Data breaches: what are the top ones?

Internet of things security breach timeline

Yahoo reported data breach affected 3 billion records[edit]

In 2013, malicious hackers broke into the Yahoo system and stole user information of all 3 billion Yahoo accounts, which was 100% data breach.^[1] To everyone's good fortune, the information that did not involve sensitive data such as bank account numbers, unhashed passwords, or payment information. The attackers also procured the security questions and recovery email addresses to reset lost passwords. This is valuable information for somebody attempting to break into all other accounts owned by the same user. It is beneficial information for hackers trying to break into federal government computers worldwide.^[2]

River City Media: 1.34 billion records were compromised in 2017[edit]

After failing to install their Rsync backups correctly, River City Media (RCM), Matt Ferris, and Alvin Slocombe inadvertently exposed their whole business to the general world. In March 2017, a spam email provider made a mistake that exposed 1.34 billion records, making it one of the most significant data breaches in history. This breach occurred as a result of River City Media inadvertently publishing a copy of a backup from January 2017 without providing any password security.

In January 2017, the company specializing in email marketing discovered that 1.34 billion customer details were compromised. It was reported that this data breach occurred owing to a mistake when setting up a backup. However, it was disclosed due to a security researcher. The majority of the entries in the database were composed of email addresses, but some of the entries also included other information, such as IP addresses, names, and physical locations.

Data Security Breach

1.2 billion Aadhaar details were compromised in 2018.[edit]

1.2 billion Aadhaar records were breached in 2018, according to the Breach Level Index, a worldwide database of public data breaches, which was provided by the digital security platform Gemalto.^[3] Any one of India's 1.2 billion people may have their personal information retrieved from the database maintained by the Unique Identification Authority of India by using their Aadhaar number, which is a twelve-digit identification that is exclusively allocated to each citizen of India.^[4]

800 million records compromised in data breach act Verifications.io[edit]

In 2019, verifications.io exposed 800 million private and commercial data in another significant data breach. Researchers with the ethical "white hat" designation for their work in cybersecurity made the discovery and promptly informed the firm. Bob Diachenko and Vinny Troia discovered an unencrypted MongoDB database that was 150 GB. Along with people's personal information, there was also sensitive information on their credit ratings and characterizations.^[5]

2019's most significant data breaches exposed 885 million First American Financial Corp records[edit]

Independent security journalist Brian Krebs found the compromised database. Washington's First American real estate developer informed Krebs of this significant data leak. The website revealed bank account details, statements, mortgage and tax records, wire transaction receipts, SSNs, and driver's license photos. New York's Department of Financial Services promptly investigated the security breach that revealed 16 years of digital information. Potential victims filed a class action lawsuit against the insurance behemoth for failing to install basic security measures.^[6]

1.1 billion pieces of user data compromised Alibaba-owned shopping website, Taobao[edit]

Using crawler software that he developed, a developer working for an affiliate marketer harvested consumer data from the Chinese shopping website Alibaba owned Taobao over eight months. This data included the usernames and mobile phone numbers of customers. It would seem that the developer and his employer were gathering the information for their personal use and not selling it on the black market, despite both being sentenced to three years in jail for their involvement.^[7]

Marriott's reservation system was hacked in November 2018, exposing 500 million guests' personal data[edit]

A data breach has occurred at the hotel firm Marriott International, compromising the personal information of 500 million of the company's customers. The hotel company said that an unauthorized third party had accessed the database containing guest reservation information for its Starwood subsidiary. An internal investigation, it was alleged, had revealed evidence that an adversary had been able to access the Starwood network since 2014. It was said that certain documents also had encrypted information about payment cards, but it could not rule out the likelihood that the encryption keys had also been taken.^[8]

A massive data breach has exposed the personal information of 700 million LinkedIn members in 2021[edit]

In June of 2021, the massive professional networking platform LinkedIn discovered that data linked with 700 million members had been exposed on a forum on the dark web. This breach affected more than 90% of LinkedIn's user base. Before dumping the first information data set of around 500 million customers, a hacker who goes by the pseudonym "God User" employed data scraping methods by abusing the site's (and others) API to get access to the site's data. After that, they continued with a brag in which they said they were selling the whole database of 700 million customers. LinkedIn maintained that the event violated its terms of service rather than a data breach since no sensitive or private personal data was revealed. However, a scraped data sample provided by God User contradicted LinkedIn's position.^[9]

Attachments sent over email that contains malware in cyberattacks[edit]