Cyber-attacks have become epidemic of recent, with millions of individual and organizational data at risk. The past decade experienced a lot of data breaches of which the worst cases are discussed in this post. Though there are thousands of attacks each day with quite a number of successful break in, we have picked out the top ten data breaches to be reviewed here.
1. Yahoo (2014)
In the last part of 2016 the month of December to be precise, Yahoo disclosed that one billion accounts had been compromised in 2014 by a set of hackers. Lo and behold by December 2017, after yahoo was acquired by Verizon the company revealed that all 3 billion yahoo accounts were compromised by the breach in contrast to the 1billion earlier stated. Stolen data includes names, email address, date of birth, encrypted password, security questions and answers. This led to Yahoo requesting that its users change their passwords. The theft was alleged to be state sponsored rather than a common cybercriminal attack. This has been the worst data breach ever recorded.
2. Yahoo (2013)
In 2016, this popular web service provider earlier announced a breach in their network which affected 500 million users in 2013. This was carried out by a different group of hackers who stole user details.
This social networking site experienced a data breach which compromised 360 million accounts in 2008, data involved are email address, username and weakly hashed password (SHA 1 used without salting) of users. The data was seen 8 years later in the dark web and reported in May, 2016.
LinkedIn, a profession oriented social networking site disclosed a data leak in their system that affected 165 million user accounts. Although they had earlier claimed it was only 6.5 million accounts affected. The actual figure was later discovered to be far more than that. User name and hashed passwords had been compromised. Although this occurred in 2012, it was merely reported in 2016.
The American multinational software company Adobe Systems Inc. revealed a security breach which affected 153 million customers. Data stolen comprises IDs, usernames, email addresses, encrypted passwords and password hints stored in plain text. The password encryption was poorly done and with the aid of the password hints, hackers could easily decrypt and retrieve the passwords. Hackers also accessed the Adobe source code repository in August 2013, of which they made away with the product source code including that of Photoshop. Making it easy to pirate these software.
This consumer credit reporting agency disclosed a security breach in their computer systems in September 2017. This may be one of the most destructive data breaches of all times as the hackers were able to access millions of data comprising of names, social security numbers, house addresses and in some cases driver’s license numbers, which could be used for impersonation. A total of 145 million accounts were affected. According to Equifax the attack began in May 2017, but only observed in July 29 of the same year. They had also stated that the breach was made possible due to a flaw in Apache Struts.
In May 2014, this popular e-commerce website disclosed that hackers gained access into their consumer database by means of credentials belonging to three of their employees, and for 229 days they had access to their network and database. Data stolen includes usernames, addresses, date of birth, phone number and passwords of 145 million users. Customers were advised to change their passwords after the breach was discovered. The Syrian Electronic Army accepted responsibility for the attack, though they had obliged not to misuse the data. As a result of the security breach a huge drop in user activity was recorded and share price of eBay had dropped.
8. Heartland Payment Systems
Heartland, a US based payment processing and technology company announced a data breach in 2009 which compromised 130 million records containing debit and credit card details. Hackers implanted a malware in their network using SQL injections to steal data in transit. Heartland Secure was launched five years later to enable security and guard against monetization of stolen card data.
9. Target Stores
In December 2013, Target stores announced a data breach that occurred after black Friday sales of the same year. The data of about 110 million customers had been compromised in the breach, with contact information i.e. full names, house address, email address and telephone numbers exposed.
A Russian search engine and web portal, popularly known as the Russian ‘Yahoo’ Website announced a breach in their network which affected 98 million users. In this case the passwords were not encrypted but stored in plain text, which made it easier for hackers to access other related accounts a user may have used the same password for. Other data leaked are usernames and email addresses.