Data Breach is one of the most common forms of cybercrime. Even after so many precautions and preventive measures, data thefts have victimized people and is showing no signs of slowing down.
May’s WannaCry mayhem proved to be the worst attack in recent memory. Here’s a refresher list of the top attacks that gave sleepless nights to individuals and corporations alike.
1. Yahoo (Over 1 billion accounts) –
With 1 billion and 500 million accounts compromised in 2013 and 2014 respectively, Yahoo was one of the first major brands that got blown to smithereens by hackers.
In August 2013, an unauthorized third party stole 1 billion user data which included account names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers. This breach was discovered in late 2016 and all the affected users were forced to change password and security questions and answers. This breach is considered to be the biggest breach of its kind on the Internet. It is extremely scary and can shake anyone’s trust as Yahoo is one of the most popular browsers.
There was another hit, in the year 2014, discovered in late 2016. Under this attack, 500 million users were victimized. The information compromised included account names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases encrypted or unencrypted security questions and answers. The only bright side was that the majority of Yahoo!’s passwords used the bcrypt hashing algorithm which is considered difficult to crack, the rest used the older MD5 algorithm which can be broken rather quickly.
2. TJX – 2003 (45.7 million)
The data breach happened at TJX chains, wherein a hacker stole 45.7 million customer credit card and debit card numbers along with driver’s licenses.
The infiltrator began by exploiting poor network security on a wireless network at a store. This allowed them to intercept customers’ credit card numbers as they made transactions from outside the store. They then used their open access point to track back to the company’s central database. TJX were storing customer’s personal data (and complete credit card numbers) in an unencrypted format, allowing the thieves to simply download them.
The stolen credit card details were used to buy gift cards to various stores which could be exchanged for goods. To launder the money, the gift cards were used for jewelry or electronic goods.
Indeed, it was the biggest retail data breaches which put a lot of people’s information at risk.
3. FriendFinder, 2016 (412 million accounts compromised)
Websites related to blind dates, casual hookup and adult content are legal in most western nations. Still, having such information being exposed could be embarrassing nonetheless. The FriendFinder network, comprising Adult Friend Finder, Penthouse.com, Cams.com, iCams.com, and Stripshow.com, was breached in late 2016 and user databases were leaked.
To the user’s dismay, most passwords were protected by the weak SHA-1 hashing algorithm, which resulted in 99% of the passwords being cracked within a month.
4. Ebay – 2014 (145 million user account compromised)
Ebay requested 145 million users to change their account passwords due to a breach that compromised encrypted passwords along with other personal information between Feb and March 2014.
As it is reported, the breachers didn’t gain access to Ebay through customer’s account but by employee account’s credentials. The hackers were not able to infiltrate user payment information via PayPal as it was encrypted, but users were asked to change their password as a preventive measure.
5. Heartland Payment Systems, 2008-2009 (130 million records compromised)
Heartland Payment Systems, the New Jersey-based payment processor, reported the largest data breach ever to affect an American company in 2009. Under this attack, 130 million credit and debit cards information was exposed.
Hackers planted Malware to record card data arrived from retailers. As the company processed payments for more than 250,000 businesses across the country, the impact was enormous.
6. Target Stores, 2013 (110 million records compromised)
In December 2013, Target Stores disclosed that hackers had infected the company’s payment card readers and stole 40 million credit cards and debit cards information. In Jan 2014, the company announced that 70 million customers contact information, full names, addresses, email addresses and telephone numbers had also been compromised. Some of those customers were said to be the common victims of both credit card and contact information breach.
7. Sony online entertainment services, 2011 (102 million records compromised)
In April 2011, Unknown hackers attacked the PlayStation Network that links Sony’s home gaming consoles, as well as Sony Online Entertainment, which hosts massively multiplayer online PC games, and the Qriocity video- and music-streaming service.
At first, Sony disclosed that 78 million PlayStation Network users information like login credentials, names, addresses, phone numbers and email addresses has been hacked. The number rose to 102 million when attackers penetrated SOE and Qriocity.
Following the initial breach declaration, the PlayStation Network was off the track worldwide for more than three weeks.
8. Anthem, 2015 (69 million to 80 million records compromised)
In February 2015, Anthem, prior known as WellPoint and the second-largest health insurer in the U.S., disclosed its customer database had been infringed. Compromised data incorporated names, addresses, dates of birth, Social Security numbers and employment histories. It was claimed that 80 million current and former customers were affected.
Also Read: Top 5 Ransomware Protection Tools
9. Home Depot – 2014 (56 million records compromised)
Home Depot’s payment terminals were exposed to a security breach which led to 56 million credit and debit card numbers were stolen. The Institute evaluated a loss of $194 per customer record compromised due to re-issuance costs and any resulting credit card fraud. Hackers made their way through stolen vendor login credentials into Home Depot’s systems. Once the credentials were undermined, attackers installed malware on Home Depot’s payment systems to collect consumer credit and debit card data.
10. LinkedIn, 2012 (6.5 million accounts compromised)
LinkedIn, the business- and employment-oriented social networking service divulged its 2012 data breach soon after it happened. The information was stolen by Russian cyber criminals. Password -reset notifications were only sent to 6.5 million user accounts out of 165 million accounts.
Internet security experts said that the passwords were easy to unravel because of LinkedIn’s failure to use a salt when hashing them, which in turns allows the attackers to quickly reverse the scrambling process using existing standard rainbow tables, pre-made lists of matching scrambled and unscrambled passwords. 90 percent of the passwords were cracked within 72 hours.
Thus concludes our list of the biggest data breaches of all time which left us vulnerable and scared.
So what do you think? Are you afraid of using your credit or debit cards at a store? Let us know in the comment section below.