The last 10 biggest data leaks

Sep 09, 2019152

When taking stock, it is impossible not to recognize the large data leaks that have caused so much chaos over the past few months. The secret and confidential data of literally hundreds of millions of people were breached and exposed, then put together in various lists put on darkweb for sale. Data leaks are a frightening trend in the world of cybercrime that shows no sign of slowing in the near future.


If your information has been compromised in one of these unfortunate events, we have already talked about how to survive a personal data leak, but there are many recoveries from these damage that become a nightmare. For morbid curiosity, let's take a closer look at the top 10 data leaks in recent months.


What is interesting is that while some data leaks are deliberate attacks, others are simply databases left aside, which security auditors find on the web as truly unprotected and unlocked safes. Our list contains some of them. In descending order, each leak was worse than the other.


10 - Panera
Number of victims: 37 million
Who was targeted: All customer accounts
What data was exposed: Names, email and physical addresses, birthdates, and last four digits of customers' credit card numbers
Period: Revealed April 2018
What Happened: Despite being warned by a cyber security expert in August 2017 that his site was leaking data, Panera's IT team did not act until 8 months later when it announced the leak and removed the site for maintenance. of security.


9 - Newegg
Number of victims: 50 million
Who was Targeted: Newegg Online Shoppers
What data was exposed: Credit Card Information
Period: 08/14/2018 - 09/18/2018
What happened: The online store was overrun by the virtual gang Magecart, which injected a credit card skimming code on the Newegg website. Whenever a customer bought something online, this payment information went straight to Magecart's command and control (C&C) server.


8 - Elasticsearch
Number of victims: 82 million (57 million customers, 26 million companies)
Who was targeted: Online users and businesses across the internet
What data was exposed: From individuals: names, email and physical addresses, phone numbers, IP addresses, employers, and job titles. From companies: names, company information, zip codes, carrier routes, latitudes / longitudes, census traces, phone numbers, web addresses, email addresses, employee total, revenue numbers, NAICS codes, SIC codes, and more .
Period: Discovered on November 14, 2018
What Happened: This is one of the cases we mentioned above in which a normal security audit led a researcher to find over 80 million sensitive data records gathered. It is not known how long the databases were left unprotected and who, if anyone, had the opportunity to copy and steal all data. Cyber ​​security experts believe they have traced the source of unprotected databases to a data management company that has since been shut down but is still officially unknown.


7 - Facebook
Number of victims: 87 million
Who was targeted: Facebook users
What data was exposed: Profile information, political beliefs, friend networks, private messages
Period: Revealed September 2018
What happened: This is the famous Cambridge Analytica scandal, in which the data collection company illegally collected user information without permission. The covert operation was politically motivated by the influence of the 2016 US presidential campaign. Although the leak occurred a few years ago, only this year the investigation's findings were released, providing a clearer picture of what happened.

6 - MyHeritage
Number of victims: 92 million
Who was targeted: MyHeritage users
What data was exposed: hashed email addresses and passwords
Period: Alerted June June 2018
What Happened: Cyber ​​security researchers alerted the genealogy site in June 2018 that an external server was discovered with sensitive MyHeritage information. The company confirmed that the information was legitimate and warned its users that account holders who signed up until October 26, 2017 were at risk and should change their password.


5 - Quora
Number of victims: 100 million
Who was targeted: Quora users
What data was exposed: Names, email addresses, hashed passwords, profile data, public and private actions
Period: Discovered December 3, 2018
What happened: Many questions have not yet been answered with the details of this leak, but the Q&A site has informed its users that a third party has gained unauthorized access to one of their systems, without further explanation.


4 - Under Armor
Number of victims: 150 million
Who was targeted: MyFitnessPal Users
What data was exposed: Usernames, email addresses, hashed passwords
Period: End of February 2018
What happened: The food and nutrition app was hacked, which exposed information to attackers, but not, fortunately, payment information, which the company processes on a separate channel.


3 - Exactis
Number of victims: 340 million (230 million customers, 110 million companies)
Who was targeted: Users and businesses across the internet
What data was exposed: More than 400 categories of information such as phone numbers, email and physical addresses, interests, ages, religions, pet ownership, etc.
Period: June 2018
What Happened: Data collection company Exactis somehow had 2 terabytes of data relocated to a public website accessible to all. It is unknown who or how many people accessed the information before it was discovered.


2 - Starwood
Number of victims: 500 million
Who was targeted: Starwood Guests
What data was exposed: Names, email and physical addresses, phone numbers, passport numbers, account information, dates of birth, gender, travel information, and accommodation information. Some of the breached information also includes hashed credit card information.
Period: Discovered on 09/10/2018, but may extend until 2014
What Happened: Like many other official statements of the leak, Marriott-owned hotel chains issued a statement that their servers had “unauthorized access,” but recent research findings indicate that the leak may have been caused by government of China for political purposes.


1 - Aadhaar
Number of victims: 1.1 billion
Who was targeted: Indian citizens
What data was exposed: Aadhaar numbers, names, email and physical addresses, phone numbers and photos
Period: August 2017 - January 2018
What Happened: Anonymous vendors on WhatsApp charged up to less than Rs 500 for a portal at India's Unique Identification Authority, where records of virtually all citizens were available to anyone who paid.

Related Articles