Reading Time: 6 minutes

đź’ˇ TL;DR

  • There have been several data breaches happening each year, which poses a threat to the current security and privacy of online platforms
  • Among numerous data breaches, the top 10 most significant threats are Yahoo, Aadhaar, Marriott hotels, etc.

Introduction

A data breach happens when private, sensitive, or protected information is made available to an unauthorized individual. These days, data breaches have been an essential concern of users when going online.

In this article, we will list the ten most significant data breaches happening throughout these years.

Top 10 Biggest Data Breaches of All Time

1. Yahoo

yahoo's notice of data breaches
The biggest data breach in the world is from Yahoo | Threatpost
  • Time: August 2013
  • Affected firm: Yahoo
  • Type of leaked data: personal information (such as names, email addresses, dates of birth, security questions, telephone numbers, etc., but excluded crucial information like payment history, passwords, and bank account numbers)
  • Scope of data breaches: 3 billion records lost.

It has been recorded as the most significant data breach that happened, not only because of the amount of data leaked but also the news headlines are written for this case.

During the data breach, Russian hackers were responsible for this most significant data breach. Due to this data breach, Yahoo lost $350 million in company value and was seriously filed in numerous lawsuits and settlement payments to the aggrieved.

2. Aadhaar

Aadhaar’s data breach affected 1,100,000,000 records
  • Time: March 2018
  • Affected firm: Aadhaar, India’s biometric database
  • Type of leaked data: Indian citizens, who registered in the database of Aadhaar, were stolen their private information, including identity numbers, names, bank details, etc.
  • Scope of data: 1,100,000,000 records

The scam may have begun about six months ago when participants established several anonymous WhatsApp groups. More than 300,000 village-level enterprises (VLE) operators throughout India are given access to UIDAI data by these organizations (CSCS).

After the data breach happened, the leaked information was sold on various dark websites. Moreover, cybercriminals were charging Rs 500 for 10 minutes of database access, and in March, a vulnerability at a state-owned power firm allowed anybody to get people’s identities and ID numbers. This data breach also affected around 150 million MyFitnessPal and 50 million Facebook users.

3. First American Financial Corporation

First American Financial Corporation
  • Time: May 2019
  • Affected firm: First American Financial Corporation, a financial service company in real estate
  • Type of leaked data: scans of original documents (property buyer and seller forms, bank account numbers, bank statements, physical addresses, phone numbers, email addresses, internal corporate information for SMEs, driver’s licenses, mortgage, and tax-related documents, and other sensitive data)
  • Scope of the data breach: 885 million records lost

It is surprising that no actual attacker in this case because it was happened due to the authentication error, which means it opens free access to everyone to view all these private documents. Cyber attackers could easily go to the link and use Advanced Persistent Bots (APBs) to collect confidential information.

After the data breach happened, First American Corporation was claimed for its neglect to conduct a risk assessment of the computer program. The data breach caused a loss of over 7.5 billion dollars. Moreover, First American Corporation also was the first business to experience enforcement action under the new cybersecurity statute, which grudgingly consented to a $487,616 fine with the New York State Department of Financial Services.

4. 16 Hacked Websites

  • Time: February 2019
  • Affected firm: 16 websites, including Dubsmash, MyHeritage, Whitepages, Fotolog, BookMate, CoffeeMeetsBagel, HauteLook, DataCamp, etc.
  • Type of leaked data: email addresses, account-holder names, and hashed passwords that are ready to be cracked
  • Scope of data: 617,000,000 records

Hackers invaded the data from these websites for commercial purposes. After the data breach happened, attackers put the data on the dark web Dream Market with the price of $20.000 Bitcoin.

5. Facebook

Facebook faced with the data breach of 540 million lost | NordVPN
  • Time: March 2021
  • Affected firm: Facebook, one of the largest social media platforms founded in America
  • Type of leaked data: Users’ personal information such as phone numbers, user names, genders, dates of birth, locations, and email addresses
  • Scope of the data breach: ~540,000,000 user records

It was discovered that certain Facebook databases lacked encryption or password protection. Therefore, when a user utilized an automated scraping bot, they realized that it was easy to extract a huge amount of data from the Facebook database.

Facebook has tremendously lost its users’ trust after this data breach happened. Any user with even the most basic understanding of data may access the data set because it has been freely released on the hacker forum.

6. Marriott International Hotels

Marriott Hotels also fell into a big data breach | Founder Shield
  • Time: November 2018
  • Affected firm: Marriott Hotels is known for its portfolio of luxury properties such as the Ritz Carlton, St. Regis, etc.
  • Type of leaked data: Confidential business documents and customer payment information, including names, addresses, passports, bank accounts, travel information, credit card numbers and expiration dates, and other personal information.
  • Scope of data: 500 million, equivalent to 20GB of data

Hackers invaded the reservation system of Marriott. Since 2014, the hackers have had unapproved access to the Starwood reservations database, which was 4 years before the data breach was actually revealed.

With the data stolen, hackers can make fraudulent purchases with victims’ card information. Furthermore, Marriott hotels faced a fine of approximately $24 million from the United Kingdom and several actions lawsuits.

7. Syniverse

Syniverse was also a victim of ongoing breach | Crunchbase
  • Time: September 2021
  • Affected firm: Many of the largest telecommunications firms in the world (T-Mobile, Verizon, China Mobile, AT&T, and Vodaphone) use Syniverse’s connection services.
  • Type of leaked data: employees’ personal information, customers’ confidential information, the company’s trade secrets, and other intellectual property
  • Scope of data: 500,000,000 user records

The business informed investors that the hacker or hackers had access to login credentials for Syniverse’s Electronic Data Transfer (EDT) system.

According to Syniverse, all 235 involved clients have been informed that their credentials have been hacked, possibly having an effect on millions of end users.

8. FriendFinder Network

A variety of users’ sensitive information was sold | Dating Scout
  • Time: November 2016
  • Affected firm: FriendFinder Network, an American internet-based entertainment company for adult dating purposes
  • Type of leaked data: personal information such as names, email addresses, passwords
  • Scope of data: 412.2 million records lost, 339 million accounts from AdultFriendFinder.com leaked, and 15 million deleted accounts, which equates to six databases

The poor SHA-1 hashing technique used to encrypt the majority of the passwords led to LeakSource.com publishing 99% of the credentials in 2016. Because this company stored passwords in plaintext or SHA-1, cybercriminals could easily hack almost all passwords.

9. MySpace

  • Time: May 2016
  • Affected firm: MySpace, a social networking site based in the US
  • Type of leaked data: users’ personal information such as usernames, passwords, and email addresses, which are utilized to get access to the accounts
  • Scope of data: over 400 million (about 427 million)

The information from a previous, unreported data security incident was the target of hackers in this data breach. Leaked accounts might be hacked by cybercriminals, and hackers might have sold users’ confidential information illegally. It was reported that attackers had tried to sell leaked information on the dark web with the price of $2.800 or 6 Bitcoin.

10. Twitter

Twitter was reported to involve into a data breach in 2018 | TechCrunch
  • Time: May 2018
  • Data owner: Twitter, a public social network where users may engage in short text conversations known as tweets
  • Type of data: passwords of users’ accounts
  • Scope of data: 330,000,000 records

Even though this online network often stored Twitter passwords in unreadable conditions, a glitch caused these passwords to be converted into readable text on its internal computer system.

After the data breach, the company encouraged all social network users to change their passwords and install the two-factor authentication service as an extra layer of security even though an internal review revealed no indication that attackers had hacked credentials. Furthermore, Twitter came into dispute with the US Federal Trade Commission, which accused of mistakes in data security.

Closing thoughts

In the data breaches mentioned above, we can see that most data types stolen are users’ personal information, which is sold illegally on the dark web by hackers. We hope that with this list above, you can understand how severe the data breach is and consider preventive measures for your organization’s data security approach.