15 of the hugest data breaches in the 21st century

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Over the past few years, a whirlwind of cyber fraud and scams continues to torment organizations. At an accelerating rate, cyber fraudsters continue to expose the much guarded personal information both in the private and public sector. 

The 21st century alone witnessed more than 3.5 billion people affected by these criminal acts. On that note, CSO amassed the 15 popular data breaches recently documented. 

Adobe

Reported in October 2013, scammers managed to get access to close to 3 million login client’s credit card details and undisclosed user accounts. Later, Adobe discovered that one of the files stolen contained more than 150 million usernames and double compressed passwords. This raised the figures to 38 million.

 In August 2015 an agreement was reached for Adobe to compensate users with undisclosed amounts. In total, the company spent $ 1.1 million on legal charges. 

Adult Friend Finder

As an adult site, this fraud in October 2016 was quite sensitive to more than 412.2 million account holders. The data stolen entailed information amassed in more than 20 years old stored in six databases. 

When CSO reported the incident on 14th November 2016, a researcher using 1×0123 and Revolver on social media posted some information depicting some foul play on Adult Finder’s LFI (Local File Inclusion). 

Canva

More than 137 million users’ information got exposed in May 2019. This included usernames, email addresses, residence details, and passwords. However, the alleged culprits referred to as the Gnosticplayers did not manage to steal payment and partial credit card data. Initially, the crooks bragged about the incident to ZDNet, claiming to have stolen OAuth login tokens signed through Google. 

Canva immediately confirmed the fraud and prompted users to reset OAuth details and change passwords. Nevertheless, the hackers shared more than 4 million account details online.

eBay

In May 2014, about 145 million eBay files with encrypted passwords, names, dates of birth, and addresses got hacked. The giant auction store announced that the hackers used the logins of three senior staff to access the database for 229 days. The company requested customers to change passwords. In the future, eBay opted to store financial data separately. 

Equifax

Equifax detected a breach on July 29 2017 which exposed an estimated 147.9 million clients’ personal and credit card information. 

The firm was at fault for security and response speed. Apart from reporting the breach case at a slow pace, there was insufficient system segmentation.

Dubsmash

Hackers managed to get access to 162 million user’s personal information from the New York-based company in December 2018.  A year later, the data was out for auction in a dark online market.

Dubsmash admitted the incident and advised the clients to change passwords. However, they never acknowledged how the attackers accessed the information and the exact figure of affected users.

Heartland Payment Systems

Although the firm noticed the fraud in January 2009, it has been happening since March 2008. Out of it, 134 million credit cards information got exposed. The attackers invaded through SQL injection which security analysts had previously criticized as vulnerable.

Heartland paid $ 145 million as compensation. A federal jury charged two Russian co-conspirators and a Mr. Albert Gonzalez as the mastermind. He received a 20-year-old jail term in March 2010.

LinkedIn

LinkedIn has faced fraud experience both in 2012 and 2016. As a chief business social network, they have become easy prey to social engineering attacks. The scammers stole 165 million passwords in 2012 and posted them on a Russian forum. 

In 2016, the hackers put the data on sale on MySpace for 5 bitcoins only. LinkedIn notified users and requested them to change passwords.

Marriott International

The four-year-old fraud started from 2014 to 2018. In that duration, the hackers stole an estimated 500 million customer data. Out of the stolen information, Marriot was uncertain if the culprits managed to decrypt credit card numbers. Based on the New York Times, a Chinese Intelligence company was suspected as the main culprit.

My Fitness Pal

In February 2018, 150 million customer’s information leaked and was offered on sale a year later.The firm acknowledged the fraud and instigated clients to change passwords. Even so, they did not inform the public on how the fraudsters gained access.  

My Space

The social media site made news in 2016 where 360 million consumers’ accounts leaked and put on sale for six bitcoins in an online market. The firm lost personal information and passwords created in June 2013.

NetEase

In October 2015, it was reported that an online seller called DoubleFlag was offering 235 million NetEase user accounts on sale. However, the company denied any fraud, and the claim was dropped.

Sina Weibo

This Chinese company reported that in March 2020, 172 user information was posted in dark markets. The sale amounting to $250 did not include passwords. Weibo admitted that the data sale came from the business. Still, the fraudsters wrongly collected the information by matching data with the API address book. 

Given that the company did not save passwords in plaintext, users had minimal worry. The company notified the China Cyber Security Administration for investigation.

Yahoo

Between 2013 and 2014, Yahoo recorded the biggest breach case ever. In the process, the hackers compromised telephone numbers, names, dates of birth, and email contacts of around 500 million users. Two years later, Yahoo announced another attack that exposed the personal details of 1 billion users. By October 2017 it was estimated that close to 3 billion yahoo users got affected.

Then, Verizon was in the process of buying off Yahoo. For that reason, the breaches affected the buying price by approximately $350 million.

Zynga

The attack in September 2019 exposed more than 218 million accounts. Done by a Pakistani known as Gnosticplayers he managed to steal Facebook IDs, Zynga accounts, hashed passwords, and phone numbers.

Why you Need a Data Breach Lawyer

As digital data advances, there is a high probability that data breaches would continue causing havoc. Negligence remains one of the leading causes of data breaches. As a preventive measure, it is important to consider hiring an employment lawyer. This is vital when employees file suit against the company.

The Takeaway

Your company’s data is always at risk not only to online hackers but also to anyone who gets access to the firm’s printed materials. As a result, move a step ahead and seek advice from reliable data breach lawyers on how to protect your valuable information.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• Words with Friends just suffered a major data breach
• DoorDash slammed with a massive data breach affecting 4.9M customers – were you affected?
• There’s been another Facebook data breach involving phone numbers – 419M+ users affected
• Capital One suffered a major data breach affecting 106 million customers