Recent Data Breach: "1.2 billion people exposed"

[mk4]

Tweet URLs:

• https://twitter.com/vinnytroia/status/1196850363871170562
• https://twitter.com/MayhemDayOne/status/1196867644508557313

I know we should wait for actual facts to be released and not automatically be sold on "announcement of announcements"; and while this is most likely probably not directly related to bitcoin/cryptocurrencies at all, I'm just sharing this just to put things in perspective.

If a certain website/service that has this much users(more or less 1.2 billion based on the Tweet) are susceptible to hacks, what more the exchanges that you're unnecessarily leaving your coins in?(daytraders are an exception).

And I don't care if you're using big exchanges like Coinbase or Kraken or Binance or whatever. If anything, they're actually bigger targets for hackers.

"Not your keys, not your bitcoin."


For speculative purposes(services with number of users closest to 1.2 billion based on quick Google searches):

Facebook: 2.4 billion users (source)
Apple: approx 1.4 billion users (source)
Gmail: 1.2 billion users in 2018 (source)
YouTube: 2 billion monthly active users (source)
WhatsApp: 1.5 billion active users (source)
Microsoft Office 365: 1.2 billion as claimed by o_e_l_e_o, also Microsoft Office 365 went down yesterday[1][2][3]

It's pretty much a guessing game right now, but it looks like it's probably Microsoft Office 365.

[1714929663]

1714929663

[1714929663]

1714929663

[1714929663]

1714929663

[Thekool1s]

Instagram seems most likely, It reached a billion users in 2018. Just sounds about right.

Source: https://www.statista.com/statistics/253577/number-of-monthly-active-instagram-users/

"Not your keys, not your bitcoin."

Amen!

[avikz]

I am sure it's nothing related to bitcoin or cryptos at all! We have not yet reached billions yet! So it's highly unlikely that crypto community will be affected by this breach! It's probably from the organizations like Facebook, whatsapp, google, Instagram etc. Or probably from some giant international banks with trillion dollar valued transactions everyday (you know what I mean)!

[ampu]

I guess the exchanges and projects that recently hosted the ICO have saved a lot of KYC information.  They may not have secured the information or sold them to make money.  That is the worst thing we can imagine.
If the above assumptions did not occur, then how could they expose so much personal information to users.

[o_e_l_e_o]

Instagram seems most likely, It reached a billion users in 2018. Just sounds about right.

Microsoft Office 365 also have 1.2 billion users, and their servers went down for a period of time earlier this week. Other possibilities (including those mjglqw has listed) could be Amazon or Visa.

There was also a data breach of 1.19 billion confidential medical images in the last few days, including names, addresses, dates of birth, and social security numbers, as well as obviously the imaging in question, but apparently this is a separate breach and the numbers are just a coincidence.

It'll be very interesting to see exactly what data have been compromised. Pick the right company to short right now and you could make a nice profit.

[kro55]

I am sure it's nothing related to bitcoin or cryptos at all! We have not yet reached billions yet! So it's highly unlikely that crypto community will be affected by this breach! It's probably from the organizations like Facebook, whatsapp, google, Instagram etc. Or probably from some giant international banks with trillion dollar valued transactions everyday (you know what I mean)!

And most importantly crypto community is not concentrated on one platform only. Let's see got trolled this time by hackers. Seems it will be a social media site as others dont have billions of users.

[dothebeats]

It’s quite alarming and concerning that massive data breaches like these are just a common occurrence now. I mean, how could a large company possibly lose such massive data like that? It’s not like they’re hiring security analysts and other staff for nothing yet getting top dollar on the payroll.

I guess this would be email-related and a big social media site is affected. God bless our data. We know for certain that this has nothing to do with crypto—but the implication is always there, so we shouldn’t get too comfy about it.

[audaciousbeing]

Susceptibility like this would continue to put organisations at risk. From the list and the largest private organisations that have the most people is Facebook across it services. I just hope this is not from Facebook because it would just further tank their Libra project and if not, it would also be a talking point for those who never wanted Facebook to carry out the project because it will continue to be a risk should it be in the hands of private individuals.

The whole crux of the message is that there is need to move funds away from exchange sites. Anyone who still needs to be given that advice in 2019 surely does not have any business to be in this crypto sphere.

[inthelongrun]

My guess is any of those popular social media companies listed above, e.g. Facebook, Gmail, Youtube and Twitter. Top Chinese or Indian social media sites, broadcast media or anything that has billions of users, viewers or members are also possible.

I think it is obvious that most of these American sites are already under the watchful eye of CIA. The same with China which is more strict. Underground, powerful countries are spying on each other. 

   

[Ucy]

This is becoming too common thesedays. I guess the companies don't get harsh fine or jail term as punishment for not properly securing  people's private data. otherwise they will be very careful collecting the private data atall or storing them without strong security.

This is why decentralized storage of private data is idea. Who can hack billions of people at thesame time If they are the ones keeping their private information.

[mk4]

It’s quite alarming and concerning that massive data breaches like these are just a common occurrence now. I mean, how could a large company possibly lose such massive data like that? It’s not like they’re hiring security analysts and other staff for nothing yet getting top dollar on the payroll.

Well, it's mostly a cat and mouse game. White hat hackers and security analysts improve help improve the security of the overall system, while at the same time the black hat hackers improve their skills by looking for vulnerabilities. Data breaches are pretty much inevitable. The best and most secure systems just fend of hackers a lot longer than not-so-secure systems.

[DdmrDdmr]

This is a nice interactive site that displays the larges world’s data breaches by year, size and data sensitivity:
https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

The site states the last update to be on April 2019, but the underlying data has some entries as recent as October 2019 (raw data file with 350 entries: https://docs.google.com/spreadsheets/d/1i0oIJJMRG-7t1GT-mr4smaTTU7988yXVz8nPlwaJ8Xk/edit#gid=2).

I guess the tweeted one will engross the list …

[waitforme]

1.2 billion users is too big. It is the service providers that have exposed this information. Facebook users are not interested in setting their accounts to private, but they use pre-installed content provided by the developer. I believe that disclosing personal information of customers is the direct fault of the service provider. But to suspect this information comes from exchanges or KYC from ICO projects is not entirely true because our market is too small compared to the rest of the world.

[BlackBaron]

Microsoft Office 365: 1.2 billion as claimed by o_e_l_e_o, also Microsoft Office 365 went down yesterday[1][2][3]

yeah man lets hope it is just microsoft office 365 who got hacked because Iam using libre in linux  
very likely it is not crypto related since the number is a way too big compared to our community

[adzino]

I guess the exchanges and projects that recently hosted the ICO have saved a lot of KYC information.  They may not have secured the information or sold them to make money.  That is the worst thing we can imagine.
If the above assumptions did not occur, then how could they expose so much personal information to users.

Oh yes, they have saved your KYC information and kept it for themselves. As soon as they are done scamming their investors or have failed the project, they make some extra money by selling those information to different people. Those people then use those information to commit their crimes using your identity (go look at the digital goods section. People over there are selling photo ID along with documents needed for verification purpose. Where do you think those come from?).

[Pearls Before Swine]

There was also a data breach of 1.19 billion confidential medical images in the last few days, including names, addresses, dates of birth, and social security numbers, as well as obviously the imaging in question, but apparently this is a separate breach and the numbers are just a coincidence.

That's one reason why I've *always* been opposed to medical records being stored online, and the computer systems used in hospitals and many other medical institutions do this, as well as some states in the U.S. storing controlled substance records in an online database.  All of this should stop, and gov'ts don't fully grasp the risk they're taking with people's lives.

It's probably Microsoft and if not, it's one of the major social media platforms and this is only going to continue until people start realizing that they can't safely share personal info on sites like that.  Unbelievable.

[Harlot]

Microsoft office might be a strong candidate for this but according to this news which they included the heat map of where the clients are affected by the downtime you will see that it's not a considerable portion of the world so Office 365 might not be the sure thing yet. With 1.2 billion users of the corporation I think it will be one of those big companies like Google, Facebook, or Microsoft, or even maybe Apple so this data breach is really dangerous if proven correctly.

[Kyraishi]

Instagram seems most likely, It reached a billion users in 2018. Just sounds about right.

Source: https://www.statista.com/statistics/253577/number-of-monthly-active-instagram-users/

"Not your keys, not your bitcoin."

Amen!

Don't think so, I was actually trying to use outlook and microsoft's services, and outlook was very glitchy (often redirecting me back to login, telling me that I needed to set my timezone to something?), and I just could not get into office 365 at all...

I guess the exchanges and projects that recently hosted the ICO have saved a lot of KYC information.  They may not have secured the information or sold them to make money.  That is the worst thing we can imagine.
If the above assumptions did not occur, then how could they expose so much personal information to users.

Oh yes, they have saved your KYC information and kept it for themselves. As soon as they are done scamming their investors or have failed the project, they make some extra money by selling those information to different people. Those people then use those information for to commit their crime using your identity (go look at the digital goods section. People over there are selling photo ID along with documents needed for verification purpose. Where do you think those come from?).

Hmhm. That's usually how fake or dead icos will end up making money, and often times they will force bounty hunters to perform KYC to make even more profit off selling their KYC verifications.

Damn though. I wonder what details got leaked, this is scary.

[o_e_l_e_o]

I don't use Office 365, but I assume they have cloud storage for all your documents? I'm sure there are a few users who have backed up their seeds by putting them in a document and saving them to the cloud. I'm sure there are also plenty of users using the exact same username/email and password for Office 365 as they use for some crypto web wallet. It all depends on what data have actually been breached, but if it is Microsoft, I wouldn't be surprised if this leads to some crypto scams as well.

That's one reason why I've *always* been opposed to medical records being stored online, and the computer systems used in hospitals and many other medical institutions do this

So the software involved in this breach is called PACS, which stands for Picture Archiving and Communication System. This software is massive. It is used almost globally, including throughout the US, Canada, Mexico, Europe, China, India, Japan, South Korea, Middle East, Australia, and South America. I couldn't even take a guess at just how many medical images from how many patients are stored on this system, but 1.2 billion is likely a small fraction.

The US is the biggest part of this leak, with almost 800 million images coming from there. Other large contributors are India, Brazil and South Africa. It's also worth pointing out that some countries, most notably European countries like Germany and the UK, have their PACS servers disconnected from the internet and run on their own secure network, and so are protected from this kind of breach.

[Kyraishi]

I don't use Office 365, but I assume they have cloud storage for all your documents? I'm sure there are a few users who have backed up their seeds by putting them in a document and saving them to the cloud. I'm sure there are also plenty of users using the exact same username/email and password for Office 365 as they use for some crypto web wallet. It all depends on what data have actually been breach, but if it is Microsoft, I wouldn't be surprised if this leads to some crypto scams as well.

Oh no... That's literally what I just thought about. Holy fuck.

They do have one drive (documents get autosaved to your cloud account for easy access from any account) for all their documents, which means most people who haven't bothered to fiddle around with the settings are likely going to have all their documents leaked online. That's tragic.

There are definitely going to be confidential documents in those ones, I can imagine a lot of careless businessmen not understanding how word sync/onedrive works, and there are definitely people with passwords in those documents, which will 100 percent lead to hacks and exploits.