Major Causes of Data Breaches in 2022
Social Engineering
Mailchimp says an internal tool was used to breach hundreds of accounts
In a statement given to TechCrunch, Mailchimp CISO Siobhan Smyth said the company became aware of the intrusion on March 26 after it identified a malicious actor accessing a tool used by the company’s customer support and account administration teams. Access was gained following a successful social engineering attack, a type of attack that exploits human error and uses manipulation techniques to gain private information, access or valuables.
Twilio hacked by phishing campaign targeting internet companies
The attack used SMS phishing messages that purported to come from Twilio’s IT department, suggesting that the employees’ password had expired or that their schedule had changed, and advised the target to log in using a spoofed web address that the attacker controls.
API Scraping
Twitter belatedly confirms data breach which exposed contact details for 5.4M accounts
HackerOne covered the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle.
Configuration Error
Patreon Hacked, Gigabytes Of Data And Code Leaked
The data seems to have come from a debug version of the site that was visible to the Internet. The debug version included a “snapshot” of the production database.
Shanghai data breach exposes suppression of ‘white-hat’ security research in China
When the programmer was using the ElasticSearch server to build a big data search system for the Shanghai Public Security Bureau, he backed up the data to Alibaba Cloud, but turned it into a data visualization website in error, making all the information downloadable or viewable through Kibana.
Third Party
Okta confirms January breach after hackers publish screenshots of its internal network
In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor.
DoorDash hit by data breach linked to Twilio hackers
DoorDash said malicious hackers stole credentials from employees of a third-party vendor that were then used to gain access to some of DoorDash’s internal tools.
Software Vulnerability
Rackspace says hackers accessed customer data during ransomware attack
According to the incident report update, Play threat actors gained access to Rackspace’s networks by exploiting CVE-2022–41080, a zero-day flaw patched by Microsoft in November that has been linked to previous ransomware incidents.