Recent famous data breaches

Recent famous data breaches

Data breaches are on the rise – and it is becoming more and more critical for business to manage data security and maintain a streamlined business processes. Even bigger companies like Facebook, LinkedIn, and Twitter are susceptible to data breaches.

To avert these data theft instances, we have put together a list of some of the biggest data breaches in recent history:

  1. LinkedIn User Data Breach

When: June 2021

Effect: 700 million users

Data associated with 700 million LinkedIn users was posted for sale in a Dark Web forum on June 2021. This exposure impacted 92% of the total LinkedIn user base of 756 million users.

  1. Facebook data breach

When: April 2021

Effect: 533 Million users

In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been exposed to the public Internet. This database was leaked on the dark web for free in April 2021, adding a new wave of criminal exposure to the data originally exfiltrated in 2019. This makes Facebook one of the recently hacked companies 2021, and therefore, one of the largest companies to be hacked in 2021.

  1. Zoom data breach

When: April 2020

Effect: 500,000 users

Hackers initially canvassed dark web databases of previously compromised login credentials dating back to 2013. Because passwords are usually recycled, this gave them instant access to a gamut of active Zoom accounts.

  1. First American Financial Corp. data breach

When: May 2019

Effect: 885 Million users

In May 2019, First American Financial Corporation reportedly leaked 885 million users’ sensitive records that date back more than 16 years, including bank account records, social security numbers, wire transactions, and other mortgage paperwork.

  1. Canva data breach

When: May 2019

Effect: 137 Million users

Australian business, Canva – an online graphic design tool – suffered a data breach that impacted 137 million users. The exposed data included email addresses, names, usernames, cities and passwords stored as bcrypt hashes.

  1. Quora data breach

When: December 2018

Effect: 100 Million users

The types of leaked data included personal information such as names, email addresses, encrypted passwords, user accounts linked to Quora and public questions and answers posted by users. There was no evidence discovered that anonymously posted questions and answers were affected by the breach.

  1. Starwood (Marriott) data breach

When: November 2018

Effect: 500 Million Guests

In November 2018, Marriott International announced that hackers had stolen data about approximately 500 million Starwood hotel customers. The attackers had gained unauthorized access to the Starwood system back in 2014 and remained in the system after Marriott acquired Starwood in 2016. However, the discovery was not made until 2018.

  1. Twitter data breach

When: May 2018

Effect: 330 Million users

In May of 2018, social media giant Twitter notified users of a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network. Twitter told its 330 million users to change their passwords but the company said it fixed the bug and that there was no indication of a breach or misuse, but encouraged the password update as a precaution.

  1. Aadhaar data breach

When: March 2018

Effect: 1.1 Billion People

This massive data breach was the result of a data leak on a system run by a state-owned utility company. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details.

  1. Yahoo data breach

When: October 2017

Effect: 3 Billion Accounts

An investigation revealed that users’ passwords in clear text, payment card data and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.

  1. Uber data breach

When: Late 2016

Effect: 57 Million users and 600,000 drivers’ data

The hackers gained access to an Amazon web server, owned by Uber, using credentials that were mistakenly left in a GitHub repository by an Uber engineer. Since the breach, Uber agreed to 20 years of privacy audits in a settlement with the FTC. The company was later ordered to pay $148 million in its breach settlement.

  1. eBay data breach

When: Feb / Mar 2014

Effect: 145 Million users

Attackers used a small set of employee credentials to access this trove of user data. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth.

  1. Adobe data breach

When: October 2013

Effect: 152 Million

In October 2013, 153 million Adobe accounts were breached. The data breach contained an internal ID, username, email, encrypted password and password hint in plain text. The encryption was weak and many were quickly resolved back to plain text, the password hints added to the damage making it easy to guess the passwords of many users.

Companies should follow best practices to avoid these data breach incidents. Some of them being:

  • Up-to-date Security Software

  • Regular Risk Assessments

  • Encryption and data backup

  • Staff training and awareness

  • Ensure vendors and partners maintain high data protection standards

  • Third party Data Security Evaluations

Follow these and be free of any data privacy issues and data leaks.