Data Escapades of the Decade
Think back to 2008, a breach that compromised the data of a million people would have been flashing all over the headlines. However, breaches that involve hundreds of millions or even billions of people are far too common nowadays. About 3.5 billion people saw their personal data stolen in the top two of the 15 biggest breaches of this century alone. The smallest incident on this list involved the data of a mere 134 million people.
Here is a comprehensive list of Data Breaches that rocked the world! Some names would really shock you!
Dominos
Date: 2021
Impact: 1.8 million
Amounting to nearly 13 TB, Dominos found itself a victim of one of the largest breaches(based on data). It exposed everything from Name, Email, Mobile No, GPS location and Address. Jubilant Foodworks, the parent company of Domino’s in India, said that they had experienced an “information security incident” and denied any “financial information was accessed” by the hackers.
Dominos defended itself, stating that policy dictates that they do not store financial information, and hence the event has no financial or business impact. However, the country felt differently as, In a few days, the page has had over eight lakh page views and over six crore searches. The company alerted its users after cybersecurity researcher Rajshekhar Rajaharia tweeted that the link now shows up on Google search. “Our privacy is now searchable in @Google,” he said.
Yahoo
Date: 2013–14
Impact: 3 billion user accounts
Yahoo declared that in 2016, they faced what was the biggest data breach in history. The company blamed “state-sponsored actors” who compromised emails, date of birth and telephone numbers.
However, what actually made it the more significant was that they found a data breach dating all the way back in 2013 by a different entity. This put the total count at a whopping 3 billion accounts.
The announcement's timing proved to be disastrous for Yahoo who was on the verge of purging to Verizon. The breach single-handedly knocked an estimated $350 million off the value of the company.
Adobe
Date: October 2013
Impact: 153 million user records
In early October 2013, Adobe reported nearly 3 million encrypted customer credit card data, including their login info, were stolen by hackers. But security blogger Brian Krebs reported that login data for an undetermined number of user accounts.
Later that month, Adobe raised the estimate to 38 million users being affected. Krebs reported that a file posted just days earlier appeared to include more than 150 million usernames, hashed password pairs, names and ID’s were taken from Adobe.
An agreement in August 2015 called for Adobe to pay $1.1 million in legal fees and an undisclosed amount to users to settle claims of violating the Customer Records Act and unfair business practices. In November 2016, the amount paid to customers was reported at $1 million.
Canva
Date: May 2019
Impact: 137 million user accounts
In May 2019, The online graphic design tool Canva suffered the brunt of a cyberattack that exposed emails, usernames, passwords, cities of residence and social logins of close to 137 million users.
The suspected culprit(s) — known as Gnosticplayers — contacted ZDNet to boast about the incident, saying that Canva had detected their attack and closed their data breach server.
The suspected culprit(s) — known as Gnosticplayers — contacted ZDNet to boast about the incident, saying that Canva had detected their attack and closed their data breach server. Even with all the OAuth tokens reset, around 4 million users were still at risk.
eBay
Date: May 2014
Impact: 145 million users
Details: eBay reported that an attack exposed its entire account list of 145 million users in May 2014, including names, addresses, dates of birth and encrypted passwords. The online auction giant said hackers used the credentials of three corporate employees to access its network and had complete access for 229 days — more than enough time to compromise the user database.
The company asked customers to change their passwords. Financial information, such as credit card numbers, was stored separately and was not compromised. The company was criticized for lack of communication with its users and poor implementation of the password-renewal process.
Date: 2012 (and 2016)
Impact: 165 million user accounts
The social networking site for business professionals was a victim of social engineering attacks in 2012 where the data of approximately 165 million users was leaked, including their ID’s, designations, address, email and phone numbers, all on sale at a Russian Hacker forum for just 5 bitcoins amounting to just 2000$ at the time.
The danger lay in the fact that the initial number given by LinkedIn in 2012 was just 65 million, meaning over 100 million more people were added to the list in 2016. Being eluded from the initial response, these people stood more vulnerable than ever.
BugBase is India’s first consolidated platform for companies to host crowdsourced bug bounty programs that can be reached out to by ethical hackers and develop a security enthusiasts community all over the country.
Our website: https://bugbase.in/
Liked our idea? Register for a live demo now!
Registration: https://bugbase.in/demo