Data breach incidents have nearly doubled in the past year and this trend is continuing to escalate at an alarming rate. However, the security market remains fairly quiet when it comes to data breaches, whether big or small. Dozens of data breaches, millions of people affected. When will these disasters end?
In this year alone, there have been countless data breaches and hacks, targeting both organizations and individuals. While taking preventative measures is the first step in the right direction, knowing the kind of breaches that happened in the past can help you be better prepared. Without taking any more of your time, I am going to share the 10 worst verified data breaches that we know of so far:
1. Yahoo, 2013
In 2013, Yahoo faced the biggest data breach in history which compromised the information of more than 1 billion Yahoo users. Yahoo’s chief information security officer – Bob Lord confirmed the breach in his post. The data stolen may have included personal information of yahoo users such as their names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The stolen information did not include plaintext passwords, bank account information and payment card data.
2. Yahoo, 2014
Yahoo was again the target of another data breach in 2014. More than 500 million user accounts were compromised in that massive hack. Bob Lord, in the aftermath of the incident, said, “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggested that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”
3. FriendFinder, 2016
It was one of the biggest data breach ever. It was a hack against popular adult dating and entertainment company, FriendFinder Networks (FFN). According to breach notification site LeakedSource, this massive breach exposed data related to more than 412 million user accounts. Leaked Source said “this data set will not be searchable by the general public on our main page temporarily for the time being.”
4. MySpace, [year unknown]
The incident took place a few years ago and is thought to have affected close to 360 million accounts. Myspace confirmed that it was the victim of a major data breach. According to Time Inc., the data was limited to usernames, passwords and email addresses from the platform prior to June 11, 2013, when the site was relaunched with stronger account security.
5. LinkedIn, 2012
LinkedIn lost 167 million account credentials in the massive data breach. According to Forture, “160 million of the compromised accounts have unique email addresses, while the remaining 7 million only include numerical user IDs and passwords.”
6. Massive American Business Hack, 2012
Another notable data breach in 2012 was the massive American business hack which affected both 7-Eleven and NASDAQ. This financial hack stole more than 160 million credit and debit cards and over 800,000 bank accounts by a group of Russian hackers and one Ukrainian.
7. Adobe Systems, 2013
This breach is also considered to be one of the biggest hack in history as it compromised more than 152 million username and hashed passwords. Adobe initially reported the breach affecting three million users and later increased that figure to 38 million. But what’s more important is the fact that millions of those records were “encrypted” credit card details!
8. eBay, 2014
The eBay hack affected up to 145 million eBay users. Hackers accessed email addresses and encrypted passwords belonging to all eBay users. After this breach, millions of users reset their passwords and the company had begun notifying users.
9. Heartland, 2009
Heartland suffered a data breach in 2009 that affected their payroll customers. Over 130 million credit cards were exposed through SQL injection attacks used to install spyware on Heartland’s data systems.
10. Rambler, 2012
Rambler.ru is one of the largest websites in the world, providing search, news, email, and advertising – it’s like a Russian version of Yahoo. More than 98.1 million accounts were in the database, including usernames, email addresses, social account data, and passwords, the group said in a blog post. Unlike other major breaches, those passwords were stored in unencrypted plain text, meaning anyone at the company could easily see passwords.
Final Word
Getting hacked or being exposed to a breach for most people is a huge inconvenience. Avoiding this means taking the necessary steps to protect yourself, but remember, failure to do so can result in identity theft and financial loss.
About the Author
Anas Baig is a Cyber Security Journalist & Tech Reporter. He has been featured on major media outlets including TheGuardian, Lifehacker Australia, CIO, ITProPortal, Infosec Magazine, Tripwire and many others. He writes about online security and privacy, IoT, AI, and Big Data. If you’d like to get in touch, please send an email to [email protected] or follow him on Twitter @anasbaigdm.