How does hacking data breaches occur?


Like are they writing up certain codes to trick the computers?
I’ve taken a programming class but I just don’t get it .

In: Technology


Sometimes, yes. If a website has a box where you type something in (like a name, address, password etc) that text then goes to the server. If the website wasn’t built carefully to filter out certain text or symbols, the hacker could put in code in that box, then when the server gets it, it will execute that code.

Even worse, if the website takes what you enter then uses it to display something back to you, that could be tricked into displaying back to you sensitive information. For example, you type in your name, then it says “welcome name”, if you instead of typing in your name, type in code for give me a list of everyone’s password, it might display : “Welcome user001: password user002: [email protected] user003:passw0rd”

Or course there are other methods, but this is the eli5 example. This is not a very sophisticated attack, and it’s one of the first things you learn as a software engineer to guard against, but back in the day this was the source of a lot of data leaks.

*Hacking* is the art of tricking a system into doing something it’s not designed for.

The actual methods are very diverse. Most often they abuse a vulnerability in the system. These always exist because noone programs perfectly in the first try, so it’s a race between malevolent hacker who want to abuse it, and white-hat hackers that find it to report it to the software creator to patch the vulnerability out.

The attacks can be really sophisticated, for example meltdown and spectre abuse some CPU properties to read data thats supposed to be inaccessible. It works by tricking the system to optimize execution speed for them and then measuring the timing of execution wich is faster for certain data depending on what bytes were in the inaccessible part.

Basically hacking is exploiting vulnerabilities in software, often caused by human error.
Software is made by people for a specific purpose, but sometimes if you use it for a different purpose, the software behaves in a weird way because it was not tested for it, which hackers make use of.
An example is an SQL injection, which is an old hack to get data.
In the website software, commands are sent to a database to store and retrieve data. Let’s say the website allows you to enter your name and then returns some data. Now assume a hacker does not enter his name but instead enters a special command that can be understood by the database. Then it could trick the server to for instance return all database data if the software is not made to check this.