Biggest Hacks of 2022 (Part 2)
Continuing on from our previous blog, we are back with our survey of some of the largest and most surprising hacks in 2022. Uber and Rockstar Games fell victim to relatively simple cyber attacks. Social engineering has a remarkable ability to breach even the most secure security measures. Luckily, the Uber and Rockstar Games hacks were more flashy than they were costly. This week, we’re covering a pair of hacks with much more financial or potentially disastrous effects.
Crypto.com 30 Million Dollar Hack
Cypto.com was enjoying the limelight for a few years. The crypto boom gave it a platform and revenue stream like never before seen. In a few short years, Crypto.com became one of, if not the largest crypto exchange platform in the world. Its future was so bright, in fact, that Crypto.com purchased the naming rights to the LA stadium formerly known as Staples Center. After the season of boons, however, 2022 marked the beginning of a downfall.
In January of 2022, Crypto.com was hit by a massive breach that cost it about $30 million when everything was all said and done. On January 14th Crypto.com noticed that hackers were initiating transactions on its platform without triggering the two-factor authentication that normally comes along with said transactions. A few days passed while Crypto.com tried to stop the bleeding, eventually, they were forced to suspend all withdrawals from the site, revoke all of their two-factor tokens, and logged every single customer out of their accounts. By the time Cypto.com implemented these security measures and sent word out to news outlets, about $30 million in ill-gotten gains had been siphoned from Crypto.com users.
After this hack, Crypto.com implemented mandatory two-factor authentication policies on the customer-facing side and backend alike. Crypto.com also began a “Worldwide Account Protection Program (WAPP).” This was put in place to protect users in case attacks like this happened again. It’s a sort of internal FDIC, ensuring a refund of up to $250,000 for “qualified users.” This protection program is far from perfect, but hopefully, it protects its vulnerable users in the future should a massive hack like this occur in the future.
A Neopets Hack?
The online fantasy pet simulator, Neopets was the subject of a massive data leak in July of 2022. Users of the site tend to be on the younger side, but their data is just as valuable in large numbers as any adult’s data. This fact was confirmed by the hacker that seized a Neopets database containing the user data of approximately 69 million Neopets users both fresh and dated.
According to Polygon and an official statement on Twitter, ” Neopets became aware that customer data may have been stolen,” and “… immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data. Interestingly, a community website, JellyNeo was the first to report on the breach, it seems that community members noticed the breach before Neopets themselves, and an anonymous source tipped JellyNeo off. In this hack, Neopets’ source code and the entirety of their user database had been accessed. The hackers were holding the data ransom to the tune of 4 Bitcoin (~$94,500 USD at the time).
The hack, on its face, seems a bit silly, but data is data. If any of these 60 million users share login information across platforms, then the reach of the security breach is much larger than it initially seems.
Keep Hackers Out
These massive breaches have been made or broken by the protections that businesses have put in place should their first lines of defense fall. Encryption and decentralized server structures are often the only things preventing an unfortunate breach from blossoming into a full-fledged disaster.
Protect Your Business
AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.
AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.
Citations
“Security Update | Uber Newsroom”. 2022. Uber Newsroom. https://www.uber.com/newsroom/security-update/
“Grand Theft Auto 6 Leak: Who Hacked Rockstar And What Was Stolen?”. 2022. The Guardian. https://www.theguardian.com/games/2022/sep/19/grand-theft-auto-6-leak-who-hacked-rockstar-and-what-was-stolen
Fung, Brian. 2022. “Uber Says Hacker Group Lapsus$ Behind Cybersecurity Incident | CNN Business”. CNN. https://www.cnn.com/2022/09/19/tech/uber-lapsus-cybersecurity-incident/index.html
Newman, Lily Hay. “Crypto.com Finally Admits It Lost $30 Million in a Hack.” Wired. Conde Nast, January 22, 2022. https://www.wired.com/story/crypto-hack-nso-group-security-news/.