If you are to travel back in time to the 1980s, you would have considered data to be nothing but a piece of information. However, an unprecedented advancement in the realm of technology has given glamorized data. Needless to say, in the 21st century, Data is wealth. Our world’s wealthiest people have harnessed this data in one way or the other. However, they are like White Hat Hackers. In this sense, they try not to misuse it. But, there are people who hack into systems to take this data and make some quick cash out of it. Typically, such people target renowned companies. Because they obviously will have a lot of data. Stick till the end to see how personal information of around 3 Billion people was stolen from a leading search engine.
1. Adobe
In 2013, 38 Million user’s login data and credit card details were stolen from Adobe. In addition to that, a total of 150 million usernames and passwords were also harvested, putting Adobe in a precarious position. Shortly after the news broke out, Adobe had to pay $1.1 Million in legal fees and another $1 Million to users. They had to pay this amount for violating the Customer Records Act and unfair business practices. Later on, it was identified that this massive code leak had affected the company’s Photoshop family. Following the attack, Adobe had their user’s password reset.
2. Canva
If you’ve been using Canva, then you should know that this Australian graphic designer tool was hacked. In 2019, around 137 million user accounts were hacked and details such as email addresses, usernames, names, cities of residence, and salted and hashed with bcrypt passwords, were harvested. Although they didn’t steal the credit card and payment data, the hackers gained access to it. The suspects were later identified as “Gnosticplayers”. The company claimed that they had detected the attack and had closed down their data breach server. However, a list of 4 million user accounts having stolen user passwords was decrypted and shared online.
3. eBay
If you think you can’t hack into an online auction giant, then you’re probably wrong. In 2014, eBay’s account list consisting of 145 million users were hacked. The data had everything from names, addresses, and dates of birth to encrypted passwords. Later on, it was identified that the hackers had used the credentials of 3 employees. That’s not all, they had had access to this data for 229 days. To minimize the impact, eBay asked its users to reset their password. Since the credit information was stored separately, it was not compromised.
4. Equifax
One of the biggest credit card bureaus in the United States, Equifax witnessed a massive data breach in May 2017. It wasn’t until July 2017, that the company had identified this breach. An investigation revealed that an application vulnerability on their website led to this breach. As a result of this, personal information of more than 143 million users was exposed. Out of which, 209,000 had their credit card data compromised. The company was criticized for its security and response lapses. As a matter of fact, the application vulnerability that the attackers gained access to, was unpatched.
5. Heartland Payment Systems
Equifax was spared with only 209,000 credit card data misuse. But, Heartland Payment Systems’ data breach exposed as much as 134 million credit card data. The attack was as a result of an SQL injection exploit. At the time when their system was breached, Heartland was processing 100 million transactions per month. Despite being informed about the possibility of such an attack, Heartland cared less. Following the breach, the Payment Card Industry deemed Heartland out of compliance with its DSS or Data Security Standard. Moreover, the company had to pay $145 Million in compensation for this fraudulent payment.
6. Marriott International
Imagine giving away your passport number, contact information, and other personal information from a leading hotel group. That was what happened with Marriott International. The attackers reportedly stole data from 500 million customers. Out of which, the credit card details including the expiration date, of 100 million customers were stolen. Initially, the attackers breached the system of Starwood hotel brand in 2014. Then, after Marriott acquired Starwood in 2016, the attack continued and was only discovered in 2018.
7. MySpace
Before Spotify, it was MySpace that ruled the music streaming business. In 2013, the company’s privacy policy was in jeopardy when they discovered a data breach. The company released a statement in 2016 claiming a data breach of “a portion of accounts that were created prior to June 11, 2013, on the old Myspace platform”. This included 360 million user accounts. The data was then put on sale for 6 Bitcoins or $3000 at that time.
8. MyFitnessPal
MyFitnessPal was a part of a major data breach that harvested as much as 617 million data. The Under Armor owned fitness app had data of their 150 million users exposed to attackers. Later on, the details were sold through Dream Market. Even though they had informed all of their users about the issue, the company didn’t reveal the exact number. New York-based video messaging service, Dubsmash was also included in this massive data breach.
9. Sina Weibo
You might find it hard to recognize Sina Weibo. But, it is the Chinese version of Twitter. Recently, the app’s sensitive information was stolen and was put on sale for just $250 on the dark web. You might wonder why the hacker sold it for a small price. The target being 500 million+ accounts, the hacker acquired the real name, the site name, and the location of around 172 million users. Since the data lacked password and other sensitive information, it was valued low. But, this hack reportedly impacted as much as 538 million accounts. Do you think that’s a lot? Well, I hate to say this, there’s worse.
10. Yahoo!
Perhaps the biggest data breach in history, Yahoo’s security systems were breached by hackers in 2014. Eventually, data containing the name, date of birth, email address, and passwords were stolen from 3 Billion Yahoo users. Although the information was stolen in 2014, it took 3 years for Yahoo to reveal the exact numbers. The company held “state-sponsored actors” responsible for this breach. Needless to say, this act was an expertly choreographed espionage. Not only did it impact the users, but the company also lost $300 million. However, this loss was as a result of bad timing. Remember, how it took 3 years for them to go public with the exact numbers. Unfortunately for them, it was the time when Verizon was looking to acquire their core internet business. The deal was later closed for $4.48 billion.