Did you know that the biggest data breaches of all time happened to the most prominent businesses worldwide? In recent years, millions and even billions of user accounts got compromised, with sensitive data falling into the hands of miscreants.
This is why it’s crucial to strengthen your data security, especially if you run a large-scale business in Australia. Security measures like penetration testing should be done if you don’t want to suffer what six brand giants experienced from hackers.
6. Equifax
Affected Accounts: More than 140 million
On September 7, 2017, Equifax reported that a security breach occurred due to an application vulnerability on one of their websites. The consumer-credit-reporting agency discovered the breach on July 29, but they said it possibly started in Mid-May. This may not be the biggest, but it’s one of the most damaging data breaches of all time.
Hackers obtained personal information such as Social Security Numbers, addresses, birth dates, and in some instances, driver’s license numbers. This compromised more than 140 million accounts. With those sets of information, hackers can pretend as someone and set up loans, mortgages, credit cards, and other relevant agreements.
5. eBay
Affected Accounts: 145 million
Online auction giant eBay found out in May 2014 that hackers got into the company network and gained complete access to their user database for 229 days. They said the cyberattack happened when hackers got a hold of the credentials of three eBay employees. According to John Donahue, the breach caused a decline in user activity but had little impact on their revenue.
The data breach exposed names, addresses, birth dates, and encrypted passwords of eBay’s 145 million users. The company assured the public that financial information like credit card numbers was not compromised. However, they asked their consumers to change their passwords.
4. LinkedIn
Affected Accounts: 165 million
In 2012, LinkedIn disclosed a security breach soon after it happened. However, the scope of the breach was not revealed until 2016, where a whopping 165 million user accounts had been exposed to hackers. After four years since the breach, about 117 million usernames and passwords went up for sale on the Dark Web, which came from the 2012 breach.
The number of affected accounts prompted other services to force their own users to change their passwords. However, the world’s top business network refused to investigate the said breach further.
3. FriendFinder
Affected Accounts: More than 412.2 million
In mid-October 2016, hackers obtained access to adult content and casual hookup websites from the FriendFinder network. This includes Adult Friend Finder, Stripshow.com, iCams.com, Cams.com, and Penthouse.com. The breach happened because hackers exploited a Local File Inclusion Vulnerability in the said networks.
Hackers got a hold of 20-years worth of data from the said databases. They obtained names, email addresses, and passwords that immediately began leaking out of cybercrime forums. Most of the passwords were secured by the weak SHA-1.
2. Marriot Hotel
Affected Accounts: 500 million
In November 2018, worldwide hotel chain Marriot reported that about 500 million customers’ data had been compromised in a cyberattack. The breach happened on systems supporting its Starwood Hotels subsidiary, which dates back in 2014, two years before Marriot acquired Starwood. Hackers remained in the system until 2016, and the attack was only discovered in September 2018. According to a New York Times article, the breach was attributed to a Chinese intelligence group that aims to collect information on US citizens.
Names, mailing addresses, and email addresses were stolen from all 500 million customers. On the other hand, birthdates, passport numbers, genders, and Starwood Preferred Guest account information were compromised for 327 million of those guests. Credit card numbers were also stolen for 100 million customers, but Marriot is uncertain whether the hackers were able to decrypt them.
1. Yahoo
Affected Accounts: 3 billion
Yahoo did not only win the Biggest Data Breach of All Time award once, but it did twice on two consecutive years. In September 2016, the once-dominant Internet giant disclosed a cyberattack that took place in 2014. The said attack compromised the data of 500 million users, including real names, email addresses, birthdates, and telephone numbers.
But it didn’t stop there. In December 2016, Yahoo made another announcement that a separate case of data breaching occurred in 2013, which compromised a whopping 1 billion user accounts. Hackers acquired names, birth dates, email addresses, and even security questions and answers from the said breach. However, these numbers were later changed as Verizon, Yahoo’s new owner, found out that 3 billion user accounts were actually compromised. That’s every single account on Yahoo, Tumblr, Flickr, and dozens of other online properties Yahoo owned that time.
What do we learn from these data breaches? Don’t get complacent with your current security measure. Always seek for innovative ways to protect yourself and your business from hackers.