The Wired Worst hacks of 2023
CyberInsights #125 - A tribute to Okta, LastPass and a few others that made news in 2023.
I’m back after a 2 week hiatus. Not much has changed in the world, I must say, barring the date. It will be a few days till our muscle memory begins to kick in and we write 2024 instead of 2023. Before that, a look back on what happened in the year, from Wired’s perspective, and apparently, also mine.
What went wrong in 2023
It’s like the Razzies, but for cybersecurity!
Trust Wired to come up with the Worst Hacks to 2023.
If you have followed CyberInsights in the last year, you would have heard about most of the hacks.
MOVEit
This is where I had written about MOVEit. A lot of human resource data compromised by a bulk data movement service provider.
Okta
This one was my favourite. After all, there is a weird sense of irony when a company who’s sole job is to provide authentication services fails to protect the identities.
And just as a throwback to a throwback, here is the link to Okta’s breach in 2022. Marks for consistency, though.
Volt Typhoon and the Chinese Government
I have not covered this. A Chinese hacking group targeting US critical infrastructure is too banal to be shortlisted for just 2 stories in the week :)
The link, however, should you wish to read it, is here. State sponsored cyber espionage and stockpiling of Zero Day attacks is coming of age.
US Casino heist… err, hack.
MGM and Caesar’s got hacked. I had written about it here:
Hacking a Casino has major repercussions. There is the data of course, but there is also the free publicity that comes with it and the ability to cause general chaos. A good target for the hacker looking for fame along with some money and fun.
LastPass and the password manager saga
For every genuine question a cybersecurity professional receives about password managers, there is one from a wannabe security expert who brings up LastPass and says “… but you’re putting all your eggs in one basket”
My answer has been consistent all along - you NEED a password manager. Just get one. Have you stopped flying because one plane crashed some days ago? You say your thanks that you were not on that plane and take the next one.
I wrote a dedicated post to LastPass here:
23andMe
It’s not the hack, but the data that was hacked. It was not your regular social security number, not your bank account details, not even your health data. It was you DNA data!!
I wrote about it here:
These are the hacks that Wired thought were the ‘worst’ hacks of 2023. I have covered all of them barring one, which means I would have thought that they were newsworthy in that week.
What do you think? Any hacks that deserve a mention in the worst hacks of 2023?