Top 7 Data Breaches in the Past Decade

Learning from others is a much better way to understand how data breaches can happen. By educating yourself and your staff on what can happen and what the fallout could be, you can better prepare your proactive plan of action. If a data breach ever happens to your business, will you be ready? Although you may not think your basic information is of any interest to any others, there is always a hacker who will find value in your information. The top seven data breaches of the past decade are an illustration of how a breach of simple information can lead to a major privacy incident.

1. Yahoo

In August 2013, 3 billion accounts were impacted by a hacking group that accessed Yahoo customer information. At the time, Yahoo was in the process of being acquired by Verizon. The information seized by the hackers could have potentially allowed access to user’s email accounts as well as their calendars and other information. The aftermath of the event continued for years, sparking increased public awareness about the disclosure of security breaches.

2. Alibaba

Over an eight-month period in 2019, using crawler software, a developer working for an affiliate marketer scraped customer data, including usernames and mobile numbers, from the Alibaba Chinese shopping website, Taobao. Over 1.1 billion pieces of user data were scraped by this developer. Alibaba noticed the data leaks and informed the authorities. Following an investigation, the developer and another individual were sentenced to imprisonment for three years along with some hefty fines.

3. LinkedIn

In June 2021, a hacker going by the moniker of “God User” used data scraping techniques by exploiting the site’s API before dumping the first information data set of around 500 million customers. After this data dump, they then followed up by boasting that they were selling the full database of 700 million customers. LinkedIn argued that, as no sensitive or private personal data was exposed, the incident was only a violation of its terms of service rather than an actual data breach. While login credentials and financial information were not accessed, the personal information linked included data that could be used to assume someone’s identity.

4. Sina Weibo

Sina Weibo, a Chinese microblogging site similar to Twitter, experienced a breach when an attacker obtained part of a database. The grab impacted 538 million accounts in March 2020. This attack targeted the personal details of the users, including their real names, site usernames, gender, location, and phone numbers. The attacker sold the database on the dark web for $250. Weibo did acknowledge the breach, but the matter of how the data was obtained remains up for debate. Security officials detected irregularities with the company’s claims.

5. Facebook

Two datasets from Facebook apps were exposed to the public internet in April 2019, impacting 533 million users. This information included account names, Facebook IDs, and phone numbers. This data was posted for free in 2021, indicating new and criminal intent to expose the data.

6. Marriott International (Starwood)

Data, including guests’ names, addresses, phone numbers, email addresses, passport numbers, Starwood account information, dates of birth, gender, reservation dates, and communication preferences were exposed in September 2018 after an attack on their systems. Marriott was alerted by an internal security tool. The attack was attributed to a Chinese intelligence group attempting to gather data on US citizens. Marriott phased out the Starwood systems and added security to the network, but was still fined for failing to keep information secure.

7. Yahoo

It’s true-this is Yahoo’s second appearance in this list of the top 7 data breaches in the past decade. This one occurred in 2014 and impacted 500 million accounts. The data stolen included names, email addresses, phone numbers, dates of birth, and hashed passwords. The stolen database was put up for sale on the black market.

Data breaches, even for information that may seem unappealing, can negatively affect millions of people. Cyber attackers are constantly changing their methods to stay one step ahead, so businesses need to be cautious and take as many proactive steps as possible to keep their company data secure. Being prepared can ensure that your company won’t be the victim of a costly data breach. For more information about how we can help you keep your data better protected, contact AccuShred today.