Five Biggest Data Breaches In History (That We Know About)

Uploaded on 2016-12-13 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Identity theft has clearly become the tactic of choice for hackers and cyber criminals. Here are the Top 5.

According to the data collected by Breach Level Index (BLI) database, there were 974 data breaches worldwide in the first half of 2016, up 15 percent from the 844 breaches during the previous six months (July to December 2015), and up sharply from the 766 data breaches in the first half of 2015.

More than 554 million data records were lost or stolen in the first half of 2016, compared with some 424 million lost or stolen during the previous six months. That represents a dramatic increase of 31 percent

Whereas in previous years’ theft of payment and financial data dominated the headlines, think of the Home Depot and Target attacks, for example, the past six months has seen the continuation of a trend that began in 2015 in which the theft of personal identifiable information has dominated.

Here are the 5 biggest and worst verified data breaches that we know of, so far.

Yahoo breach

In late 2014, hackers stole information associated with at least 500 million Yahoo user accounts. This breach was publicly disclosed by Yahoo two years later on September 22, 2016. This data breach is the largest discovered in the history of the Internet. User names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and encrypted passwords were compromised.

Marissa Mayer, the CEO of Yahoo, has known about the data breach since at least July 2016 but withheld the information from people, media, investors, and regulators.

FriendFinder breach

Social adult network service FriendFinder was breached, along with all of its other sites. The FriendFinder Network Inc. (FFN) operates AdultFriendFinder.com, webcam sex-work site cams.com, Penthouse.com and a few others; a total of six databases were reported in the haul.

The hack exposed 412,214,295 accounts, according to breach notification site Leaked Source. The worst part of this leak was that more than 900,000 accounts used the password “123456.”

The website had stored the user data in plain visible format or with the insecure secure hash Algorithm 1 (SHA-1).

Myspace breach

Although Myspace is not that popular anymore, users who had accounts on this social networking site should be aware that their old information could be up for sale online.

Time Inc., which bought the social networking site in February has said that names and passwords from more than 360 million Myspace accounts were compromised.

According to Time, the data was limited to usernames, passwords, and email addresses from the platform prior to June 11, 2013, when the site was relaunched with stronger account security.

Thomas White, a security researcher also known under the pseudonym TheCthulhu, has published the database of 427 million passwords for more than 360 million users of the social network.

LinkedIn breach

The social networking website LinkedIn was hacked on 5 June 2012, and passwords for nearly 6.5 million user accounts were stolen by Russian cybercriminals.

LinkedIn disclosed its 2012 data breach soon after it happened, but password-reset notifications at the time indicated that only 6.5 million user accounts had been affected and the actual number was never disclosed.

We don’t know why LinkedIn did not further investigate the original breach, or to inform more than 100 million affected users, in the intervening four years. According to LeakedSource, just 50 easily guessed passwords (123456) made up more than 2.2 million of the 117 million encrypted passwords exposed in the breach.

According to LeakedSource, just 50 easily guessed passwords (123456) made up more than 2.2 million of the 117 million encrypted passwords exposed in the breach.

Heartland Payment Systems

New Jersey-based payment processor Heartland Payment Systems was breached in 2009. This breach exposed information from approximately 130 million credit and debit cards to cybercriminals.

Malware planted on Heartland’s network recorded card data as it arrived from retailers. Because the company processed payments for more than 250,000 businesses across the country, the impact was huge.

The data stolen included the digital information encoded onto the magnetic stripe built on the backs of credit and debit cards.

An American computer hacker, Albert Gonzalez, was sentenced to 20 years in prison in 2010, the longest sentence ever handed down for computer crime in a US court.

PC Quest:       Review of Organised Cyber Crime:       'Hackers for Hire'- Major Police Effort To Fight Criminal Gangs:     

 

« Snowden Worried That He'll Face Prison Or Execution If Russia Sends Him Home.
Self - Flying Aircraft Take To British Skies »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Trulioo

Trulioo

Trulioo is a leading global identity and business verification company providing secure access to data sources worldwide to instantly verify consumers and businesses online.

VigiTrust

VigiTrust

VigiTrust is a security firm specializing in cloud based eLearning programs, security compliance portals and providing security assessments.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

Identifi Global Recruitment

Identifi Global Recruitment

Identifi Global is one of the UK's leading Cyber Security & IT Recruitment specialists.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

Satori Cyber

Satori Cyber

The Satori Cyber Secure Data Access Cloud is the first solution on the market to offer continuous visibility and granular control for data flows across all cloud and hybrid data stores.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.