Private Data openly accessible due to leak

concept of leaky software, data pouring out of pipe.3d illustration

Top 10 data leaks of the last years

As the world gets more interconnected and the surveillance state grows, it’s clear that lots of private data about us – our activities, health, finances, really everything – is being collected about us.

This massive collection of data is creating additional issues. It’s a near impossibility to keep all of that private data secure and under wraps. This data is being lost, mishandled, and stolen at a record pace. There have been three breaches of over 500 million records in the first quarter of 2019 alone. It is also not the big breaches one should worry about. There is a constant drip-drip-drip of smaller breaches from companies, health institutions, and governments that get less press attention, but can still impact your privacy. Whether you are an individual or a corporation, these can take a toll on your privacy and finances.

For the individual, security means putting your own digital house in order, using secure and individual passwords for your various accounts, preferably with the use of a password manager to keep them straight. It also means keeping alert to when someone in your digital food chain has had a data breach and you need to change passwords and account credentials – a service provided with the Avira Password Pro.

Top 10 data leaks

#1: Yahoo

By the numbers: 3 billion user accounts

Organization: Yahoo

Exposed data: account name, passwords

Details: All Yahoo users were affected by the breach which has been attributed to Russian hackers. The breached data included names, email addresses, dates of birth, telephone numbers, and security questions.

Timing: 2013-2014

#2: Facebook and Cultura Colectiva

By the numbers: 540 million users

Organization: Facebook and Cultura Colectiva

Exposed data: Account names, passwords, IDs, comments and reactions to posts.

Details: Data was originally collected from Facebook and kept in unprotected Amazon servers used by 3rd party associates such as Cultura Colectiva, a Mexican media company. A second batch of data was from an app called “At the Pool” which had been dead for over four years.

Timing: uncovered in 2019.

#3: Marriott/Starwood

By the numbers: 500 million customers

Organization: Marriott International/Starwood

Exposed data: Ranged from just name and contact information up to a combination of contact info, passport number, loyalty club info, and credit card numbers.

Details: The breach started at the Starwoods hotel brand before its acquisition by Marriott. The stolen data has not appeared since in online forums, fueling the belief that the breach was made by Chinese hackers looking for data on US citizens.

Timing: 2014-2018

#4: Adult Friend Finder

By the numbers: 412.2 million accounts

Organization: Adult Friend Finder

Exposed data: Names, email addresses and passwords.

Details: Hackers collected 20 years of data on the FriendFinder Network, a grouping of six adult website databases including Adult Friend Finder, Penthouse.com, and Cams.com. Most of the passwords were protected by the easily breakable SHA-1 hashing algorithm.

Timing: October 2016

#5: eBay

By the numbers: 145 million users

Organization: eBay

Exposed data: encrypted passwords along with addresses, dates of birth, and other personal information.

Details: Hackers gained access to eBay accounts through stolen login credentials from three employees.

Timing: May 2014

#6: Equifax

By the numbers: 143 million people

Organization: Equifax

Exposed data: Personal information (including Social Security Numbers, birth dates, addresses, and in some cases drivers’ license numbers and credit card data.

Details: Equifax is one of the biggest credit bureaus in the USA. Hackers were able to hack its servers by exploiting a vulnerability in unpatched, open-source software. The breach lead to the direct theft of several hundred thousand identities.

Timing: July 2017

#7: JP Morgan Chase

By the numbers: 83 million home and business accounts

Organization: JP Morgan Chase

Exposed data: personal data on bank clients including names, email addresses and phone numbers.

Details: Hackers used the Heartbleed vulnerability to penetrate the bank servers. Stolen data was used in identity theft schemes and money laundering.

Timing: July 2014

#8: Sony’s PlayStation Network

By the numbers: 77 million PlayStation Network accounts

Organization: Sony

Exposed data:  More than 77 million accounts of which 12 million had unencrypted credit card details. Hackers got users’ full names, passwords, emails, home addresses, purchase history, credit card numbers and game PSN/Qriocity login details.

Details: Sony servers hacked, game site knocked offline for a month. Users reported fraudulent use of payment cards.

Timing: April 2011

#9: Uber

By the numbers: 57 million drivers and customers

Organization: Uber

Exposed data: names, email addresses, phone numbers, and license plate numbers

Details: Hackers stole engineers’ credentials from a private GitHub account, then used those credentials to break into an Uber Amazon account. Uber tried to conceal the breach by paying off the hackers.

Timing: October 2016

#10: Sony Pictures

By the numbers: Over 100 terabytes of data

Organization: Sony Pictures

Exposed data: Confidential company communications, private data, company records

Details: Spear-phishing attack and stolen employee credentials used to hack the Sony network. The attack – and subsequent damaging of the company network – have been attributed to North Korean hackers.

Timing: 2014

Exit mobile version