Here are the most controversial data breaches of 2018 that affected Indian users
Globally, India saw the second highest number of data breaches, according to report by digital security firm Gemalto. Here are the most controversial incidents that left the data of Indian users vulnerable this year:
Aadhaar
The year started off with a massive breach of Aadhaar data in January that allegedly exposed nearly 1.1 billion citizen records from across India. The hack bypassed the Aadhar security system including the parameter of biometric authentication generating unapproved Aadhaar numbers that gave access to unauthorised users.
The hackers reportedly used a system bug to access login credentials that could fetch the information of citizens by entering the 12-digit Aadhaar number that would give them access to user details such as names, addresses, photos, phone numbers and email addresses.
However, the Unique Identification Authority of India (UIDAI) refuted the allegations about the breach saying that Aadhaar information can not be updated without the citizen’s biometric details.
Quora
Earlier this month, the question-answers platform Quora said that a ‘malicious third party’ may have gained unauthorised access to personal information of over 100 million users.
The leaked information included usernames, e-mail addresses, encrypted passwords, data imported from linked networks, non-public content and actions including answer requests, downvotes, and direct messages of certain users.
The platform, in its official blog post, apologised for the exposed information and notified affected users over e-mail asking them to logout along with invalidating their old passwords.
Google has seen three incidents of data breach this year. In fact, the platform will likely shut down its social networking effort google+ amid revelations of a second data breach.
According to media reports, the search giant has identified a bug that could have shared data of nearly 500,000 Google+ users from 2015 till March 2018. However, the problem was fixed and the breach was allegedly kept under the wraps because of the damage it could inflict on Google’s reputation.
Soon after Google’s second data breach, Facebook also reported that pictures shared by nearly 6.8 million users could have been left exposed overa span of 12 days.
Nearly 50 million records were compromised in the breach including identities, gender, localities associated with the user profiles that occured due to attackers misusing Facebook’s APIs to fetch user information. The breach was company’s largest data breach so far.
Facebook apologised for the leak and floated certain tools for app developers allowing them to identify apps that have been affected by the bug.
The professional networking platform, LinkedIn, was found allegedly flouting data protection norms that exposed nearly 18 million email addresses. The Microsoft-owned company used the exposed emails to get more people to sign up for its service, violating the fundamental understanding of transparency.
The audit that finally exposed the phishing scam, LinkedIn apologised saying that the strict procedures formulated by the company were not followed.
Marriott
(Image Source: cvent)
After Yahoo in 2014, this year’s Marriott Starwood hack was the biggest data breach to make the books. The breach compromised personal information of over 500 million guests that were associated with the chain over the past four years.
The company claimed that an unauthorised user tried to access its ‘guest reservation’ database. The breach disclosed guests’ mailing address, phone number, email address, passport number and also Starwood Preferred Guest (‘SPG’) account information.
The company explained that it had set up a website and a call centre dedicated to queries from guests, who may have compromised their personal information along with mailing them about the same.