Blog/Quality Assurance

10 Biggest Software Bugs and Tech Fails of 2021

Software tester pointing at computer screen

From data breaches and costly glitches to serious ransomware attacks, this year was nothing short of software bugs. Let’s take a look back at the 10 biggest software bugs and tech fails of 2021.

1. T-Mobile data breach affects 50 million customers

t-mobile software bug

On March 18, 2021, a bad actor illegally accessed and acquired personal data from T-Mobile customers. T-Mobile learned about the massive data breach on August 17, 2021. As was confirmed by T-Mobile, an unauthorized individual found their way past the mobile carrier’s security system and was able to access and steal the data of more than 50 million customers.

The type of personal information that had been compromised varied by individual but included names, dates of birth, addresses, phone numbers, drivers’ licenses, government identification numbers, social security numbers, and T-Mobile prepaid PINs.

To protect their customers, the mobile carrier informed them of the security breach and encouraged them to take proactive steps regularly to keep their data safe. Later, the hacker was found—a 21-year old hacker who said he did it to gain attention and show how vulnerable consumer data was. Specifically, the young hacker found an unprotected router and used it to gain access to T-Mobile’s servers. According to him, it took him just one week to enter the servers that contained personal data of former and current customers. He described T-Mobile’s security as awful.

Though T-Mobile CEO apologized for the data security breach and promised to beef up defenses, many customers affected by the data breach have decided to take legal action. The lawsuits allege that T-Mobile’s poor security protocols are to blame and allowed hackers to gain access to the company’s services and extract the personal information of millions of people. This is one costly slip-up the mobile carrier will never forget.

2. Slack receives backlash over new public DM feature

Earlier this year, Slack rolled out a new feature that allowed users to message people outside of their company. The cross-organizational direct messaging feature was designed to help companies working with partners or clients to communicate more easily. Users could also use the feature to send messages to friends at other companies. Although a useful feature, Slack received a lot of backlash from users. It appeared that they hadn’t thought things through. Here’s why.

The new feature let anyone send messages to other users before they accepted their invitation. Namely, users could include a message within the invite. This raised concerns over potentially abusive or harassing messages. Additionally, individuals could not prevent getting spammed with email invites. Since the invites were sent from a single email, its feedback@slack.com address, users did not have the option to block the email without blocking all Connect DM invites—important ones included.

As a result, Slack had no choice but to tweak the feature over harassment concerns. They have since removed the possibility for users to customize messages when sending out an invitation.

3. TikTok glitch resets followers to zero

Hand holding a phone with tiktok app

On May 3, when TikTok users logged on to the app the last thing they expected to see was all of their users gone. But this is exactly what happened. TikTok experienced a glitch that displayed the wrong followers/following count. Some users even had trouble accessing the app, with the app blocking their accounts.

And as is the case with every big name app that doesn’t work as expected—users took their frustration to social media. Soon #TikTokDown was trending. More and more users came forward asking the social media giant to fix the glitch and restore their accounts and followers.

TikTok confirmed the glitch, letting their users know that they were working on resolving the issue. The glitch was resolved overnight, however, a company with such a large user base cannot let software bugs slip through. Glitches like this can easily be prevented with software testing.

4. Colonial Pipeline’s costly ransomware attack

The attack on Colonial Pipeline is one of the worst cyber attacks that occurred in 2021. This attack disrupted nearly half of the fuel supply in the East Coast of the United States. It also caused gasoline shortages in the Southeast and a spike in fuel prices. So what exactly happened?

On April 29, hackers gained access to Colonial Pipeline’s network through a virtual private network account, which allowed employees to remotely access the company’s network. Somehow, the hackers got hold of credentials—a correct username and password—that enabled them to breach Colonial Pipeline’s network. The VPN account did not use multifactor authentication, a basic cybersecurity tool, which is why the hackers were able to gain access using just the credentials. This was a security mistake that proved quite costly and destructive.

After a week, on May 7, Colonial Pipeline received a ransom note demanding a cryptocurrency ransom be paid. Shortly after, the pipeline was shut down. This was the first time in its 57-year history that Colonial Pipeline had shut down the entirety of its gasoline pipeline system. Delivering roughly 2.5 million barrels of fuel across the Southeastern United States daily, the outage crippled fuel delivery. It resulted in long lines at gas stations—some of which ran out—and higher fuel prices.

The hackers also stole nearly 100 gigabytes of data and threatened to leak it if they didn’t pay the ransom. So Colonial Pipeline had no choice but to give in to their demands. They paid a ransom of 75 Bitcoins ($5 million) to the hackers, who were believed to be the cybercrime group known as DarkSide. The ransomware attack on Colonial Pipeline goes to show the extent of damage insufficient security measures and system vulnerabilities can cause. To avoid security issues and data breaches, we suggest investing in security testing and looking into chaos engineering to bring weaknesses to light.

5. Toshiba also becomes victim of DarkSide

On the evening of May 4, the European subsidiaries of the Toshiba Tec Group became a victim of a ransomware attack. The attack was carried out by DarkSide, the same group behind the Colonial Pipeline cyber attack that happened around the same time.

As is common in ransomware attacks, the hacking group requested Toshiba pay a ransom. Toshiba, which sells self-checkout technology and point-of-sale systems to retailers, confirmed that the group had indeed requested a ransom, however, they did not pay it. Toshiba released an official statement explaining the event. They said that they had “not yet confirmed a fact that customer related information was leaked externally.”

Toshiba agreed that they will work towards improving their security measures to protect the data of their customers and employees. Taking appropriate security measures is essential in order to avoid data leaks and security breaches.

6. Call of Duty: Warzone pulls new feature due to glitch

Raven Software had no choice but to pull one of Call of Duty: Warzone’s new features the same day it was added after it caused numerous bugs. Namely, in July, Raven Software added a new feature to the game, a pre-match lobby loadout selection feature.

This new feature allowed players to choose, edit, and use their custom loadouts in the pre-game lobby. However, players noticed a glitch after the feature was rolled out. Players could spawn in with their loadouts at the beginning of matches. As a result, many players had an unfair advantage over others, as they could drop into matches already equipped with the best weapons and attachments. The feature also triggered an infinite Dead Silence bug which allowed players to remove the sound of the footsteps.

After news of the glitch broke out, Raven Software removed the new pre-match feature and promised to re-enable it at a later day—likely after figuring out what caused the glitch in the first place.

7. NHS 4-hour outage leaves passengers stranded

Earlier in October, England’s National Health Service (NHS) experienced an outage that lasted approximately four hours. And it wasn’t just the application that was having issues, but their website too. The outage meant that people could not prove their COVID vaccination status which caused frustration, to say the least.

Because the NHS system was down for hours, many British passengers were left stranded at airports. Some could not board their flights, while others suffered delays. Although the app was back online after four hours, the NHS outage highlighted the problems of a single centralized system.

8. Tesla recalls almost 12,000 vehicles

Person in Tesla vehicle

In November, Tesla recalled close to 12,000 vehicles after discovering a glitch in its Full-Self Driving beta software. Following its most recent update on October 23, Tesla began receiving reports from customers reporting that their vehicles had falsely identified forward collision threats which had caused the automatic emergency braking (AEB) system to activate and bring the vehicle to a sudden stop.

Tesla looked into the reports and discovered a communication error in the 10.3 Full-Self Driving (FSD) beta software. Namely, the software bug could cause a false forward collision warning, activating the AEB system. In the event of the vehicle coming to an abrupt stop, the risk of a rear end collision and injury to those within the vehicle is higher.

To mitigate potential security risks, Tesla asked its quality assurance team to investigate and identify the cause of the software bug. The automaker promptly released a Safety Recall Report to recall affected vehicles—certain Model S, Model X and Model 3 vehicles manufactured 2017-2021, and certain Model Y models manufactured 2020-2021. Tesla also released a separate update to address the software issue and notified vehicle owners of the issue and resolution. Thankfully, there were no crashes or injuries as a result of the software bug.

9. Grand Theft Auto – The Definitive Fiasco

What promised to be a high-quality remaster of the Grand Theft Auto classics—GTA III, Vice City and San Andreas—turned out to be a low-quality game full of bugs, glitches, and poor design decisions.

Despite its lengthy title, fans had set the bar high for Grand Theft Auto: The Trilogy – The Definitive Edition. They expected the game to allow them to relive the old games but with improved visuals. However, when the game was finally released in November, the reception from fans was far from great and Rockstar Games received a lot of backlash. Some users even went as far as to ask for a refund. Why? Well, because the quality was bad—really, really bad.

There were so many issues that users were not happy about and rightfully so. The NPC graphics were terrible, the character models were botchy, the frame rate constantly dropped, the rain effects made it difficult to see, missions and minigames did not work as intended, and the audio quality was appalling. All these issues together made the game almost unplayable.

The video game publisher has since uncovered—and apparently fixed—the long list of software bugs. Nevertheless, the damage was done and it will take a long time for the publisher to recover from this blunder.

10. Log4j software bug leaves millions of web servers vulnerable

The Log4j software bug has set the internet on fire after it has left millions of web servers vulnerable to hackers. The vulnerability was first discovered in the beginning of December. What makes this bug so terrifying is the fact that Log4j, an open-source logging library, is used by many companies worldwide, including high profile organizations like Apple, Amazon, Cisco, IBM, Microsoft, and many many more. So naturally, many parties—companies, clients, and users alike—are worried.

The Log4j software is used to record all activities happening in a wide range of systems, such as errors and routine system operations, and deliver diagnostic messages to system administrators and users. The most common example of Log4j at work is the 404 error message that everyone is familiar with. Hackers can exploit these diagnostics to scan for vulnerable systems to install malware, steal credentials, and gain confidential data.

Due to the extent of damage it could potentially cause, many believe that the Log4j software bug is set to be the worst vulnerability in years. Efforts are being made to fix the issue. Teams around the world are working hard to patch affected systems before hackers can exploit them, while organizations are urged to install the latest security updates in order to counter the threat as soon as possible. While sweeping through their networks and applying a patch might be a solution for now, many companies are still left vulnerable and this solution may still not be enough. Only time will tell.

Detect software bugs before it’s too late

Software bugs can be the downfall of apps, ruin reputations, and cost companies millions to fix. Don’t wait for users to flag an issue in your software. Catch software bugs and issues before your users do. To prevent software fails, glitches, and attacks, quality assurance and software testing is the best way to steer clear of bugs.

Make sure you have an efficient quality assurance and software testing process in place to ensure your product is bug-free. Working with an established QA service provider is a good start to launching a high-quality product with flawless features.

Find out why we’re the number one choice for quality assurance and software testing services. Contact us with your project details and stay one step ahead of your competition.

QA engineer having a video call with 5-start rating graphic displayed above

Deliver a product made to impress

Build a product that stands out by implementing best software QA practices.

Get started today