Even though you may not hear much about the top data breaches in the news unless you read tech publications, several horrific examples have occurred in the past few decades. These cybersecurity meltdowns can cost millions of dollars to fix the damages on top of litigation and reputation issues. Here’s a look at some of the worst online data disasters of all time.
Related: Why You Need to Strengthen Your IIoT Security
Adobe, October 2013
Over 150 million user records were breached as Adobe reported cybercriminals gained access to nearly 3 million credit card records. The hackers were also able to crack encryption and steal login data for an initially unannounced number of accounts. Later in the month, Adobe added that IDs and passwords were breached for 38 million active users.
Many cybersecurity experts considered this event one of the top data breaches at the time. Adobe paid over $1 million in legal fees and an undisclosed amount to victims who filed claims against the graphic design provider for violating the Customer Records Act. Yet bigger breaches affecting other big players would follow.
MySpace, 2013 and Yahoo, 2013-2014
At one time, MySpace was the biggest social network while Facebook was the newcomer until it dominated social media in 2009. By 2013 MySpace was becoming a fading website, overshadowed by several social networks. What brought the original king of social media back into tech industry news in 2016 was the company’s announcement of a breach impacting 360 million user accounts three years earlier.
The data became available for sale on LeakedSource, a searchable database of stolen passwords used by hackers on the dark web. As bad as that breach sounds, it wasn’t nearly as shocking as Yahoo’s 2013-2014 breach of 3 billion user accounts. Technically, that’s actually the biggest breach ever if you count the victims.
First, Yahoo said in 2016 the disaster affected 500 million users, then revised it to the 3 billion figure the following year. These attacks eventually cost Yahoo’s later parent company Verizon about $350 million.
Keep reading: 5 Ways to Keep Smart Appliances Safe from Security Threats
eBay, May 2014
This cybersecurity breach exposed the online marketplace provider’s entire list of user accounts, which added up to 145 million. Hackers broke through encrypted passwords to breach confidential information such as names, addresses, and birthdates. Fortunately, credit card numbers were stored in another location and weren’t compromised.
Equifax, July 2017
One of the most widely-reported data breaches affected one of the three major credit bureaus. It exposed around 143 million customer accounts. It proved that no one is too big to be immune to a cyberattack. Even though the company originally thought the breach occurred on July 29, it later announced the attack probably began in May.
Exposed in the breach were consumer credit card numbers, social security numbers, drivers’ license numbers, and other confidential data. An unpatched application vulnerability allowed the attackers to penetrate the system. Not only was the network not well segmented, Equafix did not report the incident to the public immediately.
Canva, May 2019
The Australian graphic design cloud service was hit with a cyberattack that compromised email addresses, usernames, and other sensitive information, which impacted about 61 million users. Canva initially stated the attack was limited to the intruders viewing data without stealing it. Known as Gnosticplayers, the perpetrators notified ZDNet to take credit for the attack.
Later the story got worse when Canva revealed about 4 million user accounts with hacked passwords were discovered by the company. More shockwaves were felt when the company announced these passwords had been decrypted and shared online.
Read more: All You Need to Know About Ransomware and Ways to Prevent It
Conclusion
What can we learn from the top data breaches of all time? One thing is that organizations of all sizes – even tech or financial giants – can be breached. Another revelation is we usually don’t find out about the worst breaches until years later. So, it’s best to take cybersecurity seriously and implement the strongest cybersecurity strategies available for both personal and business related data.