6 cybersecurity horror stories to haunt your dreams

Halloween is upon us! Gather round the fire(wall) and let us regale you with six tales of cybersecurity horror for 2021… so far.

[Get the latest on privacy and security in your inbox. Sign up for the ExpressVPN Blog Newsletter.]

Half a billion compromised Facebook profiles

In April this year, it was discovered that personal details for half a billion Facebook profiles were leaked on a publicly accessible hacking forum. Sensitive data leaked included account emails, Facebook IDs, mobile phone numbers, dates of birth, and user locations. 

Facebook wouldn’t disclose which users were affected by the leak, which resulted from a scrape of the site rather than a direct hack on company servers. Why? Because they didn’t know which users were compromised.

We promise this wasn’t an April Fools joke—believe us, we checked.

Read more: 10 times Facebook violated your privacy

Ransomware attack on Colonial Pipeline

U.S. oil producer Colonial Pipeline fell victim to a devastating ransomware attack that resulted in the shutdown of a 5,500-mile-long gas pipeline—accounting for roughly half the gasoline supplied to gas stations on the Eastern Seaboard.

Unsurprisingly, this resulted in gas shortages, inflated prices, panic buying, and hoarding. Colonial Pipeline ended up paying 4.4 million USD in Bitcoin to the ransomware group DarkSide. 

Read more: Frightening reality: You can buy ransomware as a service

Nuclear secrets exposed in apps

Netherlands-based investigative journalists Bellingcat announced in May that they discovered publicly visible flashcards on apps like Chegg, Quizlet, and Cram, that displayed the location of U.S. nuclear weapons in Europe. It turns out that U.S. military personnel were using said apps to memorize security protocols without realizing that the information they entered into the apps would become publicly searchable. 

Visible information included weapons and security locations, personnel identification, secret codes, and patrol schedules.

Read more: 5 times military secrets were exposed in apps

International espionage

Pegasus is spyware that was developed by an Israeli technology firm called NSO Group and sold to various world governments. Once on your phone, Pegasus can copy your messages and media, record your conversations, film you through your phone’s camera, and pinpoint your geographical location. 

In July, reports began to appear that Pegasus had been used to monitor civilian groups. Some 50,000 phone numbers, believed to belong to activists, journalists, lawyers, politicians, and executives across 50 countries (among others), were leaked. NSO went on record to clarify that the software had only been sold to countries with good human rights records.

Read more: What is Pegasus spyware? And how to protect your phone

Electric eye Down Under

In August, Australia passed a surveillance bill that allows police to access a citizen’s smart devices, modify data, and take over a suspected criminal’s social media accounts to gather information in ongoing investigations. 

Those called upon to assist in an inquiry by the government must comply and will receive protection from civil liability. Those who refuse face up to 10 years in prison.

Read more: Australia’s ‘hacking’ bill lets police take over a person’s social media

The heist to end all heists

600 million USD was stolen by a hacker dubbed “Mr. White Hat” after a vulnerability was discovered in the decentralized finance platform Poly Network. In a strange plot twist, the hacker maintained an open discourse with Poly Network, eventually returning all funds stolen, claiming that the goal was to draw attention to the platform’s vulnerabilities.

The Poly Network heist is the largest cryptocurrency theft of all time… until the next one comes along of course!

Read more: 8 of the biggest crypto thefts of all time

Did we miss anything? Let us know below!

Read more: 7 breaches, hacks, and leaks you might have missed this year