2022’s Most Notorious Hacks and Leaks

Cybersecurity is one of the most important topics of our generation, and even though companies invest tens of millions to reinforce databases, systems, and networks, we have news of significant hacks and leaks every year. 2022 was no different, with numerous conglomerates, banking systems, and powerful corporations suffering.

What’s so harrowing about data breaches is that we trust companies to protect our vital information. Yet, poor systems management and security mean that the worst could happen to us. Learning about previous breaches can potentially help us prevent future ones. Find out more about 2022’s most notorious hacks and leaks below.

Related Reading:

• What Is Post-Quantum Cryptography?
• Best Crypto Hardware Wallets 2021
• What Is an Ethical Hacker?
• How to Remove a Hacker From My Phone: The Ultimate Guide

2022’s Most Notorious Hacks and Leaks

Here are 2022’s most notorious hacks and leaks that could have affected you or your loved ones. Some of these attacks meant that companies had to reimburse their customers, depending on the severity of the breach. If you were a victim, you might have received an email regarding a potential class action lawsuit that you can participate in.

1. LastPass Data Breach

Multiple companies and agencies use LastPass to share valuable passwords with team members. The basic premise of the service is that it encrypts passwords and makes it easy for teams to autofill them into certain apps and websites. Generally, we view password managers as safe and secure, partially because the whole point is to lock your personal information behind an uncrackable veil.

However, according to CEO Karim Toubba, hackers stole a backup copy of customers’ vault data using cloud storage keys from an employee of LastPass. This backup was encrypted, but if the hackers had the customer’s master password, they could access all information. This allows them to try and brute force their way into acquiring your password. If a hacker found out that they had the backup of a major corporation, they could specifically target it to find out the master password and access extremely important accounts.

Those who use LastPass would have received an email regarding the issue, and news outlets reported the matter extensively. While the company claims that the intruders didn’t uncover any specific information, it did issue a warning urging all customers to change passwords. Is the breach a reason to use a different service? If so, what could another company have done differently?

2. Lapsus$

The Lapsus$ hacks refer to a series of cyberattacks by a group that refers to themselves as “Lapsus$.” This group is behind several of 2022’s most notorious hacks and leaks, including Microsoft, Samsung, and Nvidia. The cybergang has ties to a group of teenagers based in London, United Kingdom. However, not much is known about the group. We only have this lead because a London teenager was arrested for their role in the Rockstar Games leaks that showcased Grand Theft Auto 6’s development.

Perhaps the group took inspiration from Anonymous, but it seems they have more malicious intentions. For example, when the group hacked Nvidia, they threatened to release sensitive computer chipset files for all recent GPU releases like the RTX 3090Ti. The group’s aim behind that attack was that it wanted Nvidia to make its drivers open-source.

Similarly, the group hacked Samsung and released the source code of Samsung Galaxy phones. Surprisingly, such giant corporations were subject to vicious attacks, but perhaps the companies in question could use it as a lesson to bolster security significantly.

3. Uber Hacks

Many also attribute the Uber hacks to the Lapsus$ group, but not much is known about the intruders. The Uber hacks were particularly memorable and one of 2022’s most notorious hacks and leaks because of crude the attack seemed. What happened is that an individual (or group) gained access to Uber’s network and began to cause mayhem.

Although the hacks didn’t reveal any explicitly sensitive information, they posted inappropriate images on internal websites, spammed Slack channels, and revealed the company’s internal working conditions online. Uber publicly blamed Lapsus$ for the attacks, but there’s no concrete evidence to suggest it.

4. North Korean Cryptocurrency Theft

Image credits: David McBee

One of the biggest revelations in 2022 (at least to the public – the US government has probably known about it for much longer) is that a group of North Korean hackers is targeting cryptocurrency sources and stealing from them to fund state activities. One of these attacks was on crypto video game company Axie Infinity. According to multiple sources, North Korean hackers stole $620 million from the company, making it one of the biggest cryptocurrency plunders ever.

Multiple reports have speculated that North Korea is behind many more such attacks, breaches, and burglaries. Although Western authorities might be able to identify who did it, there’s not much they can do once it’s in the isolated state’s hands. No one will go to North Korea and demand the money back – the funds are gone for good. This puts into question the safety of holding crypto. If huge companies can lose hundreds of millions of dollars suddenly, who’s stopping anyone from taking our holdings?

5. 500 Million Whatsapp Users

Perhaps one of the most significant data breaches of 2022 that affected the most people happened on November 16, 2022. A hacker posted to a popular forum called BreachForums and wanted to sell a dataset containing the personal information of approximately 500 million users. What could someone do with this amount of information?

Firstly, those with malicious intent could create a fake profile of you wherever they wish. If they had your address, phone number, email address, and contacts, you could consider your identity effectively stolen. There isn’t much to back up the validity of these claims except for the post on BreachForums. Meta has denied any claims of a security breach, but the company allegedly fired one of its employees for hacking into user accounts.

6. 1.2 Million Credit Card Numbers

The dark web is a notorious place where you can find all sorts of illegal activity. One of 2022’s most notorious hacks and leaks came in the form of 1.2 million credit card numbers being released for free. This happened on carding marketplace BidenCash on October 12, 2022, and is a major financial cybersecurity issue. Not much information has come out on the status of these credit card numbers, which all expired between 2023 and 2026. Many claim that BidenCash was using the “breach” as a form of advertising.

The dataset included all the necessary information to make online transactions, which means that the attackers would have unfettered financial control over the victims. It could be that the situation is still unfolding, or it could be that the dataset was false and just an advertising ploy. Regardless, if 1.2 million legitimate credit card numbers and information were leaked to the public for free, that would make it one of the biggest and most malicious leaks of all time.

Conclusion

As consumers, we put a lot of trust and faith in institutions to protect our private information. Hacks, breaches, and attacks will always happen, no matter how advanced security gets, because as technology advances, so do ways to penetrate it. To protect yourself as much as possible, try to keep different passwords for each website and enable two-factor authentication.