Specific cases of data breach in 2022

1. Twitter Accused of Covering Up Data Breach Affecting Millions of People

On November 23, 2022, Los Angeles-based cybersecurity expert Chad Loder issued a warning about a data breach at the social media site Twitter, which allegedly affected "millions of people" in the United States and the European Union. The incident has allegedly affected millions of people in the United States and the European Union. Loder claims the data breach occurred "no earlier than 2021" and "has not been reported before." Twitter has previously confirmed a data breach affecting millions of user accounts in July 2022.

However, Loder said that unless the company "lied" about the July breach, it "can't" be the same as the breach they reported. According to Loder, the data from the November breach was "different" from the July breach because it was in a "completely different format" and had "different affected accounts. Loder said they believe the breach was "different" from the July breach because it was in a "completely different format" and had "different affected accounts. Loder said they believe the breach was due to malicious actors exploiting the same vulnerabilities as the hack reported in July. 2.

2. Hacking forum compromises over 1.2 million credit card numbers

Carding marketplaces is a dark website where users can trade stolen credit card details to commit financial fraud, often involving large sums of money. On October 12, 2022, credit card marketplace BidenCash released the details of 1.2 million credit cards for free.

A document posted on the site contains information on credit cards that expire between 2023 and 2026, as well as other details needed to conduct online transactions.

BidenCash had previously leaked thousands of credit card details in June 2022 as a way to promote the site. As the combing marketplace was forced to launch a new URL in September, three months after a series of DDoS attacks, some cybersecurity experts believe this new release of details could be another advertising attempt.

3. 11 million people's personal and medical data accessed in Optus data breach

Australian telecommunications company Optus suffered a devastating data breach on September 22, 2022, resulting in 11 million customers' details being accessed. The information accessed included customers' names, dates of birth, phone numbers, email and home addresses, driver's license and/or passport numbers, and Medicare ID numbers.

Files containing this confidential information were posted on hacker forums after Optus refused to pay the ransom demanded by the hackers. Victims of the data breach also said they were contacted by the alleged hackers and asked to pay A$2,000 (US$1,300) or their data would be sold to other malicious parties.

4. Hackers tried to sell data of 500 million WhatsApp users on the dark web

On November 16, 2022, a hacker posted a dataset to BreachForums containing what they claimed was the most recent personal information of 487 million WhatsApp users from 84 countries/regions.

In the post, the alleged hacker stated that those who purchased the dataset would receive the "latest cell phone numbers" of WhatsApp users. According to the bad guys, among the 487 million records are details of 32 million U.S. users, 11 million U.K. users and 6 million German users.

The hackers did not explain how such a large amount of user data was collected, saying only that they "used their tactics" to obtain it.

5. 9.7 million people's information stolen in Medibank data breach

On October 13, 2022, Australian healthcare and insurance provider Medibank detected some "unusual activity" in its internal systems. The company was subsequently contacted by malicious parties on October 17, with the aim of "negotiating with [the healthcare] company over their alleged deletion of customer data. However, Medibank publicly refused to give in to the hackers' demands.

Medibank disclosed the true extent of the hack on November 7, announcing that malicious actors had accessed and stolen the data of 9.7 million past and present customers without authorization. The information included confidential and personally identifiable information about medical procedures, including codes related to diagnoses and procedures.

After Medibank continued to refuse to pay the ransom, the hackers released files containing customer data called "good-list" and "naughty-list" on November 9, 2022.

The so-called "naughty list" reportedly included details of people who sought treatment for mental health problems such as HIV, drug or alcohol addiction, or eating disorders.

On November 10, they posted a file labeled "abortion" on a website supported by the Russian ransomware group REvil, which apparently contained information on procedures claimed by the insured, including miscarriages, terminations of pregnancy and ectopic pregnancies.