Blog

Biggest Hacks of 2022 (Part 2) 

Continuing on from our previous blog, we are back with our survey of some of the largest and most surprising hacks in 2022. Uber and Rockstar Games fell victim to relatively simple cyber attacks. Social engineering has a remarkable ability to breach even the most secure security measures. Luckily, the Uber and Rockstar Games hacks were more flashy than they were costly. This week, we’re covering a pair of hacks with much more financial or potentially disastrous effects. 

Crypto.com 30 Million Dollar Hack

Cypto.com was enjoying the limelight for a few years. The crypto boom gave it a platform and revenue stream like never before seen. In a few short years, Crypto.com became one of, if not the largest crypto exchange platform in the world. Its future was so bright, in fact, that Crypto.com purchased the naming rights to the LA stadium formerly known as Staples Center. After the season of boons, however, 2022 marked the beginning of a downfall. 

In January of 2022, Crypto.com was hit by a massive breach that cost it about $30 million when everything was all said and done. On January 14th Crypto.com noticed that hackers were initiating transactions on its platform without triggering the two-factor authentication that normally comes along with said transactions. A few days passed while Crypto.com tried to stop the bleeding, eventually, they were forced to suspend all withdrawals from the site, revoke all of their two-factor tokens, and logged every single customer out of their accounts. By the time Cypto.com implemented these security measures and sent word out to news outlets, about $30 million in ill-gotten gains had been siphoned from Crypto.com users. 

After this hack, Crypto.com implemented mandatory two-factor authentication policies on the customer-facing side and backend alike. Crypto.com also began a “Worldwide Account Protection Program (WAPP).” This was put in place to protect users in case attacks like this happened again. It’s a sort of internal FDIC, ensuring a refund of up to $250,000 for “qualified users.” This protection program is far from perfect, but hopefully, it protects its vulnerable users in the future should a massive hack like this occur in the future. 

A Neopets Hack?

The online fantasy pet simulator, Neopets was the subject of a massive data leak in July of 2022. Users of the site tend to be on the younger side, but their data is just as valuable in large numbers as any adult’s data. This fact was confirmed by the hacker that seized a Neopets database containing the user data of approximately 69 million Neopets users both fresh and dated. 

According to Polygon and an official statement on Twitter, ” Neopets became aware that customer data may have been stolen,” and “… immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data. Interestingly, a community website, JellyNeo was the first to report on the breach, it seems that community members noticed the breach before Neopets themselves, and an anonymous source tipped JellyNeo off. In this hack, Neopets’ source code and the entirety of their user database had been accessed. The hackers were holding the data ransom to the tune of 4 Bitcoin (~$94,500 USD at the time).

The hack, on its face, seems a bit silly, but data is data. If any of these 60 million users share login information across platforms, then the reach of the security breach is much larger than it initially seems. 

Keep Hackers Out

These massive breaches have been made or broken by the protections that businesses have put in place should their first lines of defense fall. Encryption and decentralized server structures are often the only things preventing an unfortunate breach from blossoming into a full-fledged disaster. 

Protect Your Business

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.

AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business. 

Citations

“Security Update | Uber Newsroom”. 2022. Uber Newsroom. https://www.uber.com/newsroom/security-update/

“Grand Theft Auto 6 Leak: Who Hacked Rockstar And What Was Stolen?”. 2022. The Guardian. https://www.theguardian.com/games/2022/sep/19/grand-theft-auto-6-leak-who-hacked-rockstar-and-what-was-stolen

Fung, Brian. 2022. “Uber Says Hacker Group Lapsus$ Behind Cybersecurity Incident | CNN Business”. CNN. https://www.cnn.com/2022/09/19/tech/uber-lapsus-cybersecurity-incident/index.html

Newman, Lily Hay. “Crypto.com Finally Admits It Lost $30 Million in a Hack.” Wired. Conde Nast, January 22, 2022. https://www.wired.com/story/crypto-hack-nso-group-security-news/.

Biggest Hacks of 2022 (Part 1)

Every day we are reminded that our security is more fragile than we think. It’s good to take some time to take stock a few times a year to get an accurate view of the cybersecurity landscape. Today, and in an upcoming companion blog, we will be covering four of the largest hacks that have hit the world of tech. This week we’re coving the Uber hack that has given the hacker access to all of Uber’s back-end passwords, and backdoor access to much of Uber’s operations. We will also be covering a slightly more mysterious hack that video game developer, Rockstar Games suffered that leaked tons of in-development projects and their in-network data. 

Lapsus$ Uber Hack

On the morning of Monday, September 19, Uber posted a blog update to its website detailing a massive breach of Uber’s systems. This hack was a relatively simple social engineering attack that obtained an Uber EXT contractor’s credentials including their multi-factor authentication. 

It was suspected that the hacker initially pulled the developer’s password from a cache on the dark net. It’s likely that the password was scraped from a device that had previously been the victim of a malware attack. Social engineering attacks are embarrassingly simple once a hacker has their hands on the right information. In this case, the Lapsus$ member fired off several login attempts, triggering the multi-factor authentication. After enough attempts, the contractor slipped up and accepted the multi-factor authentication and the breach was complete.

Once access to the contractor’s accounts had been granted, the hacker had nearly unlimited access to Uber’s systems. Uber claims that their security monitoring allowed them to respond to the issue, but notably, Uber’s statement does not claim to have excised the hacker or to have revoked their access entirely. 

Some of Uber’s top priorities in the wake of this hack were to stop the bleeding so to speak. They checked their systems for similarly compromised accounts, forced password resets, and shuffled their internal access keys. 

What Does This Mean? 

The hacker had their fingers in everything, and its possible that, regardless of the key resets they may have their hands on a trove of internal data. Uber’s investigation found that no public-facing systems were touched, and their databases of sensitive user information like trip information and credit card numbers were similarly undisturbed. 

Luckily, Uber is prepared for such a breach of those databases should it happen in the future. The personally identifying information that Uber’s customers trust them with is, fortunately, encrypted. In cases like these, encryption provides a secondary or tertiary layer of security.

It is lucky that Uber’s first sweep during this investigation has found no immediate negative effects, but the breach is a massively disappointing event, regardless. Uber processed $26.61 billion worth of bookings in 2020 along, and more than 1.44 billion rides are completed through Uber every quarter, meaning that even a small-scale breach or a fraction of leaked information would have far-reaching effects. The fact that this lone hacker got this far with a single password and a free afternoon does not bode well for their cybersecurity infrastructure.

Rockstar Games Data Leak

Rockstar Games is one of the most successful producers of video games on the planet. Their 2013 game Grand Theft Auto V has been generating well over $6 billion in revenue for the company on its own by maintaining a relatively simple massively multiplayer online mode. This developer has been working on the sequel to Grand Theft Auto V for the last few years, and it is, to this day, one of the most anticipated games in the industry.

About an hour of development footage has been leaked to the public and game journalists, giving the people an unprecedented look at the work Rockstar Games has been doing behind closed doors. The video game industry is famously secretive, so a breach of this magnitude from a studio with such vast resources comes as quite a shock to the cybersecurity world. Rockstar Games is incentivized to keep its title under lock and key to maximize press and public opinion when the game eventually releases.

This attack, interestingly, seems to have worked its way into Rockstar Games via its Slack channel. Details are slim from Rockstar, but the hacker, after leaking footage of the game, claims to have a hold of their source code. This source code is the backbone of the video game currently in development and may be used by the hacker as ransom collateral,

Battle Hackers With AXEL Go 

AXEL Go is a cloud-based file storage and sharing system that acts as a secondary line of defense in the face of clever hacks. As we saw with the Uber hack, if crucial personally identifying data and sensitive information is stored in a properly sealed server structure, then even a successful hack will fizzle out. Our decentralized server structure creates an ecosystem of safety that can stand firm in the face of unexpected breaches. Anything from source code to employment information will be basically impenetrable on our decentralized servers and when combined with our AES-256 bit encryption.

Protect Your Business

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.
AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Sources

“Security Update | Uber Newsroom”. 2022. Uber Newsroom. https://www.uber.com/newsroom/security-update/

“Grand Theft Auto 6 Leak: Who Hacked Rockstar And What Was Stolen?”. 2022. The Guardian. https://www.theguardian.com/games/2022/sep/19/grand-theft-auto-6-leak-who-hacked-rockstar-and-what-was-stolen

Fung, Brian. 2022. “Uber Says Hacker Group Lapsus$ Behind Cybersecurity Incident | CNN Business”. CNN. https://www.cnn.com/2022/09/19/tech/uber-lapsus-cybersecurity-incident/index.html

Newman, Lily Hay. “Crypto.com Finally Admits It Lost $30 Million in a Hack.” Wired. Conde Nast, January 22, 2022. https://www.wired.com/story/crypto-hack-nso-group-security-news/.

The United States government is a lurching behemoth with several massive branches that stand on opposing ends to, ideally, keep everything in check. This does mean, however, that specific standards and practices tend to fall the wayside or find themselves unable to update. In September 2022, the White House pushed forward an executive order to improve the government’s basic security infrastructure. 

Previous State of Government Cyber Security

The Biden administration has slowly been chipping away at the cybersecurity threats facing the United States Government. In May of 2021, the White House published an executive order that began the federal push toward improved government cybersecurity policies. The order first and foremost pushes for lowering the information-sharing boundaries between government bodies. Before this order, government agencies like the CISA,  FBI, and the Intelligence Community were unable to share information directly with one another about cyber security incidents. 

These barriers created information gaps that would give security threats under government investigation the opportunity to repeatedly hammer away at security exploits that have been found by simply selecting a different target. These hackers would get away with targeting several different government bodies while the federal government had to slog through bureaucracy before they could compare notes with each other.

Beyond pushing for improved bureaucratic changes, this order improved infrastructural security issues. The Federal Government began adopting modern cyber security best practices such as implementing Zero Trust Architecture, secure cloud services for sharing and storing data, and other Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) solutions to storage and sharing problems facing the government in a rapidly digitizing world.

The 2022 Cybersecurity Briefing 

The Washington Post’s cybersecurity column, Cybersecurity 202, was the first to report on The White House’s fresh cybersecurity guidance from the Biden administration in 2022. The briefing and executive order were further improvements on the previous order from the summer of 2021.

This executive order cites the SolarWinds attack of 2020 and the cybersecurity failures of many Federal Agencies in the face of that attack. Malicious code was planted into the code of the software SolarWinds provided which led to a rash of festering cybersecurity breaches that, to this day, have not been completely sealed. To this end, the 2022 White House Cybersecurity briefing has tightened up many of its policies and digital infrastructure in order to further protect Federal Agencies and prevent supply chain issues like the ones seen in the Colonial Pipeline attack. 

The contents of this executive order are decidedly less flashy than the order from May 2021. Instead, it defines timelines within which Federal Agencies must shift their security over to zero-trust infrastructure and adopt secure cloud-based storage solutions.

Keep Pace with AXEL Go

AXEL Go provides the sort of cutting-edge security that The White House has been pushing for in order to protect The Federal Government from the increased rate of sophisticated cyber security attacks. The security that distributed, cloud-based storage solutions can provide against modern cyber attacks is unlike anything that has been seen before. AXEL Go uses a distributed, collective server structure to store and encrypt documents in several distinct fragments that may only be reassembled with the proper authorization. Should a hacker make their way into the IPFS storage that we use to protect our clients, the data they get their hands on would be effectively useless. 

AXEL Go has been on the cutting edge of serious cybersecurity methods, and we plan on keeping it that way. The security that AXEL Go provides would have prevented national-level headaches. Similarly, AXEL Go can protect your business from persistent attempts from hackers. Join us in the fight for a more private and secure internet while The White House eventually keeps pace.

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.

AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Sources

“Executive Order on Improving the Nation’s Cybersecurity.” The White House. The United States Government, May 12, 2021. https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/.

“Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience.” The White House. The United States Government, September 14, 2022. https://www.whitehouse.gov/omb/briefing-room/2022/09/14/enhancing-the-security-of-the-software-supply-chain-to-deliver-a-secure-government-experience/.

Generation Z and Generation Alpha are defined by their relationship to the internet. These young adults, teenagers, and children have been raised in a media landscape dominated by online entertainment, communication predominantly via social media, and a world interconnected like never before. The internet for these people comes as naturally as walking and talking, but because these generations were young when big tech began collecting their data, they are in a uniquely bleak position. 

Big Tech and Young People’s Data

It is well known now that Meta, Twitter, and Google make their money by collecting, organizing, and selling the data of their customers. This data, is usually sold to advertisers to precision-target users on the internet at every turn. Nearly every interaction on the internet these days is tracked in some form or another and collected by data collection agencies. This data can be used to create a disturbingly accurate profile of every user’s likes, dislikes, and future potential behavior. 

Privacy laws have grown and changed over the last decade or so to allow users the opportunity to opt out of this invasive process. Many adults that have had the opportunity to know life apart from the internet have grown distrustful of data collection and seized the chance to opt out, but Generations Z and Alpha find themselves unprotected in a way that Millennials and Generation X were not. Generation Z has been unwittingly handing its data over to Big Tech for their entire lives. Their parents, though they may have had a passing understanding of personal data collection, were not adequately prepared to defend the data of their minors.

This means that young people have not only been given no opportunity to protect their privacy, but their understanding of what privacy looks like has also been drastically altered in favor of data collectors and Big Tech.

Big Tech’s Failings

Big Tech is a collection of incredibly powerful businesses driven by profit. These companies may have individuals within them that want nothing more than the safety and privacy of their users, but the size of these companies and their profit demands easily overpower the best intentions of any single good actor. 

Meta especially has been the face of teenager-related failings. Lawsuits against Meta were filed in Colorado, Delaware, Florida, Georgia, Illinois, Missouri, Tennessee, and Texas accusing the site of unduly exploiting teenagers and other young people on their apps. The vice grip they have over the data of young people from the moment they set foot online has given the company the broadest possible view of an impressionable age group before they had the opportunity to opt out.

Even if these young people try to remove themselves from Meta and its umbrella of media sites, their data will live on in perpetuity on Meta’s servers, effectively stripping a generation of people of their digital privacy until something changes.

The National Programs’ Center for Industry Self-Regulation has introduced a roadmap for securing the data of young people aged 13-17. A large part of this attempt at social media regulation is curtailing the addictive designs of social media companies. Part of their ability to draw so much data out of teenagers is the pernicious design of these apps combined with a lack of data collection oversight. 

This minimal amount of pushback from The National Programs’ Center for Industry Self-Regulation and legislation from the UK has already seen adjustments in behavior from social media companies. TikTok and Facebook, for example, have begun tightening their privacy settings for users under the age of 18, giving young people on the internet the opportunity to achieve the same privacy afforded to adults without having to jump through as many deliberately opaque hoops. The speed at which these companies have fallen in line after a whiff of pushback shows that there is a future where privacy is possible for everyone online.

Privacy Without Compromise 

AXEL understands the importance of privacy online. Users of the internet deserve the dignity of privacy no matter their age, generation, or level of technological literacy. This is why AXEL Go is built on a foundation of privacy and security. By providing a service that supplies privacy and security without compromise, AXEL Go is leading the charge for a more secure and less invasive internet. While we pride ourselves on our security, AXEL Go is first and foremost a place for users to enjoy a sense of privacy that has been missing from the internet for years now.

Protect Your Privacy With AXEL Go

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.

AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Citations

“New Teen Data Roadmap Seeks To Fill Gap In Kids’ Privacy Law”. 2022. News.Bloomberglaw.Com. https://news.bloomberglaw.com/privacy-and-data-security/new-teen-data-roadmap-seeks-to-fill-gap-in-kids-privacy-law

“Opinion | Gen Z Has Never Known A World Without Data Sharing (And It Shows)”. 2022. NBC News. https://www.nbcnews.com/think/opinion/teens-have-never-known-world-without-data-sharing-it-s-ncna1254332.

“Meta, Instagram Hit With 8 Lawsuits For ‘Exploiting Young People For Profit'”. 2022. Nypost.Com. https://nypost.com/2022/06/12/meta-instagram-hit-with-8-lawsuits-for-exploiting-young-people-for-profit

2022. https://www.wsj.com/articles/meta-tiktok-could-face-civil-liability-for-addicting-children-in-california-11656419401