This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.

If you have comments on this blog posting, please email me .

The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.

Click here to see the whole Opinion Blog.

To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").

A String Of Major Hacking Attacks.

Posted on 28th November 2022

Show only this post
Show all posts in this thread (Cybersecurity).

There have been a number of significant hacking breaches is the last few weeks.

This article on Security Affairs reports on a data breach (or multiple breaches - the report is a little confusing in this respect) at Twitter that has resulted in the data (including phone numbers and email addresses) of 5.4 million users being made available online.

An even larger breach has been suffered by WhatsApp, with the user data (in this case, phone numbers) of nearly half a billion (487 million, 25% of the total) users accessed, as reported by Business Standard: the data of 32 million users from the US, 11 million from the UK, 45 million from Egypt, 35 million from Italy, 29 million from Saudi Arabia, 20 million from France, 20 million from Turkey, 10 million from Russia (10 mn) and 6 million from India. At the moment this is only a risk, since the data has not yet been made available online, but that is probably only a matter of time. The article also pointed out that "Last year, information about more than 500 million users of Facebook, another Meta-owned company, was offered online for free. In 2019, data of 419 million Facebook and 49 million Instagram users were exposed. In the same year, it had faced another breach leaving data of 267 million users exposed."

Finally (for now), this piece from Bleeping Computer reports on the disclosure by Dropbox (whose software provides file storage and sharing, used by 700 million users) that 130 of their GitHub code repositories. Dropbox said "To date, our investigation has found that the code accessed by this threat actor contained some credentials — primarily, API keys — used by Dropbox developers," which opens up the possibility that Dropbox users' data (which is supposed to be secure) could, in future be accessed by the hackers.

All this goes to show that companies (Twitter, Facebook/Instagram and WhatsApp) are consistently unable to keep the data of their users secure.