From the Lapsus$ attacks to one of the biggest crypto heists of all time, 2022 has been a fast-paced year for major data breaches. Let’s go over the biggest data breaches of the year, starting from the top.
For more up-to-date information, see our article on the most recent data breaches of 2023.
#1: $540 Million Stolen in Ronin Breach
In March 2022, a group of hackers broke into the blockchain project Ronin and looted over $540 million in cryptocurrency – making this incident the second largest crypto heist ever. Ronin is the Ethereum sidechain used to power Axie Infinity, an online game involving NFTs.
The culprit would appear to be the Lazarus Group, a state-sponsored gang of hackers working for North Korea. The group was able to launder at least 18% of the stolen crypto immediately following the attack, and may have been able to launder more in the months since. So far, it does not appear that any of the stolen cryptocurrency has been recovered.
#2: Over 130 Companies Implicated in 0ktapus Breach
In August 2022, a cybersecurity report detailed an extended phishing campaign in which the attackers impersonated the authentication company 0kta. Through their efforts, the attackers successfully compromised at least 130 companies, including Cloudflare, Doordash, Mailchimp, and Twilio.
Cybersecurity researchers have dubbed the attacker group ‘0ktapus’ after the company they imitate in order to gain access. In a typical attack, the hackers direct their targets to a fake authentication page, where the victims would then enter their login credentials, giving the attackers access to their account.
Based on their choice of targets, researchers have speculated that the attackers were motivated primarily by financial reasons. Given the sheer number of companies compromised, it will likely take time for the full extent of this breach to become clear.
#3: “Total Compromise” at Uber
In August, a hacker under the alias ‘teapotuberhacker’ announced that they had breached Uber. The New York Times reported the attack “a total compromise” – by one account, the hacker “pretty much [had] full access to Uber.” Uber has said they have “no evidence” sensitive user data was exposed in the breach – but it appears the Uber’s source code, internal databases, and more were compromised.
Uber also said they suspect the hacker had ties to Lapsus$, the hacker group that has compromised several other high profile companies in 2022 – more on them in a minute. The hacker apparently purchased leaked credentials for a contractor working for Uber, and then proceeded to breach their account via an MFA fatigue attack.
#4: Lapsus$ Hacking Spree Breaches Microsoft, Nvidia, & More
In the early months of 2022, the emerging hacker collective known as Lapsus$ launched a string of high-profile attacks. In February, they looted a terabyte of proprietary data from Nvidia. They first demanded Nvidia remove crypto-mining limitations on their graphics cards, before offering the leaked data for sale at a minimum price of $1 million.
Over the next two weeks, Lapsus$ leaked source codes and algorithms from Samsung and temporarily brought down Ubisoft’s online gaming services. Then they breached Microsoft, earning even bigger headlines. But this attack was limited in scope: they made off with partial source codes relating to Bing and Cortana, but little more.
The Lapsus$ attacks slowed down after London police arrested several teenagers on March 24. But the attacks picked up again later in the year, breaching Uber, as detailed above, and Rockstar Games, as we’ll get to soon enough.
#5: 210 Million Twitter Users Exposed in Data Breach
Following a string of ransom attempts and leaks, a trove of data on over 200 million Twitter users circulated among hackers in December 2022, and was published in full on BreachForums on January 4th. This data includes email addresses, names, and usernames, but does not appear to include passwords or other highly sensitive data.
This data was originally scraped by exploiting an API vulnerability that was exposed from June 2021 to January 2022. This vulnerability was exploited repeatedly by different hacker, and resulted in multiple ransomware attempts and leaks in the latter half of 2022. Most recently, a hacker known as Ryushi attempted to ransom the data for $200,000 in late December.
Some reports have pegged the number of compromised accounts as high as 400 million, but after removing duplicates, the final number appears close to 210 million. It does include data on a number of high-profile accounts, such as those of Alexandria Ocasio-Cortez, Donald Trump Jr, and Mark Cuban.
#6: Over $30 Million Stolen in Crypto.com Breach
On January 17, hackers broke into 483 users’ wallets on Crypto.com and proceeded to make off with roughly $18 million in bitcoin and $15 million in ethereum, as well as other cryptocurrencies. It appears these hackers were able to bypass two-factor authentication and then access these users’ wallets.
Crypto.com initially downplayed the hack before confirming it a few days after it occurred. In response, they reimbursed all customers who lost cryptocurrency, and said were auditing their systems and working to improve security.
#7: Encrypted Passwords Stolen in LastPass Breach
In December, LastPass disclosed on their blog that a database of encrypted passwords had been breached by a hacker. Apparently, the attacker used data obtained in an August breach to compromise another employee and obtain the access credentials that enabled them to break into the the password database. LastPass did not disclose how many customers were implicated in this breach.
Just because the hackers have the encrypted vaults does not mean they know the passwords themselves. It would be very difficult — but not strictly impossible — for these hackers to crack the encryption and access the passwords themselves. Granted, it’s never a bad idea to change your passwords, especially in the wake of a data breach such as this one.
#8: 69 Million Accounts Exposed in Neopets Breach
On July 19, a hacker posted data on 69 million Neopets users for sale on an online forum. The leak included personal data such as name, email address, date of birth, zip code, and more, as well as 460 MB of compressed source code for the Neopets website. The Neopets team confirmed the data breach via Twitter.
Neopets has been breached numerous times over the years. Several hackers and Neopets users have accessed the source code as well as user databases. If you ever used Neopets, it may be wise to delete your account to protect your data from future data breaches.
#9: Up to 20 Million Plex Users Compromised
In August, Plex notified the majority of its roughly 20 million users that their account credentials had been compromised in a data breach. By Plex’s account, the hacker gained access to data including “emails, usernames, and encrypted passwords”, but no payment information. In response the incident, Plex strengthened the algorithm that encrypts account passwords.
#10: Ransomware Attacker Releases Data on 9.7 Million Medibank Customers
On November 7th, an unidentified hacking group publicly threatened Medibank, the largest health insurance provider in Australia. Claiming to possess data on 9.7 million current and former customers, the hacker said they would publish the data within 24 hours if their demands were not met. Medibank confirmed that nearly 500,000 health claims had also been unlawfully accessed in the breach.
Medibank ultimately refused to pay the ransom, causing the attackers to leak patient information on the darkweb. Although the attackers have not been officially identified, cybersecurity experts believe they were affiliated with the Russian ransomware group REvil.
More Notable Data Breaches of 2022
Hacker Leaks Footage From Rockstar Games
On September 18, a hacker under the alias ‘teapotuberhacker’ leaked roughly 50 minutes of footage of Grand Theft Auto 6, an upcoming game produced by Rockstar Games. They apparently obtained the footage by gaining access to the company’s Slack, where they proceeded to download the video clips. Rockstar acknowledged the leak in a statement released on Twitter.
Block Discloses Cash App Breach Affecting 8 Million Customers
In an April SEC filing, Block (the company formerly known as Square) acknowledged that Cash App had been breached by a former employee in December of 2021. The leak included customers’ names, brokerage account numbers, and other data, such as portfolio value and stock trading activity. Block has since contacted over 8 million customers to inform them about the incident.
Up to 2 Million People Compromised in Shields Health Care Group Breach
In June 2022, the Massachusetts-based Shields Health Care Group disclosed that they detected a breach in March 2022. The records included names, social security numbers, medical records, and other sensitive personal information.
Though Shields Health Care Group asserted they found no evidence the stolen information had been used to commit identity theft or fraud, there is a very real possible this information will be misused in the near future – if the hackers haven’t done so already.
1.8 Million People Exposed in Texas Department of Insurance Leak
In May 2022, a state audit revealed a data leak at the Texas Department of Insurance, compromising 1.8 million Texans. The data in question, including social security numbers and other sensitive personal information, was widely accessible on the department website from March 2019 to January 2022.
This issue was fixed shortly after it was identified in January. The state audit was completed in March, and only in May did it become known to the public. As far as the auditors could tell, this data was not accessed by unauthorized individuals.
1.5 Million People Compromised in Flagstar Bank Breach
In June 2022, Michigan-based Flagstar Bank notified customers of a data breach in which hackers stole the social security numbers of 1.5 million customers. The attack itself occurred in early December 2021, and Flagstar discovered the breach in early June 2022. In response, Flagstar notified law enforcement officials of the breach and hired a cybersecurity firm to help handle the incident.