Biggest data breaches of 2019 that took India by storm

Data is becoming so valuable that crooks consider it an easy route to make a quick buck. But interestingly, not every data breach is a result of hackers. In most cases it is because of ‘loopholes’ and unprotected servers that bad actors get access to it without even having to break in.

Here are some of the biggest data breaches of 2019 that affected users in India -

1. SBI leaves its server unprotected - SBI left one of its servers, situated in Mumbai, unprotected and it exposed the data of its 422 million customers. The server contained partial bank account numbers, bank balances and phones of individuals using the bank’s SBI Quick service.

2. Bank database sale on the darknet - More than 1.3 million credit and debit card details from Indian banks were on sale in October on the darknet. Group-IB, a Singapore-based cybersecurity company, found that the information was being sold for $100 apiece.

3. Records of 6.8 million users hacked from a healthcare website – According to US cybersecurity firm, FireEye, a Chinese hacker group by the name of ‘fallensky519’ stole the data of 6.8 million users from an Indian healthcare website in February. FireEye though did not disclose the name but was quick to point it out that hackers from China were responsible for it.

4. Information of 100 mn Justdial users on unprotected server - A security researcher, Rajshekhar Rajaharia alerted Justdial in April of a potential leak. Interestingly, the leak didn’t just affect people using the app or website, but anyone who had called the helpline between 2015 to 2019.

5. Dating apps reveal location threatening individual safety - Dating app Grindr came under the scanner for revealing the location of its users. Grindr, along with three other dating apps - Romeo, Reco and 3fun - were found to be giving the precise location of its users, according to an investigation.

6. Facebook stores passwords of 600 mn users - An investigation by KrebsonSecurity found that Facebook user passwords were available in plain sight to the firm’s thousands of employees. Passwords dating back to 2012 were unencrypted and being stored as plain text on Facebook’s servers.

7. FB, Twitter users’ personal data leaked by malicious apps - Facebook and Twitter were in the news again for undermining data privacy in November. According to India’s cybersecurity watchdog, CERT-In, user data was being stolen by malicious third party apps using One Audience and Mobiburn software development kits (SDKs).

8. Kudankulam nuclear power plant (KKNPP) & ISRO hacked - India’s biggest nuclear power plant and the county’s apex space agency were hacked in September. Malware was installed on computers at the Kudankulam Nuclear Power Plant (KKNPP) and the Indian Space Research Organisation - and all it took was one click on the wrong type of link.