In recent times, our focus has been on reporting the aftermath of cyber attacks and the challenges faced by their victims. In this article, we will shift our attention to the cyber attacks that have left a significant impact on millions and billions of online accounts.
1.) Yahoo: Back in September 2018, Yahoo, a pioneer in the world of online search engines, made a troubling announcement. A cyber incident had occurred, resulting in a massive data breach that exposed information from over 3 billion user accounts. It was later revealed that hackers had gained access to data stored on the servers between August 2013 and December 2016. This breach dealt a severe blow to the company’s reputation, prompting its potential buyer, Verizon, to negotiate a lower acquisition price. This incident also led to the resignation of the then-CEO, Marissa Mayer, following the acquisition process.
2.) Aadhaar: Early in 2018, the Indian government faced a significant embarrassment when several media outlets reported that a hacking group had successfully infiltrated and stolen data from over 1.1 billion UIDAI (Unique Identification Authority of India) accounts. Although the Indian Parliament dismissed these claims as sensationalized journalism, some security experts corroborated that the incident had indeed exposed biometric information.
3.) Alibaba Data Theft: The year 2020 witnessed a troubling incident involving Chinese e-commerce giant Alibaba. A developer managed to illicitly access and steal information from a staggering 1.1 billion Alibaba customers using a crawler software. Reports circulated that the developer, in collusion with a marketing company, orchestrated this data collection over an 8-month period. However, it was later clarified that the compromised data pertained to the shopping website Taobao and had no direct connection to Alibaba itself.
4.) LinkedIn: Known as a professional networking platform, LinkedIn became the subject of headlines when data linked to approximately 700 million users appeared for sale on the dark web in June 2021. Subsequent investigations uncovered that the data originated from a marketing firm that had scraped information from LinkedIn users spanning the years 2009 to 2020. Contrary to initial reports, this dataset was not fresh, new information.
5.) Facebook: In May 2021, Facebook, under the leadership of Mark Zuckerberg, found itself in the news as data from 533 million users surfaced on the dark web. Troy Hunt of HaveIBeenPwned and his research team revealed that this information had been harvested between 2017 and 2019 from the platform. The compromised data encompassed account names, phone numbers, and Facebook IDs. The fate of this data—whether it was sold on the dark web for potential phishing attacks—remains uncertain.
6.) Marriott International: Luxury hotel chain Marriott International faced a significant breach in September 2018, as details emerged about hackers accessing data from over 500 million Starwood customers. This sophisticated attack, traced back to unauthorized parties since 2014, led to the exposure of information such as mailing addresses, names, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account particulars, dates of birth, gender details, guest arrival and departure specifics, as well as reservation details including itineraries derived from transportation service data.
7.) Adult Friend Finder: Making headlines in October 2016, hackers executed an unexpected breach, compromising data from users of Adult Friend Finder across six databases that had been collecting information since 2001. In November 2016, LeakedSource.com published data relating to over 413 million accounts, which was subsequently purchased by a representative from an adult-oriented company in March 2020.
8.) MySpace: In 2016, MySpace came under scrutiny as hackers successfully exfiltrated data from more than 360 million accounts. The stolen data was later sold for 6 BTC in 2017, a fact confirmed by LeakedSource.com.
9.) NetEase: The year 2015 witnessed a significant data breach affecting email service provider NetEase. It was estimated at that time that the company suffered a loss of data pertaining to approximately 235 million accounts. This compromised data was ultimately procured by a vendor named DoubleFlag from the dark web.
10. Adobe: In October 2013, American software services provider Adobe issued a disconcerting statement. Hackers had managed to pilfer information from over 153 million user accounts, including some credit card data and login credentials. The company faced consequences for failing to safeguard user data, resulting in a penalty of $1.1 million for violating customer records regulations. In an effort to avert legal complications, Adobe subsequently released an official statement confirming a settlement of $1 million with its affected customers.