As we start a new year, let's take a moment and look back at some of the largest breaches that hit cyberspace in 2013.
The general news media does a fair job at reporting large information security breaches. But not everything makes the front page of the broadsheet. 2013 was a bumper crop of breaches, covering virtually every business sector and industry, and literally tens of millions of people had their personal information compromised.
Snapchat: Poor Snapchat. The immensely popular photo and video sharing app for iOS and Android ended up with a lot of egg on their faces when researchers uncovered some flaws in their code that could allow someone to programmatically vacuum up millions of their users' usernames and phone numbers. Snapchat initially ignored these concerns, and then stated that the vulnerability was just theoretical. On Christmas Eve the researchers released some of their findings, and right away a hacker or group of hackers showed that theoretical can become practical at the drop of a hat. The group behind SnapchatDB.com (now taken down) were able to slurp up over 4.6 million usernames and phone numbers.
Target: In December general-goods retailer Target revealed that someone gained access to their payment card systems and were able to abscond with over 40 million of their customers' credit card and debit card numbers. Since the breach, these credit and debit cards have shown up in the cyber underground for sale for substantial amounts of money, with some higher-limit cards selling for over 100 USD per card.
Ubisoft: The video game developer found itself the victim of a breach leading to the data theft of 58 million accounts - including usernames, email addresses and encrypted passwords.
Evernote: the popular note-taking app took an unprecedented precautionary step and forced 50 million of their users to change their passwords after it was determined by their security team that an attacker (or attackers) made a very coordinated attempt to access secure areas of its service.
Adobe: In October software giant Adobe Systems announced it had been the victim of an attack leading to the breach of almost 3 million customer records. It is later revealed that the loss is much larger: tens of millions usernames, encrypted passwords and unencrypted password hints were breached, as was some of their source code for both popular server software ColdFusion and Adobe's ubiquitous Acrobat PDF software. What was even worse is that Adobe improperly encrypted passwords, leading to this gem of a comic on popular webcomic XKCD.
Vodaphone: In September the German arm of telecom provider Vodaphone found itself the victim of a breach of 2 million customer records, including customer names, addresses, birth dates and bank account numbers. Vodaphone claimed the breach was due to a malicious insider and not due to an external attack.
We'll see how 2014 develops, but it's likely we'll continue to see breaches on a massive scale.