More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by as much as five percent.
According to Zirilio, a Cybersecuritiy leader which operates a Security operations centre that assists Australian enterprise and government agencies registered in 2022 unprecedented cyber threat activity. In May and June 2022 Zirilo published threat warnings, in parallel to the announcements from Cyber security authorities across allied nations UK New Zealand and UNited states threat index in Australia was about to reach historic levels. Unfortunately, the expert predictions came true.
“Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system,” the advisory began.
In this article, looking through the “Cyber Threat hourglass” of 2022, we reveal which data breaches and leaks and the phishing, malware and cyber attacks ranked among our top Global most-read cyber security news stories.
Read on to hear about data breaches at Revolut, Medibank Twitter, Optus, Uber and Rockstar, and let us know if you were impacted by any of the incidents covered in the comment section below.
Twitter confirms data from 5.4 million accounts was stolen
In July 2022, a hacker that went by the alias ‘devil’ posted on hacking forum BreachForums that they had the data of 5.4 million Twitter accounts for sale.
The stolen data included email addresses and phone numbers from “celebrities, companies, randoms, OGs”. ‘OGs’ refers to Twitter handles that are either short, comprising of one or two letters, or a word that is desirable as a screen name, for example, a first name with no misspelling, numbers or punctuation. The hacker ’devil’ said they would not be accepting offers “lower than [$30,000]” for the database.
The data breach was the result of a vulnerability on Twitter that was discovered in January 2022.
Learn more about the vulnerability that led to the data breach here.
We have our own Twitter story
Hacker allegedly hits both Uber and Rockstar
Between September 15–19, 2022, a hacker allegedly hit both rideshare company Uber and video game company Rockstar.
On September 15, Uber’s internal servers were accessed following after a contractor’s device was infected with malware and their login details were sold on the dark web. The hacker accessed several other employee accounts, which then gave them access to a number of internal tools. The hacker then posted a message to a company-wide Slack channel and reconfigured Uber’s Open DNS to display a graphic image to employees on some internal sites.
The hack into Rockstar Games, developer of the Grand Theft Auto (GTA) game series, was discovered on September 19, 2022. A user called teapotuberhacker posted on Grand Theft Auto game series fan site GTAForums: “Here are 90 footage/clips from GTA 6. It’s possible I could leak more data soon, GTA 5 and 6 source code and assets, GTA 6 testing build.”
In the post’s comments, the hacker claimed they had “downloaded [the gameplay videos] from Slack” via hacking into channel used for communicating about the game.
Rockstar Games made a statement via Twitter that said the company had suffered a “network intrusion” which had allowed an unauthorized third party to "illegally access and download confidential information form [its] systems”, including the leaked GTA 6 footage.
9.7 million peoples’ information stolen in Medibank data leak
On October 13, 2022, Australian healthcare and insurance provider Medibank detected some “unusual activity” on its internal systems. The company was then contacted on October 17 by the malicious party, who aimed to “negotiate with the [healthcare] company regarding their alleged removal of customer data”. However, Medibank publicly refused to bend to the hacker’s demands.
Medibank revealed the true extent of the hack on November 7, announcing that the malicious actor had gained unauthorized access to and stole the data for 9.7 million past and present customers. The information included confidential and personally identifying information on medical procedures including codes associated with diagnosis and procedures given.
Following Medibank’s continued refusal to pay a ransom, the hacker released files containing customer data called "good-list" and "naughty-list" on November 9, 2022.
The so-called “naughty-list” reportedly included details on those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health issues like eating disorders.
On November 10, they posted a file labelled “abortions” to a site backed by Russian ransomware group REvil, which apparently contained information on procedures that policyholders have claimed on, including miscarriages, terminations and ectopic pregnancies.
Hacker attempts to sell data of 500 million WhatsApp users on dark web
On November 16, 2022, a hacker posted a dataset to BreachForums containing what they claimed to be up-to-date personal information of 487 million WhatsApp users from 84 countries.
In the post, the alleged hacker said those who bought the datasets would receive “very recent mobile numbers” of WhatsApp users. According to the bad actor, among the 487 million records are the details for 32 million US users, 11 million UK users and six million German users.
The hacker did not explain how such a large amount of user data had been collected, saying only that they had “used their strategy” to obtain it.
Learn more about the data breach in this November post.
Personal and medical data for 11 million people accessed in Optus data breach
Australian telecommunication company Optus suffered a devastating data breach on September 22, 2022 that has led to the details of 11 million customers being accessed.
The information accessed included customers’ names, dates of birth, phone numbers, email and home addresses, driver’s license and/or passport numbers and Medicare ID numbers.
Files containing this confidential information were posted on a hacking forum after Optus refused to pay a ransom demanded by the hacker. Victims of the breach also said that they were contacted by the supposed hacker demanding they pay AU$2,000 (US$1,300) or their data would be sold to other malicious parties.
Find out more about how the Optus data breach occurred in this September post.
More than 1.2 million credit card numbers leaked on hacking forum
Carding marketplaces are dark web sites where users trade stolen credit card details for financial fraud, usually involving large sums of money. On October 12, 2022, carding marketplace BidenCash released the details of 1.2 million credit cards for free.
A file posted on the site contained the information on credit cards expiring between 2023 and 2026, in addition to other details needed to make online transactions.
BidenCash had previously leaked the details of thousands of credit cards in June 2022 as a way to promote the site. As the carding marketplace had been forced to launch new URLs three months later in September after suffering a series of DDoS attacks, some cyber security experts suggested this new release of details could be another attempt at advertising.
Discover how BidenCash gained access to 1.2 million credit card details in our October coverage.
Twitter accused of covering up data breach that affects millions
On November 23, 2022, Los Angeles-based cyber security expert Chad Loder tweeted a warning about a data breach at social media site Twitter that had allegedly affected “millions” across the US and EU. Loder claimed the data breach occurred “no earlier than 2021” and “has not been reported before”. Twitter had previously confirmed a data breach that affected millions of user accounts in July 2022, as seen in point seven of this article.
Loder stated, however, that this “cannot” be the same breach as the one they reported on unless the company “lied” about the July breach. According to Loder, the data from the November breach is “not the same data” as that seen in the July breach, as it is in a “completely different format” and has “different affected accounts”.
Loder said they believed that the breach occurred due to malicious actors exploiting the same vulnerability as the hack reported in July.
