BotNet News

Your source for Online Security News

Data Breach is a cyber security incident that occurs when sensitive, protected or confidential information is copied, transmitted, viewed, stolen or altered by an individual who is not authorized to do so. Other terms for this type of incident are data leak, information leak and data spill.

Attackers want to get their hands on personal or confidential information for financial gain, to cause harm to others or both. This is why they often use sophisticated methods that involve reconnaissance (finding vulnerabilities), intrusion and presence, and exfiltration (sending data out of the organization’s network).

Often, the attacker uses a technique known as brute force to crack passwords or security measures. A good example of this is the February 2018 breach of fitness app MyFitnessPal, which exposed usernames and encrypted passwords for 150 million users. This type of data is valuable to criminals because many people reuse passwords across multiple online services. The resulting vulnerability allows cybercriminals to access other accounts with the same passwords or simply log into other services using the attacker’s stolen credentials.

Sometimes, a data breach is unintentional and results from human error, such as setting private files to public by mistake or losing devices (computers, smartphones, USB drives). This type of event is called an accidental information disclosure. While some cybersecurity researchers find these incidents and alert organizations through a process called responsible disclosure, the more common scenario is that cybercriminals take advantage of the information and sell it on the black market or use it for other malicious purposes.