The biggest data breaches of all times till date

All these days Cybersecurity Insiders has reported to its reader’s info about the news of cyber attacks and the top data breaches which happened in the current year. But on the last day of this year, it would like to bring to your notice a list of the largest reported data breaches of USA in order of magnitude.

Yahoo! – The year 2016 witnessed the said web search giant hitting the news headlines two times. One was in March’16 and the other was in Sept’16 for the leak of customer information related to over 500 million accounts.

Marriott- The month of November in 2018 witnessed a data breach disclosure by Starwood hotels, a business unit of Marriott Group of Hotels. An official statement released by the hotel group says that info of more than 500 million customers was accessed by hackers.

MySpace- In March’16, MySpace, which is now a part of Time, Inc disclosed that hackers managed to access usernames and passwords of more than 427 million of its customers and the compromised details were available for sale in an online hacker forum.

Under Armour- On March 29th of this year, Under Armour made it official that hackers accessed data of over 150 million of its MyFitnessPal accounts. The investigation indicates that the cyber crooks managed to access info such as usernames, passwords, email addresses and hashed passwords of the food and nutrition services provider.

Equifax- In May 2018, Equifax disclosed that a massive data breach has exposed sensitive data of over 146 million US populace and the compromised info includes passport and driver’s license details along with the social security numbers. The hack resulted in the resignation of the CEO who later was found apologizing for the incident before the US Congress.

eBay data Breach- In March 2014, the online auction website disclosed that its database was hacked by unknown hackers group and information such as encrypted passwords and other personal info of its customers who visited the website in between Feb and early March was compromised. The accessed records include names, email addresses, mailing addresses, phone numbers, birth dates, and encrypted passwords. Later when the incident was probed, it was revealed that the hack took place when a few eBay employees accidentally logged into a malicious website with their company’s login credentials.

Target data breach- In the year 2013, Target, an American retailing company disclosed that hackers gained access to over 110 million accounts of its customers through a cyber attack. Investigations later revealed that payment card details of more than 41 million Target customers were also compromised in the incident making the company pay a penalty of $18.5 million for showing laxity towards protecting the data of its customers hailing from 47 states.

LinkedIn- On May 18th,2016, professional social networking platform LinkedIn revealed that hacker has gained access to over 167 million user accounts on its database and was found selling the credentials which include passwords on a Russian crime forum. Few media resources reported that the hack was conducted by a state-sponsored hacking group running on the name of ‘Peace’. However, they couldn’t provide any evidence to prove their point.

Quora data breach- On Dec 3rd, 2018, the question and answers services providing website Quora admitted that a cyber attack on its servers has compromised data of more than 100 million accounts. Later an official statement from the company said that compromised data includes information regarding name, email addresses, encrypted passwords and data imported from linked networks.

JP Morgan Chase Cyber Attack- In Sept’ 2014, JP Morgan Chase released an official statement that hackers have managed to intercept the bank servers compromising data of more than 83 million accounts released to over 76 million households. The hack actually took place in July’14 but was disclosed to the world only after two months. Names, email, postal addresses, phone numbers of account holders were said to have compromised in the attack. However, social security numbers of all the compromised accounts remain untouched.

Sony PlayStation Network- In April 2011, an external intrusion on the network of Sony PlayStation resulted in the service disruption and compromise of over 77 million accounts. The cyber incident made PlayStation 3 and play station portable console users from accessing the services for more than 24 days. After Sony released security patches to the compromised versions, the situation was brought under control.

Facebook- In September 2018, Facebook’s IT security staff discovered a vulnerability on their web services platform which could have exposed sensitive info of users to hackers- allowing them to take over the accounts. Later it was disclosed that the incident occurred due to a software bug issue on the site’s “ View As” feature which was fixed within 48 hours of its disclosure.

UBER- In 2017, it was revealed that hackers accessed data of more than 57 million drivers from UBER database. The accessed information includes names and license details of more than 600,000 drivers residing across the United States. The cab services offering company had to a pay a penalty of $148 million to settle a nationwide investigation launched by the law enforcement.

NOTE 1-Due to reasons, we could include the details of the hack which leaked personal info of 10 million accounts and below. However, it doesn’t mean that those companies somehow managed to get out of the news headlines that easily.

NOTE 2- the Year 2018 proved worst to Facebook, the social media network led by Mark Zuckerberg. First, it was the Cambridge Analytica data scandal which shook the company from March 2018 which also led to the testimony of Mr. Zuckerberg before the Congress in May’18.  Later, the data leak of more than 50 million accounts due to a bug in the site’s View As feature embarrassed the company to a further extent. Then in Dec’18, it was revealed that another software bug has led to the exposure of photos of 6.8 million FB users which includes those which weren’t posted.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display