Recent famous data breaches
Data breaches are on the rise – and it is becoming more and more critical for business to manage data security and maintain a streamlined business processes. Even bigger companies like Facebook, LinkedIn, and Twitter are susceptible to data breaches.
To avert these data theft instances, we have put together a list of some of the biggest data breaches in recent history:
LinkedIn User Data Breach
When: June 2021
Effect: 700 million users
Data associated with 700 million LinkedIn users was posted for sale in a Dark Web forum on June 2021. This exposure impacted 92% of the total LinkedIn user base of 756 million users.
Facebook data breach
When: April 2021
Effect: 533 Million users
In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been exposed to the public Internet. This database was leaked on the dark web for free in April 2021, adding a new wave of criminal exposure to the data originally exfiltrated in 2019. This makes Facebook one of the recently hacked companies 2021, and therefore, one of the largest companies to be hacked in 2021.
Zoom data breach
When: April 2020
Effect: 500,000 users
Hackers initially canvassed dark web databases of previously compromised login credentials dating back to 2013. Because passwords are usually recycled, this gave them instant access to a gamut of active Zoom accounts.
First American Financial Corp. data breach
When: May 2019
Effect: 885 Million users
In May 2019, First American Financial Corporation reportedly leaked 885 million users’ sensitive records that date back more than 16 years, including bank account records, social security numbers, wire transactions, and other mortgage paperwork.
Canva data breach
When: May 2019
Effect: 137 Million users
Australian business, Canva – an online graphic design tool – suffered a data breach that impacted 137 million users. The exposed data included email addresses, names, usernames, cities and passwords stored as bcrypt hashes.
Quora data breach
When: December 2018
Effect: 100 Million users
The types of leaked data included personal information such as names, email addresses, encrypted passwords, user accounts linked to Quora and public questions and answers posted by users. There was no evidence discovered that anonymously posted questions and answers were affected by the breach.
Starwood (Marriott) data breach
When: November 2018
Effect: 500 Million Guests
In November 2018, Marriott International announced that hackers had stolen data about approximately 500 million Starwood hotel customers. The attackers had gained unauthorized access to the Starwood system back in 2014 and remained in the system after Marriott acquired Starwood in 2016. However, the discovery was not made until 2018.
Twitter data breach
When: May 2018
Effect: 330 Million users
In May of 2018, social media giant Twitter notified users of a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network. Twitter told its 330 million users to change their passwords but the company said it fixed the bug and that there was no indication of a breach or misuse, but encouraged the password update as a precaution.
Aadhaar data breach
When: March 2018
Effect: 1.1 Billion People
This massive data breach was the result of a data leak on a system run by a state-owned utility company. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details.
Yahoo data breach
When: October 2017
Effect: 3 Billion Accounts
An investigation revealed that users’ passwords in clear text, payment card data and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.
Uber data breach
When: Late 2016
Effect: 57 Million users and 600,000 drivers’ data
The hackers gained access to an Amazon web server, owned by Uber, using credentials that were mistakenly left in a GitHub repository by an Uber engineer. Since the breach, Uber agreed to 20 years of privacy audits in a settlement with the FTC. The company was later ordered to pay $148 million in its breach settlement.
eBay data breach
When: Feb / Mar 2014
Effect: 145 Million users
Attackers used a small set of employee credentials to access this trove of user data. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth.
Adobe data breach
When: October 2013
Effect: 152 Million
In October 2013, 153 million Adobe accounts were breached. The data breach contained an internal ID, username, email, encrypted password and password hint in plain text. The encryption was weak and many were quickly resolved back to plain text, the password hints added to the damage making it easy to guess the passwords of many users.
Companies should follow best practices to avoid these data breach incidents. Some of them being:
Up-to-date Security Software
Regular Risk Assessments
Encryption and data backup
Staff training and awareness
Ensure vendors and partners maintain high data protection standards
Third party Data Security Evaluations
Follow these and be free of any data privacy issues and data leaks.