Top 10 Big Companies That Got Hacked In 2012

By 2 Comments

Hackers are always on prowl, throughout the year. They are always looking for targets to attack for fun, for entertainment, for practice, for money. But if you think they find easy targets in small companies or websites while the big hotshots are safer with the fortune they spent on security, you are wrong. We have rounded up 10 big brands that got humiliated in different hacking events in the year 2012.

1. Go Daddy

Go Daddy logoGoDaddy is one of the biggest hosting providers on the internet, housing the content for millions of websites. GoDaddy, the internet’s largest domain registrar, was hacked by a member of the Anonymous hacking group in September 2012.

Millions of websites hosted by GoDaddy (including godaddy.com and godaddy hosted emails) Technically, three of GoDaddy’s DNS (Domain Name System) servers failed to resolve as a result of the hack.

2. DropBox Storage Accounts

Dropbox Storage Accounts device was been hacked in August 2012. After a two-week investigation, the online file storage service confirms that usernames and passwords were stolen from third party Web sites and then used to access Dropbox accounts. Spammers used stolen password to access list of Dropbox user e-mails. Dropbox hired some “outside experts” to investigate why a bunch of users were getting spam at e-mail addresses used only for Dropbox storage accounts. The results of the investigation are in, and it turns out a Dropbox employee’s account was hacked, allowing access to user e-mail addresses.

Dropbox has also set up a new page letting users view all the active logins to their accounts, and said it is planning “new automated mechanisms to help identify suspicious activity.” At any rate, users may want to think about examining more secure alternatives, encrypting their files, or simply not storing ultra-sensitive information in Dropbox. You may recall that one year ago, a Dropbox screwup left all user accounts unsecured and accessible with any password for four hours.

3. Nissan- Employee Credentials Stolen

Nissan Motor Company has announced that its network was being hacked in April 2012, and the attackers are believed to have been after intellectual property for the company’s electric vehicle drivetrain system. Nissan disclosed in a statement from Executive Vice President Andy Palmer that it discovered the breach on Apr. 13 and found malware that had been placed on the network that would have allowed the intruders to steal employee user account credentials.

4. Yahoo Accounts

Yahoo LogoThe hacker group D33ds Company claimed responsibility for attacking a Yahoo service via a union-based SQL injection and exposing 453,492 plain text login credentials in July 2012. Last we heard, Yahoo was investigating the claims of accounts being compromised. To be on the safe side, the Web giant urged its users to change their passwords on a regular basis. Now, Yahoo has confirmed the breach.

Yahoo tells us that the data came from an older file from the Yahoo! Contributor Network (which it picked up via its Associated Content acquisition). But it also noted that less than five percent of the emails had valid passwords, and that it is now working to fix the vulnerability that led to the disclosure.

5. South Carolina Credit Reporting

South Carolina Credit Reporting was being attacked by the hackers in November 2012. The theft of tax information from a South Carolina computer system appears to have been the largest cyber attack ever on a state government and has put other states on high alert, computer security, experts say.

The state announced late last month that an international hacker had stolen 3.6 million Social Security numbers and 387,000 credit and debit card numbers. Now tax departments across the country are inspecting their own security systems.

6. Walmart Hacked By Social Engineer

A Wal-Mart store manager in a small military town in Canada got an urgent phone call from “Gary Darnell” in the home office in Bentonville, Ark. Darnell told the manager Wal-Mart had a multi-million-dollar opportunity to win a major government contract, and that he was assigned to visit the handful of Wal-Mart stores picked as likely pilot spots. First, he needed to get a complete picture of the store’s operations. He hacked the Walmart’s sensitive account details, credit card information and credentials in August 2012.

Causing company’s social engineering. Advances in data network security, as well as the ability to gather intelligence on a target via the Internet (Google, Facebook, on and on), spoofing caller ID (which they didn’t even do in the contest), make social engineering a very efficient hacking technique.

7. Master Card & Visa

Hackers in US targeted Mastercard, Visa users in April 2012.It is believed the cyber criminals stole the information of millions of customers over several months from a US payment processor. MasterCard and Visa said they have notified banks about the security breach. Discover said it is monitoring accounts for suspicious activity and will reissue cards “as appropriate.” Visa said it provided banks with affected customers’ account numbers and emphasized that customers are not responsible for fraudulent purchases.

8. Blizzard’s Entertainment 

In September 2012, a security update at Blizzard’s website unveiled the news that the company’s security team discovered “unauthorized and illegal access” into their internal network. Data accessed includes “a list of email addresses for global Battle.net users, outside of China.” Chinese servers and accounts are handled by a third party. Also stolen were answers to personal security questions. Hackers accessed “information relating to Mobile and Dial-In Authenticators” Topping off the list, scrambled passwords were stolen as well.

9. Reuters Blogging Website

In August 2012, the blogging platform of the Reuters News website was hacked and a false posting saying Saudi Arabia’s Foreign Minister Prince Saud al-Faisal had died was illegally posted on a Reuters journalist’s blog, the company said on Wednesday.

The company suspended the @ReutersTech Twitter account after it appeared to have been seized, renamed and used to send false tweets apparently designed to undermine the Syrian rebels. Both incidents remain under investigation.

10. Saudi Aramco

Saudi-AramcoIn a statement, Saudi Arabia’s national oil firm said that its main internal network services were hit by a malware outbreak that struck on 15 August 2012. The firm said its core business of oil production and exploration was not affected by the attack, which resulted in a decision to suspend Saudi Aramco’s website for a period of a few days, presumably as a precaution. Corporate remote access services were also suspended as a result of the attack.

Saudi Aramco has restored all its main internal network services that were impacted on August 15, 2012, by a malicious virus that originated from external sources and affected about 30,000 workstations. The infected machines claim was made days before Saudi Aramco confirmed the same number of machines had been hit, lending credibility to the hacker group’s claims.