There has never been a more precarious time in history to be a business owner or a successful entrepreneur than there is today due to the rise in data breaches. Even prominent companies such as Facebook, Linked In, Twitter, and WhatsApp are experiencing data breaches on a growing basis.
This list of the 10 biggest data breaches in history has been compiled to prevent the repeat of mistakes that resulted in data theft.
An Overview of the Most Significant Data Breaches
A data breach exposes millions of records of personal data.
- The Aadhaar Data Breach 2018
Reach: 1.1 billion people
More than a billion Indian citizens’ personal information was made public in March 2018 after it was revealed that it could be purchased online. One of the systems run by a state-owned utility company suffered a massive data breach due to a leak.
By exploiting this, the breach exposed the names, 12-digit ID numbers, and bank credentials of Aadhaar holders. Nearly every Indian citizen’s photograph, thumbprint, retina scan, and other identifying details were exposed.
- LinkedIn Data Breach 2021
Reach: 700 million users
A Dark Web forum promoting the sale of 700 million LinkedIn profiles appeared in June 2021. LinkedIn has 756 million users in total. This exposure affected 92% of them. Data was leaked in two waves, making 500 million users vulnerable in the first wave, and 700 million LinkedIn members vulnerable in the second. One million records were published by the hackers as proof of the breach. It contained data such as:
- Linked-In profile URLs and username
- Personal and professional works
- Full names
- Contact Information
- Gender Identity
- Geo location
- Email IDs
- More social media credentials
Hackers misused LinkedIn’s API to mine the data. This was not a breach of data because LinkedIn did not access any personal information, but rather a violation of their terms of service. After all, it gathered data without permission.
The leaked information was enough to access users and launch an avalanche of cyberattacks which was spotted quite late by Cyber security experts, thus elevating the incident to the category of a data breach.
- Starwood- Marriott Data Breach 2018
Reach: 500 million patrons
Approximately 500 million Starwood hotel customers had their data stolen by hackers in November 2018, Marriott International announced. Since Marriott acquired Starwood in 2016, the attackers have remained in Starwood’s systems in addition to gaining unauthorized access. It was only discovered in 2018 that the attack had taken place.
With contact information, passport numbers, guest names, Starwood Preferred Guest IDs, travel documents and information, and other personal information was exposed. Marriott is not certain whether the attackers were able to decrypt the credit card numbers from the mobile phone numbers. Over 100 million mobile phone numbers may have been used to steal financial information.
It turns out that The Ministry of State Security, a Chinese intelligence organization, was responsible for the breach, accumulating data on US citizens. If legitimate, this would be the largest cyber-sin in the history of mankind.
- Facebook Data Breach 2018
Reach: 87 million people
The incident that affected 87 million Facebook accounts was similar to the data breach that affected 58 million Facebook accounts, but the data was not stolen from Facebook.
There was no theft of Facebook information in the incident that affected 87 million accounts; however, the affected users weren’t thrilled with its use for reasons they were unaware of.
Political figures including Trump campaign officials and pro-Brexit campaign officials commissioned Cambridge Analytica. An app called “This Is Your Digital Life” gathered the data for Cambridge Analytica. The data scraping using this app was completed by Alexander Kogan, a data scientist at Cambridge University. In the past, users have had great concern about the use of innocuous lifestyle apps for political purposes.
- Uber Data Breach 2016
Reach: Personal details of six hundred thousand drivers and 57 million Uber passengers
The information of 57 million users of Uber’s app was compromised by two hackers in late 2016. The company obtained 600,000 Uber drivers’ license numbers as well. Uber’s Amazon Web Services credentials were also discovered in the hackers’ access to its GitHub account.
- Ashley Madison Data Breach 2015
Reach: 32 million people
35 million user records belonging to the cheating website Ashley Madison were compromised by Impact Team hackers. Ashley Madison and sister website Established Men had been on the radar of hackers for days, which forced Avid Life Media to shut them down.
Due to a lack of compliance by Avid Life Media, there were loads of data dumps uploaded to Pastebin. Government and military users were among the victims. A record was accessed for each of the following categories: names, email ids, residential addresses, and credit card history. In their opinion, the breach was easy to commit because security was severely lacking.
- Bonobos Data Breach 2021
Reach: 12.3 million documents
In 2021, cybercriminals compromised the backup server at Men’s clothing store Bonobos, compromising customer data.
There were 12.3 million total records accessed through these categories:
- Shipping addresses for 7 million customers
- 8 million account details
- 5 million credit card credentials
To maintain Bonobo’s privacy, the SOC experts advised that the data should be kept separate from the database. The stolen information could still be exploited by threat actors.
Threat actors claimed they uncovered 158,000 hashed SHA-256 passwords from the stolen data, which had been posted on a hacker forum. Despite this, SHA-512 could not crack any of the other encrypted passwords.
- Zoom Data Breach 2020
Reach: 500,000 people
On the dark web, hackers sold or freely distributed 500,000 Zoom user accounts when Zoom sign-ups were soaring in April of 2020.
The hackers first searched through dark web databases for passwords that had been compromised as far back as 2013. They immediately had access to all Zoom accounts since passwords are often recycled.
The remaining accounts were then compromised through a series of credential stuffing attacks. Logging into live streaming meetings was not possible for recipients of compromised Zoom accounts.
- NetEase Data Breach 2015
Reach: 234 million subscribers
Data breaches affecting hundreds of millions of customers were reported in October 2015 at NetEase (located at 163.com). Among the email addresses and passwords compromised were plaintext email addresses. It is difficult to quantify the amount of data exploited but many users verified they had their passwords in the exposed data.
- Adobe Data Breach 2013
Reach: 152 million users
The Adobe account information of 153 million people was compromised during October 2013. There were internal IDs, usernames, emails, encrypted passwords, and a plain text password hints exposed in the data breach. Many of the encrypted passwords were easily cracked by hackers. Many users’ passwords were easily guessable using the password hints.
The Bottom Line
It’s astonishing, isn’t it? You had heard of these companies, right? You’ve probably even used their services, too!
Hundreds of millions or even billions of people’s private data can be bombed at the same time on the Internet. Various data breaches have grown with the expansion of digital transformation as attackers use daily life’s data dependencies to exploit data supply. There is no question that cyberattacks will continue to increase in size over the next decade, but their magnitude has already exceeded all expectations.
Author Bio
Neha Singh is the Founder & CEO of Securium Solutions with a demonstrated history of working in the information technology and services industry. She is skilled in ECSA, Vulnerability Management, Security Information and Event Management (SIEM), Management, and Business Development. She loves traveling and trekking.