Back Catalogue of Hacks, Leaks and Compromises

A brief list of some of the most notable IT and web security events in recent news.

Please Note: Reading this article may leave you with feelings of paranoia and scepticism; this is a perfectly healthy approach to staying safe on-line ūüėČ

Decorative Image, binary passwordThis is a brief summary of recent and notable websites and services that have been compromised in one way or another.  It is intended to highlight that no matter how big, skilled or trusted an organisation might be it seems that nobody is 100% safe on the web.  It only includes malicious activity and does not include accidental or careless mistakes.

You can take this one of two ways; 1) panic that nothing is safe and unplug everything, vowing never to go on-line ever again or 2) accept that nothing is safe and do the few little things that are within your power to minimise the risk of being violated** if any website that you use becomes a victim.

This list is in no particular order, is far from exhaustive and I’ll update it as new compromises are made public…

Updated: 09-06-11
  • Sony (again)
    • Who: Electronics and media manufacturer
    • When: May + June 2011
    • What: Several Sony owned or related websites have been compromised by hackers to varying degrees including (but not limited to) any or all of the following; defacing a public website, leaking administration details, leaking customer information including usernames and passwords, acquiring voucher codes
    • Why: These attacks are being carried out by various groups and individuals, some are intended to highlight flaws in Sony’s security and that they are compromising the privacy and security of their customers while others are in retaliation to behaviour from Sony that some perceive to be malicious such as criminal charges against George Hotz
    • More: Naked Security – Sophos | IB Times | Wall Street Journal
  • Citigroup
    • Who:¬†American multinational financial services company
    • When: May 2011
    • What: Hackers obtained personal information on 200,000 including name, email address and account numbers – other information was not compromised including social security numbers, card details security codes
    • More: Reuters | Naked Security – Sophos
  • Lockheed Martin, L3, Northrop Grumman
    • Who: US Department of Defence contractors – manufacturer of aeronautical and munitions equipment
    • When: May 2011
    • What: Several highly targeted attacks that used information garnered from the earlier RSA SecurID¬†compromise, all three companies reportedly survived the attacks with no data compromised
    • More: CNN | Reuters | Reuters | Naked Security – Sophos

** I’ll explain in more detail just how you might find yourself violated in another post soonI’ll also post a similar back catalogue of recent notable computer infection outbreaks; to include them here would make the list a tad overwhelming!

Image Attribution: Thanks to Salvatore Vuono @ for both images