It was during the beginning of the 21st century when a British mathematician and entrepreneur in the field of data science said, “Data is the new oil”. With this, the importance of data privacy and protection has never been more important, even now, 15 years down the line.
As the number of data breaches keep piling up over time, we’ve seen that even the biggest of tech giants are no less prone to it. The following is a compilation of the top 10 biggest data breaches faced by various organizations till date, ranked on the basis of the amount of data that was impacted:
Data Impact: 10.88 billion user records
During March 2020, CAM4, an adult live streaming website, suffered a data leak of over 7TB worth of information. The data leaked exposed records which consisted of both users and company critical information. Users affected mostly belonged to the U.S., followed by Brazil and Italy.
Sensitive user records such as names, e-mail addresses and exchanges, sexual orientation, user gender preferences, chats transcripts, passwords, IP addresses, payment logs and so on.
Despite immediate action taken by the company, it is assumed that the users may still fall victim to blackmail and sextortion campaigns for many years to come.
Data Impact: 3 billion accounts
On 3rd October, 2017, the internet service company, Yahoo, had disclosed that they have been affected by hacking activities which traced back to August 2013, which was estimated to have breached all their 3 billion user accounts.
The breach was initially reported on 14th December, 2016 by the company in the midst of its negotiations with Verizon. Back then Yahoo had revealed a breach of 1 billion accounts, and forced all its affected user accounts to change their passwords and re-enter their un-encrypted security questions and answers, in order to re-encrypt them.
Investigations later on revealed the user passwords in clear text form were leaked, though the card payment data and bank information were safe.
Data Impact: 1.1 billion registered citizens
The World Economic Forum’s Global Risk Report 2019, reported the Aadhaar data breach as one of the largest in the world. With multiple data breaches, sensitive and secret data of billions of people were exposed and then aggregated on different dark web lists for sale.
Information exposed included photographs, retina scans, thumbprints, and other identifying details of nearly every citizen in the country.
The reason behind the massive breach of personal information in 2018 has been malicious cyber-attacks and lax negligent cyber-security protocols. In January, it was reported that the masterminds behind the attacks were selling the access to the database at a rate of Rs. 500 for 10 minutes, while the leak at a state-owned utility company during the month of March allowed anyone to download the ID numbers and names, including bank details.
4. First American Corporation
Data Impact: 885 million users
First American Corp., is an American financial services company which on 24th May, 2019, was notified by a cyber-security journalist that their application had a vulnerability which exposed over 800 million titles along with escrow document images dating back to 2003.
The leak consisted of images included with sensitive data such as social security numbers and personal financial records.
Data Impact: 763 million users
An email verification platform, Verifications.io, during February 2019, suffered a massive breach which exposed about 763 million records consisting of e-mail addresses in a MongoDB instance, name, IP addresses, gender, phone numbers, and other such personal information.
Data Impact: 700 million users
Allegedly a massive user data of a professional networking platform, LinkedIn, during June 2021 was breached exposing information of more than 700 million users of its total 756 million users of its platform.
It was reported by RestorePrivacy, that a user of a hacker forum had put up data for sale of those affected users along with a sample of 1 million user data. The data consisted of email addresses, names, phone numbers, residential addresses, geolocation information, username and profile URL, personal and professional backgrounds, genders and other social media accounts.
Though the company denied the reports in its statement later on, it said that it was not a data breach and no information of the private members of LinkedIn were exposed.
7. Meta Platforms, Inc.
Data Impact: 533 million user
Formerly known as Facebook, the data from 533 million users from about 106 countries of the Meta Platforms, Inc., were published on a hacking forum during April 2019.
Reportedly, the 146 gigabytes of exposed data consisted of full names, phone number, locations, e-mail addresses, and other activity details of the affected users from the platform, which were left on the dark web for free.
Meta Platforms had said that no passwords, health information or financial information were part of the exposed data of users but the security experts have warned that the data leak leaves the users vulnerable.
Data Impact: 500 million accounts
The security team at Yahoo had discovered that the cyber-attacks in 2014 were by a “state-sponsored actor”. Exposed data consisted of names, e-mail addresses, phone numbers, birth dates along with encrypted passwords. The company had said that the unprotected passwords, card payment data along with bank information were not compromised. They later on revealed publicly that the data stolen was allegedly put up on sale on the dark web.
9. Starwood Hotels and Resorts Worldwide, Inc.
Data Impact: 500 million guests
Acquired by Marriott International in 2016, Starwood database had been initially breached back in 2014. It is said that the hacker lurked around the database till 2018, when the company was made aware of the severity of the breach.
The investigation by Marriott International found that many of the records taken consisted of extremely sensitive data such as credit cards and passport numbers, though uncertain if the hackers were able to decrypt the numbers of the credit cards.
The New York Times reported that the hackers behind this breach were associated with a Chinese intelligence group, looking to gather information on US citizens.
Data Impact: 412 million user accounts
An American online dating service company, FriendFinder Networks, had suffered a major data breach and exposure of six of its compromised databases. The network’s subsidiaries include domains such as Adultfriendfinder.com, Cams.com, Penthouse.com, iCams.com, Stripshow.com. The breach included 20 years’ worth of customer data from the above domains.
As per LeakedSource, the compromised databases consisted of usernames, passwords and email addresses which were either stored in plain text or protected with the weak SHA-1 hashing algorithm.