Aneesh Bhargav
Vishnu Prasad
November 22, 2022

Top 5 Security Breaches that Rattled the World in 2021 and 2022

Table of Contents

  1. Colonial Pipeline Ransomware Attack

         1.1 Leaked Passwords

          1.2 Legacy VPN Access

          1.3 Multiple Authentication Structure

  1. T-Mobile Data Leak
  2. Rockstar Games and Uber System Breaches

         3.1 Multi-Factor Authentication Instability

         3.2 Social Engineering is still a threat

  1. Twitch Hack

         4.1 Server Misconfiguration

         4.2 Governance

  1. Log4j Vulnerability

         5.1 Maintain SBOM for all third-party dependencies

         5.2 Implement Zero Trust Order

         5.3 Prepare an incident response plan

  1. Conclusion

While most companies are aware of cyber obligations, only a handful are familiar with the complications and repercussions that come with them. According to Identity Theft Resource Center's Annual Data Breach Report, data breaches hit an all-time high in 2021, with a 68% increase compared to 2020. As companies and organizations depend on technology more and more, there is a proportionate increase in their susceptibility to cyberattacks . More than ever, organizations need to deploy effective and well-built cybersecurity practices in place.

Based on current events, a prognosis is that by 2025, the global economy will lose $10.5 trillion because of cybercrimes with an estimated annual growth of 15%. Organizations have never been this at-risk that even massive corporations with state-of-the-art cybersecurity infrastructures are not excused.

We list the top 5 most notable data security breaches that rattled the world in 2021 and 2022 and recount the key takeaways for IT experts:

1. Colonial Pipeline Ransomware Attack

Colonial Pipeline is an enormous pipeline company that supplies gasoline and other petroleum commodities from Texas to places on the East Coast and all around the midwest. Roughly 100 million gallons of oil would percolate through it daily, but their operation had to halt on May 7, 2021, because of an exposed password of a legacy VPN account and the lack of multiple authentication methods in place. The company had to pay a ransom amounting to $4.4 million in cryptocurrency but luckily, managed to recover $2.3 million of it through tracing them. 

The repercussions of the Colonial Pipeline ransomware attack encouraged the government to come up with tactics and strategies to alleviate and intercept such attacks from happening again.

Lesson Learned

Leaked Passwords

Verizon found that 82% of data breaches involved the human element. Be it Use of stolen credentials, Phishing, Misuse, or simply an Error, people continue to play a very large role in incidents and breaches alike. Password vaulting, Multi-Factor Authentication and protected credential storage are some ways that can help industries monitor and manage internal user undertakings.

Legacy VPN Access

Inactive VPN accounts, when neglected, are one sure way to put your confidential information at risk. An automated review system that controls the access permissions of each user and flags unauthorized access can help to keep sensitive data access in check.

Lack of Multiple Authentication Structure

2021 SecureLink and Ponemon Institute conducted a survey that revealed only 40% of users find Multi-Factor Authentication as very important. Corporations like Colonial Pipeline need to utilize MFA at all times because of the effortless security that it provides, and when matched with other security tools, such as access management systems, MFA can bring new heights to a corporation's security measures.

2. T-mobile Data Leak

Approximately 76 million current, former and soon-to-be customers of T-mobile confidential Personal Identifiable Information (PII) were jeopardized, including names, birth dates, addresses, driver's license information, and Social Security numbers, last August 2021. 

A 21-year-old took responsibility for the hacking. He claimed that he infiltrated T-Mobile's security barricades via an unprotected router. He also declared that “none of T-Mobile’s hacked servers had rate limiting enabled.” The telecom eventually had to pay $350 million for a class-action lawsuit and another $150 million to strengthen its security.

Lesson Learned

Companies handling sensitive information of the public, such as banks and telecom companies, should bolster company-wide wireless network security and account for all internal endpoints, and secure them from third-party actors.

3. Rockstar Games and Uber System Breaches

Rockstar Games was found to be breached last September 19, 2022, when several posts on a fan site called GTAForums from the username teapotuberhacker uploaded dozens of unreleased footage and gameplay from the upcoming Grand Theft Auto 6. The hacker claimed to acquire access via Rockstar Games’ Slack server and its Confluence wiki. The company confirmed that they will continue to work on GTA 6.

On September 15, 2022, the ride-share giant Uber was hacked.

It was an extremely comprehensive and extensive breach. As explained in this Twitter thread, the attacker managed to get around Uber's multi-factor authentication process; he had full administrative control of Uber's Amazon Web Services (AWS) and Google Workspace account, among many other systems that contain confidential information. This malicious entity admitted through multiple interviews that they pierced Uber's system through social engineering tactics by posing as someone from the company's IT department on an employee who eventually revealed his access credentials.

Lesson Learned

Multi-Factor Authentication instability

Although Uber has a multi-factor authentication system in place, it doesn't mean that they are immune to social engineering. The problem was that it only took a single point of authentication to access multiple cloud-based IAM services, and Uber was not using FIDO2 passkeys and hardware tokens to guard their internal accounts.

Social Engineering is still a threat

Exploiting the trust of people to acquire sensitive information, such as passwords, can compromise an entire corporation. Your MFA must be truly multi-factor. Aside from PINs, it's a good idea to include FIDO2 and enable number matching before authorizing access to cloud-based servers.

4. Twitch Hack

When the game streaming service Twitch was hacked on October 6, 2021, the news was less about the actuality that the platform was hacked. Instead, it was about the magnitude and extent of information breakout. From the data of Twitch's creators' payouts, source code related to exclusive SDKs, and internal AWS to its internal security tools, the attackers copied 125 GB of data from Twitch's server and leaked it on the imageboard forum, 4chan. The hack was caused by a security glitch in Twitch servers that enabled the attackers' access to highly confidential data.

Lesson Learned

Server Misconfiguration

The Twitch server entered a non-compliant or unwanted space. Unfortunately, there was no record of who implemented the configuration. Encrypting and securely storing sensitive data and following the principle of least privilege to limit access should keep another incident like this from happening. Blocking public traffic to internal endpoints should also do the trick. Most importantly, logging server behavior by default allows for a much more comprehensive approach to vulnerability detection, interception, and mitigation. 


It's crucial that corporations like Twitch avoid misconfiguration through solid governance from the very beginning. Exploiting permission control through IAM Policies and utilizing an intricate zero-trust structure provides a better governance framework that could've prevented the hack from happening. Further, utilizing Threat Intelligence tools like Guard Duty for AWS enable intelligent access control and management based on logs and historical behavior patterns.

5. Log4j Vulnerability

On December 9, 2021, Log4Shell, a software vulnerability in Apache Log4j2, was found to allow remote code execution (RCE) by simply logging a specific string. Because of how ubiquitous the Java-based logging library happens to be along with which the attack could be carried out, this exploit took the world by storm. The Open Source community maintaining Log4Shell worked tirelessly on a patch while dependent applications had to take down critical components.

Lesson Learned

Maintain SBOM for all third-party dependencies

With SBOM, an organization can respond in real-time to any security and operational disturbance related to the exploitation of open-source software. In layman's terms, it's an embedded inventory, a list of ingredients of a software structure.

Implement Zero Trust Order

Zero Trust structure lessens the risk across all environments by laying the foundation of strong identity validation. All resources must be certified and authenticated while maintaining the data integrity of all owned assets.

Prepare an incident response plan

An effective incident response plan is critical to keep all activities in place while diminishing viable risks. If you already have an existing cybersecurity structure, the incident response framework needs to be incorporated in its breadth to cover all bases of IT security.


As extensive as the existing cybersecurity protocols happen to be, data breaches and hacks are still ongoing problems in the information technology industry. Cybercriminal operations show no signs of stopping soon. In fact, their gravity is just worsening as the days go by. It's critical that we learn from the events of this year, e.g. social engineering is still a threat, and Multi-Factor Authentication, if implemented right, goes a long way in fortifying your organization's defenses.

we45 is a world leader in application security, assisting organizations in building apps while integrating the best product security practices available. From application security, Kubernetes Security and DevSecOps to Cloud-Native Security and Threat Modeling, we provide a systematic analysis of your security program as a whole. Our services go way beyond what anyone else in the industry offers. we45’s cutting-edge research and testing are simply game-changing for your AppSec program.