Security Bulletin

2022 Data Breaches: What Happened and What Did We Learn?

March 14, 2023

2022 Data Breaches

Data breaches are an unfortunate reality in today’s digital world, where businesses of all sectors and sizes are at risk of cyberattacks. Thousands of breaches are publicly reported every year, with major industry leaders often falling victim to cyber criminals. After all, it just takes one unauthorized download or compromised password for hackers to infiltrate networks, as seen in recent data breaches during 2022.

While data leaks may be detrimental to companies and customers, we can all learn from security breaches. Let’s take a look at high-profile data breaches in 2022 and the key takeaways from each.

Toyota Data Breach in 2022

In October 2022, Toyota revealed nearly 300,000 customers may have had their emails and customer management numbers compromised in a data breach that went undetected for nearly five years. A third-party contractor published source code credentials on GitHub, which another third party used to access a Toyota server.

According to Toyota, the web development subcontractor “mistakenly uploaded” some of the source code to GitHub when it was set to public in December 2017. Toyota was incredibly lucky more cyber criminals didn’t notice this mistake, as the credentials were exposed through September 2022. It was only picked up when a hacker used these credentials to breach a company server.

Another silver lining to the Toyota data breach in 2022 is that only emails and customer management numbers were affected. Without names, phone numbers, and credit card details, there’s limited damage hackers can do to affected customers, other than target them with phishing attacks.

While still an invasion of privacy and a security risk, this data breach could have been much more severe, given how long Toyota’s server credentials were unknowingly compromised. The breach is a prime example of how one simple mistake by a trusted third party can expose corporate networks. Considering the sheer volume of users and credentials across the digital business landscape, it’s easy to miss these mistakes until a data breach actually occurs.

As a result of the Toyota data breach in 2022, the auto manufacturing giant updated access keys, took away third-party server access, and switched its GitHub repository from public to private. Affected customers received an email apology with instructions on checking if their data was leaked and contacting Toyota for more details.

Despite Toyota’s strong cybersecurity measures, human error inadvertently led to this data breach, which should remind any companies using the cloud to carefully monitor human resources and third parties, specifically what credentials they receive and how they use them. As long as companies use passwords, their credentials can be easily exposed via public code repositories and cloud buckets, leaving sensitive data vulnerable.

Cash App Data Breach in 2022

When the Cash App data breach was disclosed in April 2022, the mobile payment service platform said over eight million users could be affected.

This time it wasn’t a third party behind the breach, but rather a former employee who accessed customer reports once their employment ended. The employee regularly accessed such reports during their tenure at Cash App and was able to download this information when they left.

These records included customers’ full names and brokerage account numbers, although usernames and passwords were not compromised. The account numbers are used to identify Cash App Investing activity, and for some customers, their brokerage portfolio holdings, value, or trading activity for one day were also exposed.

Like Toyota, Cash App was lucky no usernames, passwords, dates of birth, access codes, or Social Security numbers were compromised in the breach. Even so, it raises concerns about the human element in technology. If a former employee could access these reports after their employment ceased, many others may also have the credentials to do so.

Cash App contacted 8.2 million current and former users to inform them of the breach and also notified law enforcement. The company launched an investigation, but any potential changes to IT policies and authentication methods are not yet public.

Cloudflare Data Breach in 2022

The Cloudflare data breach in July and August 2022 was a sophisticated phishing attack, with the internet infrastructure company just one of hundreds targeted in the phishing spree.

At least 76 company employees, and some of their family members, received SMS phishing messages to their work or personal cell phones. These texts were delivered in less than a minute and appeared to point to Cloudflare’s Okta login page, telling employees their Cloudflare schedule had been updated.

The messages directed employees to click on what looked like an official Okta domain, which then prompted them to type in their username and password. Three text recipients fell for the scam and submitted their credentials, which were passed on to the hackers. However, the cyber criminals couldn’t use the compromised login details to access Cloudflare’s systems because the company requires a hardware key for employee sign-ins.

Cloudflare’s quick response to the phishing attack prevented further damage, with the domain quickly blocked and affected employees identified. The company reset passwords and logged those employees out of active sessions to ensure hackers couldn’t access any more information.

It took less than an hour for Cloudflare to take down the phishing domain, and since then, the company has added more detection mechanisms to identify similar phishing campaigns. Cloudflare’s swift approach shows just how fast organizations need to act to protect their data and how standard usernames and passwords remain a top target for hackers.

Final Thoughts on Recent Data Breaches in 2022

These recent data breaches 2022 demonstrate how, even with the world’s increasing reliance on technology, human error is often to blame for leaving companies and their data exposed.

In Toyota’s case, a third-party subcontractor accidentally published credentials within source code to a public repository, leading hackers straight to Toyota’s server, where emails and customer management numbers were compromised.

With Cash App, an ex-employee downloaded reports containing customer names and account numbers without permission. Cloudflare was targeted by an SMS phishing scheme in which several employees had their usernames and passwords stolen, but the company’s hardware key sign-in protocols protected against serious harm.

All of these data breaches involved unauthorized access to credentials, showcasing how even high-strength passwords and multi-factor authentication protocols can be compromised. As data breaches continue to be a top security concern for big and small businesses, more companies may switch to passwordless authentication resistant to phishing and other cyber-attacks.

Protect Your Data

As a credential management provider, Axiad works with leading authentication systems, unifying these tools into one simple solution to help prevent data breaches. Learn more about our innovative approach to authentication and passwordless orchestration.

About the author
Axiad Team
Axiad Demo

See How Axiad Works

See a comprehensive demo of Axiad and envision how it will revolutionize authentication for you!