Data Breach

Putting all your personal information on Internet has a lots of advantages. But have you ever thought, what will happen if the website where you give your information doesn’t handle it properly. This may lead to the breach of your information which we generally refers to a data breach. So, in this article we will learn many things about data breach. We are going to cover the following topics –

  • What is data breach?
  • Why data breach occurs?
  • Causes of data breach
  • Methods by which data breach occurs
  • Impact of data breach
  • How to protect from data breach?

First of all let us understand what is data breach?

What is Data Breach?

Hacker wiping data from a computer
Image Src: omahait.com

Wikipedia, defines data breach as, an intentional or unintentional release of secure or private/confidential information to an untrusted environment. Untrusted environment can be a black hat hacker or someone other whom, the organization does not authorize to access its users’ data. Alternatively, we can say that, a data breach is a security compromise in which confidential sensitive data is stolen, or leaked by mistake from a database, to an unauthorized person. These illegal activities are generally performed by black hat hackers.

Let us understand what data breach means by an Example.

Suppose you have a website and many number of users are registered to your website. There is an SQL injection vulnerability in your website (we will cover in later section). If a black hat hacker, finds this vulnerability he will use a hacking software called Sqlmap to extract your registered users information from your database. Moreover, store that data on his local computer. He may sell your users data on dark web or some other illegal platform for money. If this incident happens, we say that there is a data breach occurred in your website.

Information Leaks in Data Breach

Hacker Stealing money from a computer
Image Src: depositphotos.com

Data breach may leaks many types of information from a company’s database. Sometimes these informations are so important and confidential that the companies have to pay money to the hackers to delete the data from their hard disk. See this report of uber’s data breach. Even, there have been many cases found that a massive data breach had lead many big companies to shut down, see this report. These breaches can compromise various information like:

User Info

Username, Password, Email address, Credit card info, Phone no, Address, etc.

Business Info

Business logic, trade secrets, Other Confidential data, Internal Web Server info, Wifi password, etc.

Causes of data breach

Image showing causes of data loss during data breach
Image-src: comseclobal.com

There are various causes or vectors, which leads to data breach. The most common vectors in which data breaches occur are –

1. Security Misconfiguration

When the security of a website is not configured in an appropriate way we say, the website is misconfigured and thus has low security. Hacker can bypass (defeat) low security easily and they can find some ways to enter into the web server using security misconfiguration. Once they will be inside the web server they can steal websites data and users data from the database. Security misconfiguration is probably the largest vector of data breach . Some of the security misconfiguration, which may leads to data breach, are:

  • Opening unnecessary ports on web server
  • Giving unnecessary privileges to normal users then required
  • Installing out of date softwares and not updating them

2. SQL Injection

It is a type of web application vulnerability, in which an attacker can execute SQL query on database from frontend. This vulnerability arises when web application accepts untrusted inputs. If some SQL query is given in input field of the website then it gets executed in backend and show its output on the screen which, it is not supposed to do. In this way, this vulnerability may leak users’ information and leads to data breach.

3. Malware 

Malware is a software or simply a program, which is intensely developed to harm your computer. Various activities, which a malware performs, includes:

  • Unnecessarily making copies of your system files and filling your hard disk space – Worms
  • Launching unnecessary pop ups on your screen to distract you – Adware
  • Sending your personal information to the attacker – Trojan
  • Recording your key stokes and web browser history – KeyLogger
  • Showing unwanted ads on your browsers  – Adware

Malwares generally come through email attachments, through pen drive exchange and get downloaded from internet without your knowledge. If the organization does not implement up to date firewall and IDS in their network then they may be a victim of data breach.

4. Fuzzing

Fuzzing is a technique in which a hacker enters unwanted, unexpected characters into input field of the website. He generally do this activity to bypass web application defenses. If the web application does not have strong defense then it may reveal some confidential information of the website.

5. Ransomware with Malware

Long ago, when a hacker first developed ransomware, the goal behind it, was to encrypt users files on their local computers and demand some ransom (money) in form of cryptocurrency (like bitcoin or ethereum) to decrypt them. But, now a days many illegal hackers have combined the ransomware with other malwares. Now, this will not only encrypt files of the victim but also send sensitive files to the hacker remotely who is controlling the ransomware. 

6. Social Engineering via Phishing

Phishing is a type of social engineering attack in which a hacker makes an identical looking website as legitimate website (or clone of the original site) and send the URL of this fake website to the victim. If the victim is not aware of domain of the original site then he may think it is the original site and will provide his personal information to the website owner on his demand. Victim can also be forced to download files from this website. He will download it because he will think it is the original site. Upon clicking the file, he may get infected with ransomware or some other malware which attacker has attached to the file as an attachment. This is the way, by which he can be hacked and may lose his private data.

7. Dbase Access via brute forcing

Brute forcing is a technique in which an attacker tries every possible login credentials from a custom list of Username and Passwords. If there is no two factor authentication or other web app defences applied on the login page of database then, attacker can get login credential of a user by brute forcing. He can use that credential to login into the database. No sooner did he logged in into the database, he is the owner of the database and can do anything whatever he wants. Database brute forcing is possible when the organization is using separate database server and has allowed remote login.

Methods of Data Breach

There are various methods, by which a data breach in an organization can takes place. Some of the most common methods are: –

Methods of data breach
Image src: thoughtspot.com

1. Hacked

When data breach occurs by exploiting vulnerability in a software then this method is hacked. In this, an attacker firstly scan the database server and find vulnerable application in it. Soon he get any out of date application he fires exploit on this server to compromise the machine. If the exploitation is successful he will be into remote server the next moment and can easily steal data from there.

2. Poor Security

When data breach occurs due to security misconfiguration then we say it is due to poor security of the web application or organization. This generally takes place with the company which does not implement proper security policy for storing their users data.

3. Lost / Stolen Media

Sometimes a storage media having sensitive information of the users get lost or stolen by some illegal person then the breach is said to occurred due to lost/stolen media. It occurs due to carelessness of the employee.

4. Accidentally Published

Data breach due to this method occurs due to carelessness of the company employee. If the employee is not handling the data properly on the web server then this may get published accidently.

5. Inside Job

This is probably the second largest vector for data breach where a company employee, sell their users data to Opponent Company and sometimes to wrong hand who may misuse users’ data. The employee performs these activities only if he is not happy with his job or salary.

Top 3 Data breaches so far

Top 10 data breaches showing in graph
Image Src: bbc.com

Top three data breaches based on the number of compromised accounts are as follows:

1. In 2013, 3 billion accounts of Yahoo were hacked and the data was set to sell on dark net. The compromised information includes names, telephone numbers, email addresses, encrypted or unencrypted security questions and answers, hashed password and dates of birth

2. In 2020, 3 billion accounts of Clearview AI were hacked. The hacked information includes all it’s customer names, the number of account they have and the number of searches they made.  

3. In 2019, First American Corporation [a US based Financial Service Company] faced a data breach in which 885 million accounts were leaked due to poor security implementation. The leaked information includes bank statements along with their account number, wire transaction receipts, Social Security Numbers, tax and mortgage records and driving license image without authentication.

You can get a list of popular data breaches from Wikipedia.

Impact of Data breach

Impacted field during breach
Image src: blog.v-comply.com

Loss in Reputation of the company

If your company have just faced a data breach then it will have bad impact on your users as well as your employees. As they may have to face bad saying from outsiders. In addition, people will think a lot about your data privacy security before they do sign into your company’s website by giving their personal information, which they would not have thought before the breach.

Financial Loss

Company may face a big financial problem. Because it may have to pay huge fine to the government for not implementing proper security policy to protect its users data. It may also have to pay some amounts to its users whose data has been compromised, specially in Banking Services.

Employee Feel Insecurity

Company’s employees may feel insecure in the company and they may resign from the company.

Business Logic Disclosure

Data breach may leads to business logic disclosure. If this happens then trade secret of the company get public and some other company tries to implement the same logic. Therefore, in that case it is very difficult for the breached company to revive again.

Leads to password brute forcing

When leaked database is made public then other hackers try to validate the compromised credentials. For this, they perform brute force attack using the credentials stored in the database. This will unnecessarily leads to DDOS attack, consuming unnecessary bandwidth of website. If it is small business operating online then it may have to shut down for some days.

Cause of closing company

Some time data breach is so massive that companies have to shut down for some days until condition becomes normal. This generally happens with those companies which provide online services only.  

How to protect from Data Breach?

Security image
Image Src: airlines.iata.org

Although there is no full, proof method to protect data breach but you can use given steps to minimize or mitigate the impacts of data breach.

1. Do not open file, which comes through email as attachments because it may contain a Trojan.

2. Don’t give your personal information on the website you do not trust.

3. Before submitting your personal information over a non-HTTPS legitimate site use VPN to connect to the website. So that attacker can’t read your data.

4. Always, use an updated legitimate antivirus software in your PC and scan every file before copying them to your PC.

5. Don’t download any software from illegal sites or the sites you don’t trust.

6. If you are a company owner, implement strong data protection policy in your company.

7. You can use an Intrusion Detection System to identify any anomalous network activity that may indicate that a breach has occurred.

8.  Train your employee to defend social engineering attacks because many data breaches occurs due to phishing attacks.

9. At last but not the least make your employee happy by investing on them so they will not think bad about the company.

Thanks for reading this article. Hope you guys have learnt clear concept behind data breach. Feel free to share your experience in the comment section. For any suggestion and question related to this article feel free to write us at [email protected].                                                                       

                                                                                                   

                                                                                                                                           

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Deepak Kumar Maurya

Hi everyone, I am Deepak Kumar Maurya, creator of Ethicalhacs.com. I am InfoSec Consultant in day and Bug Bounty Hunter & CTF player at night. Sometimes write walkthrough and other cyber security articles here. You can connect me at https://www.linkedin.com/in/deepakdkm/