Product Reviews
Take Action

Fight for Fair Finance

Tell the administration and Congress to stand up for the consumer watchdog that protects you from financial fraud and abuse.
Take Action
Why Do We Have Campaigns?
We're fighting to ensure you and your family can get a fair deal in the marketplace, especially on the choices that matter most: health care, privacy, automobiles, food, finances and more. Join our campaigns and together, we'll hold corporations and lawmakers accountable.

7 online security disasters

From the Target breach to the Heartbleed bug, here's how they happened

Published: May 30, 2014 06:00 AM

Find Ratings

Lately it seems that a new online security breach happens every week—or every day. Here are some of the most egregious recent ones: how they happened, how bad they were, and what to expect going forward.

Make sure to check our report, "Your Secrets Aren't Safe," to find out about the most current Internet threats..

1. The Target debacle

What happened? Hackers breached Target’s security systems, according to a congressional report, through a connection with an outside vendor, then installed programs that scooped up payment-card data from cash registers. They also obtained customer data stored in Target’s servers.

How bad was it? At the height of the 2013 holidays, they obtained payment-card data for 40 million people who shopped between Nov. 27 and Dec. 15, plus personal data for 70 million more. Banks then placed drastic limits on debit-card withdrawals.

What now? Financial institutions issued new cards, warning millions of fraud risk. Target offered a year of free credit monitoring, although that wouldn’t prevent the misuse of stolen information. Target said it will speed up the adoption of more secure point-of-sale technology.

2. Heartbleed havoc

What happened? In April researchers discovered Heartbleed, a bug in the software that’s used by an estimated two out of three Web servers, which lets hackers obtain passwords and other data that people submit online.

How bad was it? Researchers say that Heartbleed dates to March 2012, so a lot of data may have been compromised.

What now? Popular sites quickly fixed the bug. Some urged users to change passwords.

3. Adobe’s password problem

What happened? Hackers breached Adobe Systems’ security and obtained payment-card numbers for 2.9 million customers and an estimated 38 million user names and encrypted passwords. Affected customers were notified directly by Adobe.

How bad was it? Researchers said the thieves decoded some passwords by drawing on unencrypted password hints.

What now? Adobe required affected customers to change their passwords.

4. Tinder: Dating app kisses and tells

What happened? Tinder told users it would reveal their location only to the nearest mile. But in February the security firm Include Security reported that last fall, the app had let users locate each other to within 100 feet. It told Tinder about the problem in October. Tinder says it enhanced the app’s security soon after. But Include’s time line shows that on Dec. 2, Tinder was still trying to resolve the problem, and that it was fixed by Jan. 1, 2014.

How bad was it? Other Tinder users could pinpoint your exact location. How many people were affected isn’t known.

What now? Tinder says it has beefed up security of its users’ location data.

Get more advice and tips on staying safe online with our guide to Internet security.

5. Advocate Health Care’s millions of lost patient records

What happened? Last July thieves stole four unencrypted laptops from Advocate Health Care’s office in Park Ridge, Ill.

How bad was it? Four million patients were affected, with medical record numbers, diagnoses, names, addresses, birthdays, and Social Security numbers leaked.

What now? Patients affected have filed a class-action suit against Advocate.

6. Living Social’s raw deal

What happened? Last year deals site Living Social reported that hackers had obtained user names and encrypted passwords but not payment-card information.

How bad was it? 50 million were affected.

What now? Living Social strengthened its password security and required users to create new passwords.

7. A worm in Apple’s core

What happened? Researchers reported in February that a security flaw in software placed users of iPhone 4 and later, iPad 2 and later, and iPod Touch (5th gen.) at risk of hacker attacks.

How bad was it? A moderately sophisticated attacker could monitor communications with even very secure sites, including passwords, e-mails, and financial information.

What now? Apple released a new version of iOS to fix it. Within days, one in four affected users had reportedly updated to it.

Editor's Note:

This article also appeared in the Juy 2014 issue of Consumer Reports magazine.

Find Ratings

Computers Ratings

View and compare all Computers ratings.

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Online Security News


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more