S.

Sri Venkata Kaviya

B sc (Prog) Physical Science with Computer Science, First year

REPORT ON DATA BREACH

A data breach is a result of cyber attack where the confidential data stored in the system are
viewed, stolen or altered by an unauthorized person whereas a cyber attack is a malicious and
deliberate attempt by an unauthorized individual or organization to breach the confidential
information of the other system.

CASE STUDY 1
(taken from an article dated January 10,2023 by Michael X. Heiligenstein on firewalltimes.com)

On 4th January 2023 a trove of data on over 200 million twitter users circulated among hackers in
December 2022 was published on BreachForums. This data includes email addresses, names,
and usernames, but does not appear to include passwords or other highly sensitive data.
This data was originally scraped by exploiting an API vulnerability that was exposed from June
2021 to January 2022. This vulnerability was exploited repeatedly by different hackers and
resulted in multiple ransomwares and leak attempts in the latter half of 2022. Recently a hacker
named Ryushi attempted to ransom the data for $200,000 in late December.
Some reports have reported the number of compromised accounts to be as high as 400 million,
but after removing duplicates, the final number appears close to 210 million. It includes data on a
number of high-profile accounts, such as those of Alexandria Ocasio-Cortez, Donald Trump Jr,
and Mark Cuban.

CASE STUDY 2
(taken from a case study by icmrindia.org)

In early March 2021, the data of nearly 110 million users of the mobile wallet MobiKwik was
reported to be on sale on a hacker forum on the dark web. The data included details of KYC
documents, Aadhaar card and credit card details, and mobile phone numbers linked to the
MobiKwik app. The breach was exposed by an independent security researcher Rajshekhar
Rajaharia. However, MobiKwik denied that any such breach had occurred and stated that it was
fully compliant with all applicable data security laws. It blamed users instead for their data ending
up on the dark web. The company even targeted the cybersecurity experts who brought the hack
to light.
Following the data breach allegations, the Reserve Bank of India (RBI) ordered a forensic data
security audit of the company’s systems by a certified auditor.

CASE STUDY 3
(taken from an article by Ankita Chakravarti on indiatoday.in)

Earlier in April 2022, a hacker had claimed that he gained access to 13TB worth of popular pizza
brand Domino’s data. As per security experts, the data of 18 crore orders is available on the dark
web. The information that the hacker has got access to include the details of over 180,00,000
orders which contained phone numbers, email address, payment details and credit card details
of users.