their alleged removal of customer data”. However, Medibank publicly refused to bow to the hacker’s demands.
Medibank revealed the true extent of the hack on November 7, announcing that the malicious actor had gained unauthorized access to and stolen the data of 9.7 million past and present customers. The information included confidential and personally identifying information about medical procedures, including codes related to diagnosis and procedures given.
Following Medibank’s continued refusal to pay the ransom, the hacker released files containing customer data called “good list” and “bad list” on 9 November 2022.
The so-called “naughty list” is said to have included details of those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health problems such as eating disorders.
On November 10, they posted a file labeled “abortions” on a website backed by the Russian ransomware group REvil, which apparently contained information about procedures claimed by policyholders, including miscarriages, terminations and ectopic pregnancies.
Find a full timeline of the Medibank data leak in this November post.
4. Hacker tries to sell data from 500 million WhatsApp users on the dark web
On November 16, 2022, a hacker posted a dataset to BreachForums containing what they claimed to be updated personal information of 487 million WhatsApp users from 84 countries.
In the post, the alleged hacker said that those who purchased the data sets would receive “very recent mobile numbers” of WhatsApp users. According to the bad actor, among the 487 million records are the details of 32 million US users, 11 million UK users and six million German users.
The hacker did not explain how such a large amount of user data had been collected, saying only that they had “used their strategy” to obtain it.
Find out more about the data breach in this November post.
3. Personal and medical data of 11 million people accessed in Optus data breach
Australian telecommunications company Optus suffered a devastating data breach on 22 September 2022 which has seen the details of 11 million customers exposed.
The information accessed includes customers’ names, dates of birth, phone numbers, email and home addresses, driver’s license and/or passport numbers and Medicare ID numbers.
Files containing this confidential information were posted on a hacking forum after Optus refused to pay a ransom demanded by the hacker. Victims of the breach also said they were contacted by the alleged hacker and demanded to pay AU$2,000 (US$1,300) or their data would be sold to other malicious parties.
Find out more about how the Optus data breach happened in this September post.
2. More than 1.2 million credit card numbers leaked on hacking forums
Card marketplaces are dark web sites where users trade stolen credit card details for financial fraud, usually for large sums of money. On October 12, 2022, card marketplace BidenCash released the details of 1.2 million credit cards for free.
A file posted on the website contained the information on credit cards expiring between 2023 and 2026, as well as other details necessary to transact online.
BidenCash had previously leaked the details of thousands of credit cards in June 2022 as a way to promote the site. Since the karting market had been forced to launch new URLs three months later in September after suffering a series of DDoS attacks, some cyber security experts suggested that this new release of details could be another attempt at advertising.
Discover how BidenCash gained access to 1.2 million credit card details in our October coverage.
1. Twitter accused of covering up data breach affecting millions
On November 23, 2022, Los Angeles-based cybersecurity expert Chad Loder tweeted a warning about a data breach on social media site Twitter that had reportedly affected “millions” across the US and EU. Loder claimed the data breach occurred “no earlier than 2021” and “has not been reported before”. Twitter had previously confirmed a data breach affecting millions of user accounts in July 2022, as shown in point seven of this article [link to highlighted text here].
However, Loder stated that this “may not” be the same breach as the one they reported unless the company “lied” about the breach in July. According to Loder, the data from the November breach is “not the same data” seen in the July breach, as it is in a “completely different format” and has “different affected accounts”. Loder said they believed the breach occurred due to malicious actors exploiting the same vulnerability as the hack reported in July.
Find out more about the data breach and those affected in this November post.
To explore more top-read cybersecurity news articles from the Cyber Security Hub, click here to discover the top 10 cybersecurity threats and attacks of 2022.
Which data breach had the biggest impact on you? Let us know in the comments.