‍

“In 2021, 64% of respondents named data loss/leakage as their biggest cloud security concern. As organizations worldwide continuously migrate workloads to the cloud, security issues become more pertinent”, Statista.

‍In the era of cloud computing, businesses are prioritizing security-first approach as cloud security challenges are evolving at an unfathomable pace. The common cloud security challenges that organizations struggle with include data breaches, misconfigurations, insufficient change control, lack of cloud security architecture & strategy, inadequate identity, credential, access & key management, account hijacking, insider threats, insecure interfaces & APIs, weak control plane, metastructure & applistructure failures, and limited cloud usage visibility, etc. This blog solely focuses on data breaches.

Even the well-known companies like Uber, Dropbox, Zoom, MySpace, Twitter, Microsoft, among others have become the prey to data breaches. Moreover, the recent global pandemic has exacerbated cyber-attacks and data breaches. With that being said, here are some of the non-famous security breaches of 2021 that you must be aware of to act proactively to safeguard yours. Let’s check them out,

‍Facebook On April 3, Business Insider published a story saying that information from more than 530 million Facebook users had been made publicly available in an unsecured database. It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.

‍Kroger The Kroger Family of Companies ("Kroger") confirmed that it was impacted by the data security incident affecting Accellion, Inc. Accellion’s services were used by Kroger, as well as many other companies, for third-party secure file transfers. Accellion notified Kroger that an unauthorized person gained access to certain Kroger files by exploiting a vulnerability in Accellion’s file transfer service.

‍Bonobos Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after a cloud backup of their database was downloaded by a threat actor. This leaked database is a monstrous 70 GB SQL file containing various internal tables used by the Bonobos website.

‍MeetMindful A well-known hacker was able to exploit a now-closed vulnerability in our system, and was able to export an outdated version of a list of basic user information. The released information include first names (in some cases, last names), and emails, encrypted passwords and other credentials, other basic account details, email and other notification preferences.

‍Pixlr A hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks. The alleged Pixlr database posted by Shiny

Hunters contains 1,921,141 user records consisting of email addresses, login names, SHA-512 hashed passwords, a user's country, whether they signed up for the newsletter, and other internal information.

‍Reverb Popular musical instrument marketplace Reverb has suffered a data breach after an unsecured database containing customer information was exposed online. Reverb customers began receiving data breach notifications stating that customer information was exposed, including customers' names, addresses, phone numbers, and email addresses.

‍Audi and Volkswagen On March 10, 2021, Audi and Volkswagen were alerted that an unauthorized third party may have obtained certain customer information. Approximately 3.3 million individual customers and interested buyers were affected.

‍Android Security researchers discovered that personal data of more than 100 million Android users has been exposed due to various misconfigurations of cloud services. The data was found in unprotected real-time databases used by 23 apps with download counts ranging from 10,000 to 10 million and also includes internal developer resources.

‍Automatic Funds Transfer Systems (AFTS) A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington. The attack occurred around February 3rd when a cybercrime gang known as 'Cuba ransomware' stole unencrypted files and deployed the ransomware.

Organizations need to focus on encryption in flight and at rest data, implementation of API-based CASB, proper backup of public cloud resources, micro-segmentation access and network resources to proactively deal with data breaches in the cloud. Inability to deploy effective encryption measures while managing data can set you up for compliance risks, data breach penalties, and losing the trust of your customers. As we have seen above, data breach is one of the major security concerns for almost every organization regardless of its size and scale. All you need is a business partner who can help you proactively strengthen your security posture in the interconnected cloud environments. Looking for a security partner whom you can bank upon? We’ve got you covered.

‍Bolster Your Cloud Security Practices With Zymr

‍Extend your core cloud security technology with our well-structured and refined security approaches. Our state-of-the-art cloud security services and solutions help your business improve risk, enhance defenses, and innovate. Talk to us, we’re just a click away.