10 biggest internet security fails of all time From Kurt Eichenwald's eternal association with tentacle porn to simply asking celebs for their PWs so you can download their nudes, and everything in between.

Technology has brought many positive changes to our world, but it also means millions of people at a time have their sensitive and personal data leaked — a story by now so common that we’ve all been desensitized to it.

In fact, if you go to https://haveibeenpwned.com/ and type in an email address you’ve used for many years, chances are it’ll show you your account has been part of a leak somewhere. It’s practically inevitable and basic internet security now means you should never tie any data point — on any service — to a public email address unless you want the entire world to eventually know it.

PS. If you are a student doing IT lessons and if you need help with your computer science homework, you can seek professional academic writing services to help you k.

But this is about internet security fails — big ones. So let’s start with a banger:

Paul Krugman’s computer downloading CP all by itself

A typical example of the “you have been hacked” scam.

How did New York Times’ Paul Krugman end up with child pornography on his computer? Why would he announce it to the world? According to Krugman, his IP address was compromised. No, it doesn’t make a lot of sense.

“Well, I’m on the phone with my computer security service, and as I understand it someone compromised my IP address and is using it to download child pornography,” Krugman wrote in a now-deleted tweet, according to The Hill.

He then blamed the whole thing — whatever the thing is — on conspiracy theorists attempting to “Qanon” him, apparently a verb now.

He deleted the original tweet (probably after finding out you can’t compromise someone’s IP address to download CP) and wrote that The Times is now on the case.

If Krugman’s latest tweets are to be believed and you can read into it a little bit, it seems he fell for the “you have been hacked”/”I know you are a pedophile” spam email, one of the oldest tricks in the book. Open your spam folder and you probably have a few of these, right next to the millionaire Nigerian princes.

The Fappening

In 2014, hundreds of nude photos of various celebrities — Jennifer Lawrence, Kirsten Dunst, and Kate Upon to name just a few — were leaked on 4chan. This event was named “The Fappening” due to the titillating nature of the leaked photos, and the affair enthralled the entire world’s media for a while. When a subreddit was created to share the photos, it gained over 100,000 followers in a single day.

Originally it was believed that photos were hacked via a security flaw in Apple’s cloud services. Apparently, that wasn’t the case. The hacker was in fact able to obtain the celebs’ passwords through simple phishing emails. In other words, the celebrities were tricked into willingly giving up their passwords — by another one of the oldest tricks in the book.

Elsevier leak

Elsevier, the company behind scientific journals such as The Lancet, not only stored its users’ emails, usernames, and passwords in plain text. They also decided to store the data on a server configured to provide open access to literally anyone, anywhere with an internet connection.

When the leak was inevitably discovered, nobody knew how long this had been going on or who might be affected by criminal activities in what way.

“Most users are .edu [educational institute] accounts, either students or teachers,” Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. “They could be using the same password for their emails, iCloud, etc.”

Smart LIFX Bulbs and Wi-Fi passwords

Contributed by our guest writer:

A hacker known as LimitedResults showed people how they could use smart LIFX lighting bulbs to expose things like root certificates and Wi-Fi passwords. It’s an interesting story where LimitedResults bought a bulb and then did a download of the associated app on his personal device. He then set up a Wi-Fi connection.

When he was connected, he took the bulb apart with the use of a saw to access the hardware. Inside the bulb, there was the SoC, or system-on-chip, so he joined the board so that he connects the LIFX hardware. After he was connected, LimitedResults could see the plain text passwords for Wi-Fi within the memory of the SoC.

Managing passwords for employees is a big struggle for many organizations. A recent Verizon Data Breach Investigations Report indicated that over 70 percent of workers reuse passwords at the workplace. Also, the report found that about 81 percent of breaches related to hacking was due to weak or stolen passwords.

I have too much of a headache to edit this one right now.

The DNC email leak

The 2016 presidential election in the United States seemed like one security fail after another. The most notable “cyber attack” was the DNC email leak, which exposed how members of the DNC were communicating with each other and members of the press to promote Democratic presidential candidate Hillary Clinton and undermine fellow candidate Sen. Bernie Sanders.

“Many of the most damaging emails suggest the committee was actively trying to undermine Bernie Sanders’s presidential campaign,” The Washington Post reported at the time.

The hackers collected over 19,252 emails, and you can read them for yourself on Wikileaks. The hackers’ identities have not been confirmed.

Sony vs. LulzSec

Throughout 2011, a group of hackers known as Lulz Security (LulzSec) had its way with several huge companies, including Sony. They managed to obtain data from over 24 million customers and forced Sony to disable the PlayStation Network for days on end.

LulzSec claimed they were able to access the data through a simple SQL injection, “one of the most primitive and common vulnerabilities” and the #1 vulnerability in amateurishly put together systems.

The attack was motivated by Sony’s legal action against George Hotz for jailbreaking the PlayStation 3.

Ubisoft’s 58 million

The breach at the company behind gaming titles like Assassin’s Creed and Far Cry saw the release of usernames, email addresses and encrypted passwords belonging to a staggering 58 million customers.

The hackers got access to the treasure trove by hacking their website.

Equifax data breach

In late 2017, credit reporting agency Equifax revealed that the personal information of over 140 million Americans had been obtained by hackers. To put it into perspective, the population of the United States is roughly 330 million.

The hacked information included included first and last names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. The hackers also obtained hundreds of thousands of credit cards.

Facebook’s passwords leak

At the beginning of 2019, Facebook announced that it had discovered about 200 to 600 million passwords of Facebook accounts dating back to 2012, shown in plain text. The accounts were available to over 20,000 employees of Facebook. This meant that the employees could, at will, access the accounts of those people.

Unintentional screenshot leaks in general

Oh man, there are some good ones in this category. But the winner of this particular fail sweepstakes has to be tentacle porn man — Kurt Eichenwald. This is the tweet that forever linked tentacle porn to the hapless journalist who can’t seem to stay out of trouble:

Kurt wanted to show Twitter a picture he’d received in the mail, and snapped a pic holding it in front of his computer. Of course it didn’t take long for someone to notice that one of his browser tabs read “B-Chiku [English, Uncensored, 212 pictures]” and then look up what it meant.

The rest is history. To this day, his name can’t be invoked anywhere on the internet without a pile-on of hentai hilarity.

Malachi B.

Advocate for free speech, privacy, and peace. Twitter.

View all posts by Malachi B. →
avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
  Subscribe  
newest oldest
Notify of
Zilver
Guest
Zilver

All in all, even corporate gets smacked with every slice of might.

Classic stuff nonetheless.