Hackers are growing ever more sophisticated in stealing user identities and finding digital vulnerabilities in enterprise networks. This is the foremost reason why identity and endpoint security is critical to any organization. However, even the toughest security can be beaten by hackers and numerous cases have proved it to be true. In the first half of the dreadful year, 2020, about 3.2 millions of data from various companies have been looted by hackers. The breach has come from health care and medical centers, educational institutes. Breaches have been seen even in a U.S government agency. The information stolen from various institutions, sectors, and companies included people’s social security numbers, their medical reports, credit card details, and debit card information, bank information, driver’s license, etc. CSO collated a list of the biggest 21st-century security breaches and found a pattern emerging within the carelessness of the companies with the personal data of their users. A criterion emerged in which it was revealed that there was a clear difference between the data that were looted with malevolent intentions and data that were not so much stolen but was easily hacked into due to the inadvertently exposed data of users of certain companies. This carelessness of the company that left the data of their users unexposed created a ruckus.
The most famous ruckus was created by Twitter. Twitter inadvertently left the passwords of around 330 million users at that time exposed in a log. Although no evidence of misuse of these passwords or non-user login was found, it was a big breach.
Here are the top 10 breaches to the date of companies, websites that resulted in the loss or misuse of millions of users.
- Adult Friend Finder:
The Adult Friend Finder breach became a sensitive matter as they were providing extremely personal services to its users. This breach happened in the month of October in the year 2016. The Adult Friend Finder website belonged to the FriendFinder Network. This network contained websites that provide explicitly sexual material, adult contents, and hookup services between consenting adults. There were also apps like Penthouse, Cams, and iCams, etc in the network. When the network was hacked all these website pieces of information were looted. The data of users logged in a website called Stripshow were also stolen. This breach was detected during the third week of October in the year 2016. The data that was stolen included email ids of the users along with their names and other personal information.
- Ashley Madison:
This is perhaps the most scandalous item on the list if only because of the nature of the victims. In the year 2015, a notorious adultery enabling site suffered a data breach where the hackers tried to blackmail the site into shutting down or else have its user’s information publicly leaked. The hackers made good on this threat by dumping tons of gigabytes of user’s data and probably causing several suicides in its wake.
- The US Office of Personnel Management:
In the year 2015, this fourty-year-old government agency initially estimated the number of records hackers stole was around four million. Unfortunately, the number quickly rose up to 21.5 million within days of investigation. The pieces of information that were stolen contained both former and present federal employees. This hack possibly was backed up by another nation-state that managed to go undetected by the U.S officials for years. This breach created havoc as the stolen information was federal employees that risked their and their family lives. The aftermath of the US Office of Personnel Management resulted in the resignation of the director and CIO.
eBay is the most famous auction-based eCommerce site. Millions of users are registered to this website in the year 2014 when eBay announced that they have suffered a major hack. The information stolen by hackers included a total of 15 million user pieces of information. The pieces of information contained, user names, addresses, date of birth, and encrypted passwords of the users. All these pieces of information were compromised in one single attack. Hackers obtained all these data by stealing their credentials of three corporate employees.
- Under Armour:
Under Armour, the athletic apparel giant suffered a data breach in the year 2018. This happened when its My Fitness Pal app was breached by hackers. This hack resulted in the compromisation of 150 million user data. These data included usernames, email addresses, and passwords. The Under Armour received praise for its detection and response time at protecting more sensitive user data. However, Under Armour did receive criticism for securing user passwords with a weaker hashing scheme than others. This allowed the hackers to potentially hack them and sell them on the dark web.
The massively popular ride-sharing company makes the list of the worst hacks. This is not because of the scale of the personal data compromised. The number of data breached was merely a total of 57 million users and 600,000 drivers which is comparatively very less. The reason why Uber makes the list is that, the way the Uber executives handled the breach. Uber CEO Travis Kalanick and other executives learned of the breach in 2016 but decided to pay the hackers a hundred thousand ransom to keep silent. The company successfully covered up the breach for nearly a year before it became public in late 2017. When the public learned about the cyberattack, Kalanick lost his job and multiple lawsuits were filed against the company and uber value and business declined.
- The University Attacks:
In March of the year 2018, the US Department of Justice announced that 144 universities, 176 colleges abroad, 47 private corporations, and a few US states were hit by an intellectual property data breach spree. The hackers allegedly connected to the Iranian Islamic Revolutionary Guard Corps collectively stole 31 terabytes of data including academic journals, dissertations, and electronic books worth approximately three billion dollars. All these were obtained through specially crafted spear-phishing emails. The department of Justice eventually indicted nine Iranian hackers for their connection to this campaign.
- Home Depot:
The hack of this home improvement store in the year 2014 remains the largest retail credit card breach of all time. Over 50 million consumer credit cards were compromised in this one attack. Hackers manipulated the hardware of Home Depot’s Microsoft operating system allowing them to observe payment transactions, seven thousand self-service checkouts registers and skim inputted credit card numbers. In the wake of the attack, Home Depot offered nearly 20 million to settle a class-action lawsuit by the affected shoppers.
Yahoo one synonymous with email Yahoo has since become the prime example of the data breaches that can wreak enterprises. In the year 2016, Yahoo announced that it has been a victim of a data breach that compromised 500 million users’ personal data. Later they admitted that the data breach was actually of all their users at that time which was around three billion.
While the social media giant is often targeted by hackers, this particular case refers to 2019 reveal that Facebook stored hundreds of millions of users’ passwords in a plain text document. Compounding the problem, thousands of Facebook employees were actually able to search through this plain text data allowing them to look at all the unhatched passwords.