00:00:03 (someone): In 2009, around Christmas time, something terrible was lurking in the network at Google. Google is the most popular website on the internet. It's so popular that many people just think Google is the internet. Google hires many of the most talented minds and has been online since the 90s. Hacking into Google is practically impossible. There's a team of security engineers who test and check all the configurations of the site before they go live. And Google has teams of security analysts and technicians watching the network 24-7 for attacks, intrusions, and suspicious activity. Security plays a vital role at Google and everything has to have the best protections. But this attack slipped past all that. Hackers had found a way into the network. They compromised numerous systems and burrowed their way deep into Google servers and were trying to get data that they shouldn't be allowed to have. Google detected this activity and realized pretty quickly they were dealing with an attack more sophisticated than anything they've ever seen. These are true stories from the dark side of the internet. I'm Jack Reciter. This is Darknet Diaries. Support for this show comes from Sneak. Darknet Diaries has covered a lot of stories about hackers, breaches, cybercrime, and other unsavory topics that dwell on the dark side of modern technology. And while most of you will never end up on an episode, the reality is that there are a ton of ways for malicious actors to get into the systems you build, like remote code execution, and SQL injection, and path traversal, just to name a few. And that's where Snyk comes in.

00:01:36 (someone): That's like less than 1%. Hmm. Combine the dwindling staff and the budget cuts with aging equipment and computers and you can start to see that this could become a serious problem. And a problem for the IRS is a dream come true for hackers. These are true stories from the dark side of the internet. I'm Jack Reciter. This is Darknet Diaries. This episode is sponsored by Ford. Ransomware just spread through your firewall from your development server to your production server. You thought your network was segmented, but it turns out the VLANs were set up wrong and production networks weren't isolated. Your business grinds to a halt while you pick up the pieces and try to recover. Small changes introduce huge risks and large organizations struggle to manage the complexities of attack surface management. It begins at the network layer. Forward Enterprise tells me they're your best chance at finding a fully scalable digital twin software for your network. With Forward, you can view and search your entire network, model attack scenarios with a click of a button, and identify a blast radius in seconds. Get a demo at forwardnetworks.com. That's forwardnetworks.com. 2015 was a year full of data breaches. Starting the year off were two big breaches from healthcare providers. In February, Anthem announced that 80 million patient records were stolen. Discovered around the same time was Primera Blue Cross, and they found that possibly the same actors were in their network and admitted to a breach of 11 million patient records. So just in the first quarter of 2015, we saw almost 100 million patient records get pinched by hackers.

00:51:05 (someone): So these companies started to send out letters to their customers. In October 2015, the online discount stockbroker E-Trade sent a letter to all their customers explaining that their network had been breached, and that customers' personal information had been compromised. They said their database was breached, which contained 31,000 E-Trade customers' data. Scottrade, another online stockbroker, revealed that they were also hit by these hacks. But their breach was way bigger. They believed that the personal information of 4.6 million of their customers had been stolen. Dow Jones sent out letters too. Now, they're not a financial institution in the way of a bank or broker is, but they're a big publisher of financial information. They've been going for 137 years. They published the Wall Street Journal, Market Watch, and Barron's. In October 2015, they informed their customers of a data breach. In their letter, they explain that the hackers may have been in the system for three years, but they'd only found evidence of the theft of 3,500 people's contacts or payment data. There were clues like IP addresses and the malware and the data that was stolen, which made authorities suspect that these hacks were all conducted by the same hackers. A month later, all the evidence came out. On November 10th, 2015, Preet Bharara, the Attorney General of the Southern District of New York, unsealed a superseding indictment against Gary, Ziv, and Joshua, and it was a bombshell. Getting indicted for these stock scams probably seemed bad enough for these guys, but now they were really in trouble.

00:52:38 (someone): Good afternoon.

00:10:02 (someone): Troy obtains as many email dumps as he can. These are giant lists of email addresses that are seen in security breaches. He then turns his list into a public service to allow anyone to search his website to see if their email address was part of a breach. At first you may think a site like that is a phishing scam, and some are. But Troy has proven himself to be ethical and legit. He and his website are trustworthy. He has over 4 billion email addresses in his database, which he gathered from all public breaches. Troy took a look at this new dump from Lorenzo. He found the password field wasn't encrypted in the database like it said it was. Instead, the passwords were stored using a basic, unsalted MD5 hash. Without going into too much detail of what MD5 is, just know it's bad security practice to store your passwords this way. Some MD5 hashes you can simply google and find the password. There are supercomputers that can brute force an MD5 hash and crack it fairly quickly. Storing passwords as MD5 hashes is a severe lack of security. Troy was at first shocked by this. He then went to the website to see what it looked like. He immediately noticed the site doesn't use HTTPS anywhere. Not for authentication or the API. Nothing. We also noticed the site was running ASP 2.0, which by that time had been unsupported by Microsoft for over four years. He also noticed some parts of the website were leaking more information than they should, returning errors with surprising results.

00:00:05 (someone): There's a big list of all known security vulnerabilities for computers. And you want to know what the oldest known computer vulnerability is? The oldest I could find is weak default passwords. This has been a known vulnerability since 1969. Specifically, computers sometimes have the username admin with the password also admin. And the computer doesn't ask you to change it when you buy it. So it can stay that way for a long time. Years. And many computers after that also use admin admin as the default username and password. And over the years, many hackers have been able to get into many systems that they didn't own using this basic username and password. So now, it's been 40 years since we became aware of this security weakness. Surely, by now, this weakness has been resolved, right? And there aren't any computers in the world that have this username and password anymore, right? Right? I sure hope so.

00:01:09 (someone): This is Darknet Diaries. True stories from the dark side of the internet. I'm Jack Recyder.

00:01:21 (someone): This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case. I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening. From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right.

00:13:11 (someone): This story became public on August 27, 2014, when Michael Riley and Jordan Robertson reported on this hack in an article in Bloomberg. They revealed that there had been a successful breach at JPMorgan Chase, and they said it was the work of Russian hackers. The accusation that this was a nation-state attack on U.S. financial infrastructure grabbed the attention of the U.S. financial system. Could it be that Kremlin-sponsored hackers had managed to get inside the networks of JPMorgan Chase, breach layer after layer of security, and make off with tons of customer data without JPMorgan Chase knowing anything about it? It wasn't until the bank filed a disclosure with the Security Exchange Commission on October 2nd that we learned more details about this hack. And it was way worse than anyone thought. The hackers had accessed multiple customer databases and stole 83 million personal identifiable records of JPMorgan Chase's customers. These records were associated with 76 million households and 7 million small businesses, pretty much all located in the U.S. To put that into context, in 2014 there was something like 127 million U.S. households. So that's around 60% of all U.S. households that got their information stolen from this hack. The idea that Russians were behind this hack, and that they were probably state-sponsored, wasn't all that surprising. I mean, just a few months before this, the US had put a load of heavy sanctions on Russia's financial infrastructure. See, in 2014, that was the year when Putin decided he wanted to take the Crimea peninsula from Ukraine.

00:00:03 (someone): In 2009, around Christmas time, something terrible was lurking in the network at Google. Google is the most popular website on the internet. It's so popular that many people just think Google is the internet. Google hires many of the most talented minds and has been online since the 90s. Hacking into Google is practically impossible. There's a team of security engineers who test and check all the configurations of the site before they go live. And Google has teams of security analysts and technicians watching the network 24-7 for attacks, intrusions, and suspicious activity. Security plays a vital role at Google and everything has to have the best protections. But this attack slipped past all that. Hackers had found a way into the network. They compromised numerous systems and burrowed their way deep into Google servers and were trying to get data that they shouldn't be allowed to have. Google detected this activity and realized pretty quickly they were dealing with an attack more sophisticated than anything they've ever seen. These are true stories from the dark side of the internet. I'm Jack Reciter. This is Darknet Diaries. Support for this show comes from Sneak. Darknet Diaries has covered a lot of stories about hackers, breaches, cybercrime, and other unsavory topics that dwell on the dark side of modern technology. And while most of you will never end up on an episode, the reality is that there are a ton of ways for malicious actors to get into the systems you build, like remote code execution, and SQL injection, and path traversal, just to name a few. And that's where Snyk comes in.

00:28:14 (someone): How would you describe to your customers the difference between a cyber security attack and a personal data breach?

00:28:21 (someone): I think that from a customer's perspective, they don't really care. how their data is stolen, they care if their data's been stolen. And so I think that the total set is different ways that customers' data can be stolen. I was trying to be specific in the answer to the chairman earlier about a cyber-related data breach where someone has accessed, a criminal's accessed your systems, as opposed to a human data breach.

00:28:48 (someone): So a human data breach, and that would be someone within the organisation that has stolen data they shouldn't have done, or accessed data they shouldn't have done.

00:28:54 (someone): Yeah, or any former, yes, or through the third party chains.

00:28:59 (someone): Could I ask, why do you think TalkTalk is, or appears to be, so especially vulnerable to this? Because however we look at this, there have been a number of very serious breaches which has caused TalkTalk to develop the bad reputation that it has. Why do you think that's happened to your company in particular?

00:29:20 (someone): I'm afraid I don't think that we are unique or unusual in being victims of cybercrime.

00:29:27 (someone): You've said that a number of times, but you appear to have had more than most.

00:29:30 (someone): I don't think that that's true.

00:29:32 (someone): I think, as I say... You think other big companies have had three serious breaches in the last year?

00:29:37 (someone): Well, I say we've had one serious breach on our systems.

00:29:40 (someone): I know. I feel we're sort of dancing slightly on the head of a pin there because the way you're defining the breaches.

00:51:05 (someone): So these companies started to send out letters to their customers. In October 2015, the online discount stockbroker E-Trade sent a letter to all their customers explaining that their network had been breached, and that customers' personal information had been compromised. They said their database was breached, which contained 31,000 E-Trade customers' data. Scottrade, another online stockbroker, revealed that they were also hit by these hacks. But their breach was way bigger. They believed that the personal information of 4.6 million of their customers had been stolen. Dow Jones sent out letters too. Now, they're not a financial institution in the way of a bank or broker is, but they're a big publisher of financial information. They've been going for 137 years. They published the Wall Street Journal, Market Watch, and Barron's. In October 2015, they informed their customers of a data breach. In their letter, they explain that the hackers may have been in the system for three years, but they'd only found evidence of the theft of 3,500 people's contacts or payment data. There were clues like IP addresses and the malware and the data that was stolen, which made authorities suspect that these hacks were all conducted by the same hackers. A month later, all the evidence came out. On November 10th, 2015, Preet Bharara, the Attorney General of the Southern District of New York, unsealed a superseding indictment against Gary, Ziv, and Joshua, and it was a bombshell. Getting indicted for these stock scams probably seemed bad enough for these guys, but now they were really in trouble.

00:52:38 (someone): Good afternoon.

00:27:10 (someone): This might have been how BA discovered this, but still today, there's been no explanation on how BA discovered this or how the hack happened or what happened really.

00:27:19 (someone): British Airways never explained exactly what happened. They tried to avoid it in any kind of media engagement. And if you look at what they did PR wise, they basically tried to flush it out with other news. So they tried as hard as possible to make sure that nobody was talking about this. And up till this day, we still don't know exactly what happened internally.

00:27:42 (someone): The CEO said they would reimburse anyone who was a victim of credit card fraud from this. And that seemed to be the end of this incident. Equally fell off the news cycles and disappeared. Until this year. In 2019, the ICO had one last say in the matter. The ICO is a regulatory body in the UK, sort of like the Federal Trade Commission in the US. They investigated this and thought British Airways wasn't following proper regulations regarding online security. The ICO found that over 500,000 user details were stolen from this hack. And after their investigation, they found that British Airways wasn't following proper GDPR policies, and gave them a fine totaling 237 million US dollars, or 183 million British pounds. This is a record high fine for anyone violating GDPR. But $237 million is just 1.5% of their earnings during the year they were breached. So it's enough to make BA notice this, but I'm not sure if it'll hurt him that much in the long run.

00:51:05 (someone): So these companies started to send out letters to their customers. In October 2015, the online discount stockbroker E-Trade sent a letter to all their customers explaining that their network had been breached, and that customers' personal information had been compromised. They said their database was breached, which contained 31,000 E-Trade customers' data. Scottrade, another online stockbroker, revealed that they were also hit by these hacks. But their breach was way bigger. They believed that the personal information of 4.6 million of their customers had been stolen. Dow Jones sent out letters too. Now, they're not a financial institution in the way of a bank or broker is, but they're a big publisher of financial information. They've been going for 137 years. They published the Wall Street Journal, Market Watch, and Barron's. In October 2015, they informed their customers of a data breach. In their letter, they explain that the hackers may have been in the system for three years, but they'd only found evidence of the theft of 3,500 people's contacts or payment data. There were clues like IP addresses and the malware and the data that was stolen, which made authorities suspect that these hacks were all conducted by the same hackers. A month later, all the evidence came out. On November 10th, 2015, Preet Bharara, the Attorney General of the Southern District of New York, unsealed a superseding indictment against Gary, Ziv, and Joshua, and it was a bombshell. Getting indicted for these stock scams probably seemed bad enough for these guys, but now they were really in trouble.

00:52:38 (someone): Good afternoon.

00:00:05 (someone): There's a big list of all known security vulnerabilities for computers. And you want to know what the oldest known computer vulnerability is? The oldest I could find is weak default passwords. This has been a known vulnerability since 1969. Specifically, computers sometimes have the username admin with the password also admin. And the computer doesn't ask you to change it when you buy it. So it can stay that way for a long time. Years. And many computers after that also use admin admin as the default username and password. And over the years, many hackers have been able to get into many systems that they didn't own using this basic username and password. So now, it's been 40 years since we became aware of this security weakness. Surely, by now, this weakness has been resolved, right? And there aren't any computers in the world that have this username and password anymore, right? Right? I sure hope so.

00:01:09 (someone): This is Darknet Diaries. True stories from the dark side of the internet. I'm Jack Recyder.

00:01:21 (someone): This episode is brought to you by SpyCloud. For some people, ignorance is bliss. But for you, as a security practitioner, that's not the case. I went to spycloud.com to check into my darknet exposure, and I won't tell you what it is, but spoiler alert, I found some things that are pretty eye-opening. From breach exposures to info stealing malware infections, knowing what criminals know about you and your business is the first step to setting things right.

00:27:10 (someone): This might have been how BA discovered this, but still today, there's been no explanation on how BA discovered this or how the hack happened or what happened really.

00:27:19 (someone): British Airways never explained exactly what happened. They tried to avoid it in any kind of media engagement. And if you look at what they did PR wise, they basically tried to flush it out with other news. So they tried as hard as possible to make sure that nobody was talking about this. And up till this day, we still don't know exactly what happened internally.

00:27:42 (someone): The CEO said they would reimburse anyone who was a victim of credit card fraud from this. And that seemed to be the end of this incident. Equally fell off the news cycles and disappeared. Until this year. In 2019, the ICO had one last say in the matter. The ICO is a regulatory body in the UK, sort of like the Federal Trade Commission in the US. They investigated this and thought British Airways wasn't following proper regulations regarding online security. The ICO found that over 500,000 user details were stolen from this hack. And after their investigation, they found that British Airways wasn't following proper GDPR policies, and gave them a fine totaling 237 million US dollars, or 183 million British pounds. This is a record high fine for anyone violating GDPR. But $237 million is just 1.5% of their earnings during the year they were breached. So it's enough to make BA notice this, but I'm not sure if it'll hurt him that much in the long run.

00:21:52 (someone): For a network the size of LVS, where they had thousands of staff and computers and communication systems, this was probably the absolute worst nightmare for the IT security team. Computer systems at LVS were in total chaos. The cyber incident responders who worked at LVS kicked into action. The analysts were sent off to figure out where the attack was coming from and how to block its path. And hundreds of IT staff at Las Vegas Sands were working together to try to protect the valuable servers, the data centers, the networks, and LVS itself. By the afternoon of February 10th, IT security staff realized that hackers were in the network. File logs told them that sensitive files were being compressed and downloaded. Not only had the networks been breached and firewalls been knocked through and servers exposed, but hackers were now actively downloading the data on customers and guests and staff and gamblers, like the exclusive invitation-only members list. It was stolen. Social security numbers were stolen. Driver's license details were stolen. The list goes on and on. But while sensitive data was being stolen, what the IT security engineers had to focus on was keeping those critical systems up so that the casino and hotel could stay operational. The gaming tables and slot machines and access to hotel rooms and electronic door codes and the retail outlets and the elevators leading to the 50 different floors, payment stations, card machines, and all that relies on a stable and functioning network. But the network was crumbling away like a sandcastle falling over. Las Vegas Sands, the biggest casino operator in the world, had to consider that they might have to stop everything and tell their visitors to leave, close the doors. At this point, realizing the scale of the hack and the seriousness of it, Sands president Michael Levin ordered IT system staff to sever LVS from the internet entirely.

00:43:42 (someone): Now, up until this point, the world had thought the LinkedIn data breach was for 6.5 million users. Because after all, that's what was posted on InsiderPro.com. And what's more is that LinkedIn never clarified how many accounts got stolen. But in May 2016, someone posted that they had even more LinkedIn credentials for sale. They claimed to have 117 million user details from LinkedIn and was selling it for just over $2,000 in Bitcoin. This triggered a whole new news cycle.

00:44:17 (someone): Warning topping America's money, a security breach that LinkedIn turns out to be much bigger than first thought.

00:44:22 (someone): That's right. The social network for business now says a hacker stole 117 million user passwords in the 2012 breach, far more than the original estimate of about six and a half million.

00:44:33 (someone): And think about all the users of LinkedIn. Yes, of course, professionals looking to network, but also many top executives have accounts there. I mean, after all, if your business is listed there, shouldn't the leader of that business be on there too? But on top of that, you have government officials on there, lawmakers are there, members of Congress, FBI agents, NSA agents, senators, and yes, even the president of the United States. Barack Obama made his account in 2007 when he was running for president and was president in 2012 when this happened. This news swept through lots of circles and impacted a lot of people. What's more is this new dump contained a lot of cracked passwords that anyone can see in plain text. It wasn't that LinkedIn stored passwords in plain text, but the hackers were able to find ways to crack a lot of the passwords that were in there.

00:05:33 (someone): and when looking around there, he found the database was huge. The hacker grabbed a copy of everything in the database, downloaded the whole thing, then moved on to another database and grabbed a copy of everything there too. The hacker then disconnected from the VTech servers. He knew he had committed a crime and a wave of nervousness swept across him. This breach occurred around November 16th, 2015. The hacker was equal parts disappointed and excited. He thought getting into the VTech network was way too easy. In a very short time, he was able to take all the contents of their multiple databases. With a copy of the VTech database on his own computer, he was able to slowly go through it and see what data he had. The first thing he noticed was a table called parent. It had the following fields. First name, last name, email address, encrypted password, secret question, secret answer, home address, IP address. As the hacker looked, he realized this is the entire user database for everyone who's registered at the site. There were 4.8 million people listed in this table. He could not believe his eyes. A list of 4.8 million user accounts would be a hot item on the darknet. A list this large could bring in some decent bitcoin. But the hacker had no intention on selling the data. The hacker took another look at the database and found another interesting table called member. It contained children's names, birthdays, gender, and their parents' IDs. A hacker realized by combining the two tables he could positively identify what the last name of the child was and where they live.

00:43:42 (someone): Now, up until this point, the world had thought the LinkedIn data breach was for 6.5 million users. Because after all, that's what was posted on InsiderPro.com. And what's more is that LinkedIn never clarified how many accounts got stolen. But in May 2016, someone posted that they had even more LinkedIn credentials for sale. They claimed to have 117 million user details from LinkedIn and was selling it for just over $2,000 in Bitcoin. This triggered a whole new news cycle.

00:44:17 (someone): Warning topping America's money, a security breach that LinkedIn turns out to be much bigger than first thought.

00:44:22 (someone): That's right. The social network for business now says a hacker stole 117 million user passwords in the 2012 breach, far more than the original estimate of about six and a half million.

00:44:33 (someone): And think about all the users of LinkedIn. Yes, of course, professionals looking to network, but also many top executives have accounts there. I mean, after all, if your business is listed there, shouldn't the leader of that business be on there too? But on top of that, you have government officials on there, lawmakers are there, members of Congress, FBI agents, NSA agents, senators, and yes, even the president of the United States. Barack Obama made his account in 2007 when he was running for president and was president in 2012 when this happened. This news swept through lots of circles and impacted a lot of people. What's more is this new dump contained a lot of cracked passwords that anyone can see in plain text. It wasn't that LinkedIn stored passwords in plain text, but the hackers were able to find ways to crack a lot of the passwords that were in there.

00:13:11 (someone): This story became public on August 27, 2014, when Michael Riley and Jordan Robertson reported on this hack in an article in Bloomberg. They revealed that there had been a successful breach at JPMorgan Chase, and they said it was the work of Russian hackers. The accusation that this was a nation-state attack on U.S. financial infrastructure grabbed the attention of the U.S. financial system. Could it be that Kremlin-sponsored hackers had managed to get inside the networks of JPMorgan Chase, breach layer after layer of security, and make off with tons of customer data without JPMorgan Chase knowing anything about it? It wasn't until the bank filed a disclosure with the Security Exchange Commission on October 2nd that we learned more details about this hack. And it was way worse than anyone thought. The hackers had accessed multiple customer databases and stole 83 million personal identifiable records of JPMorgan Chase's customers. These records were associated with 76 million households and 7 million small businesses, pretty much all located in the U.S. To put that into context, in 2014 there was something like 127 million U.S. households. So that's around 60% of all U.S. households that got their information stolen from this hack. The idea that Russians were behind this hack, and that they were probably state-sponsored, wasn't all that surprising. I mean, just a few months before this, the US had put a load of heavy sanctions on Russia's financial infrastructure. See, in 2014, that was the year when Putin decided he wanted to take the Crimea peninsula from Ukraine.

00:05:33 (someone): and when looking around there, he found the database was huge. The hacker grabbed a copy of everything in the database, downloaded the whole thing, then moved on to another database and grabbed a copy of everything there too. The hacker then disconnected from the VTech servers. He knew he had committed a crime and a wave of nervousness swept across him. This breach occurred around November 16th, 2015. The hacker was equal parts disappointed and excited. He thought getting into the VTech network was way too easy. In a very short time, he was able to take all the contents of their multiple databases. With a copy of the VTech database on his own computer, he was able to slowly go through it and see what data he had. The first thing he noticed was a table called parent. It had the following fields. First name, last name, email address, encrypted password, secret question, secret answer, home address, IP address. As the hacker looked, he realized this is the entire user database for everyone who's registered at the site. There were 4.8 million people listed in this table. He could not believe his eyes. A list of 4.8 million user accounts would be a hot item on the darknet. A list this large could bring in some decent bitcoin. But the hacker had no intention on selling the data. The hacker took another look at the database and found another interesting table called member. It contained children's names, birthdays, gender, and their parents' IDs. A hacker realized by combining the two tables he could positively identify what the last name of the child was and where they live.

00:05:33 (someone): and when looking around there, he found the database was huge. The hacker grabbed a copy of everything in the database, downloaded the whole thing, then moved on to another database and grabbed a copy of everything there too. The hacker then disconnected from the VTech servers. He knew he had committed a crime and a wave of nervousness swept across him. This breach occurred around November 16th, 2015. The hacker was equal parts disappointed and excited. He thought getting into the VTech network was way too easy. In a very short time, he was able to take all the contents of their multiple databases. With a copy of the VTech database on his own computer, he was able to slowly go through it and see what data he had. The first thing he noticed was a table called parent. It had the following fields. First name, last name, email address, encrypted password, secret question, secret answer, home address, IP address. As the hacker looked, he realized this is the entire user database for everyone who's registered at the site. There were 4.8 million people listed in this table. He could not believe his eyes. A list of 4.8 million user accounts would be a hot item on the darknet. A list this large could bring in some decent bitcoin. But the hacker had no intention on selling the data. The hacker took another look at the database and found another interesting table called member. It contained children's names, birthdays, gender, and their parents' IDs. A hacker realized by combining the two tables he could positively identify what the last name of the child was and where they live.

00:13:11 (someone): This story became public on August 27, 2014, when Michael Riley and Jordan Robertson reported on this hack in an article in Bloomberg. They revealed that there had been a successful breach at JPMorgan Chase, and they said it was the work of Russian hackers. The accusation that this was a nation-state attack on U.S. financial infrastructure grabbed the attention of the U.S. financial system. Could it be that Kremlin-sponsored hackers had managed to get inside the networks of JPMorgan Chase, breach layer after layer of security, and make off with tons of customer data without JPMorgan Chase knowing anything about it? It wasn't until the bank filed a disclosure with the Security Exchange Commission on October 2nd that we learned more details about this hack. And it was way worse than anyone thought. The hackers had accessed multiple customer databases and stole 83 million personal identifiable records of JPMorgan Chase's customers. These records were associated with 76 million households and 7 million small businesses, pretty much all located in the U.S. To put that into context, in 2014 there was something like 127 million U.S. households. So that's around 60% of all U.S. households that got their information stolen from this hack. The idea that Russians were behind this hack, and that they were probably state-sponsored, wasn't all that surprising. I mean, just a few months before this, the US had put a load of heavy sanctions on Russia's financial infrastructure. See, in 2014, that was the year when Putin decided he wanted to take the Crimea peninsula from Ukraine.

00:43:42 (someone): Now, up until this point, the world had thought the LinkedIn data breach was for 6.5 million users. Because after all, that's what was posted on InsiderPro.com. And what's more is that LinkedIn never clarified how many accounts got stolen. But in May 2016, someone posted that they had even more LinkedIn credentials for sale. They claimed to have 117 million user details from LinkedIn and was selling it for just over $2,000 in Bitcoin. This triggered a whole new news cycle.

00:44:17 (someone): Warning topping America's money, a security breach that LinkedIn turns out to be much bigger than first thought.

00:44:22 (someone): That's right. The social network for business now says a hacker stole 117 million user passwords in the 2012 breach, far more than the original estimate of about six and a half million.

00:44:33 (someone): And think about all the users of LinkedIn. Yes, of course, professionals looking to network, but also many top executives have accounts there. I mean, after all, if your business is listed there, shouldn't the leader of that business be on there too? But on top of that, you have government officials on there, lawmakers are there, members of Congress, FBI agents, NSA agents, senators, and yes, even the president of the United States. Barack Obama made his account in 2007 when he was running for president and was president in 2012 when this happened. This news swept through lots of circles and impacted a lot of people. What's more is this new dump contained a lot of cracked passwords that anyone can see in plain text. It wasn't that LinkedIn stored passwords in plain text, but the hackers were able to find ways to crack a lot of the passwords that were in there.