March 06, 2019 | 9 min read
The World's Biggest Data Breaches in the Last 5 Years
How does it feel to return home and find your door open, unlocked? Inside, everything seems ok. But, what actually happened in your home during the day? Cue some sleepless nights and some prolonged anxiety about leaving your house day after day.
The same is true about your digital “property,” the various accounts you have. As the world's biggest data breaches affect billions of users, it’s easy to fall victim to them. Wait…billions? Yep, you heard it right.
Since 2005, over 9,000 data breaches and an astounding 11,583,442,497+ leaked records were reported. (Does this number look right to you? If you have better data, share it in the comments section!)
The top 6 data breaches in the last 5 years
The Yahoo breach
Accounts affected: 3+ billion
Years: 2013–2014 (disclosed in 2016–2017)
First, the company announced that 500 million user accounts were compromised due to an attack in late 2014. User names, email addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, security questions and answers were stolen.
A few months later, the web giant shook the community with a new revelation: this time the Yahoo hacked accounts list included more than one billion records. The reported breach happened in 2013 and was attributed to a different group of hackers.
Yet, it’s not the end of the story. In 2017, Yahoo published a statement claiming that actually all its user accounts were affected by the 2013 theft. At that time, there were about 3 billion Yahoo accounts, which is comparable to about 40% of the global population in 2017.
Accounts affected: 383–500 million
Staying in a high-end hotel is an exciting experience. Having your personal data compromised afterwards? Not so much. Yet, that’s what happened to millions of Marriott-Starwood hotel guests.
After Marriott bought Starwood in 2014, it became the world’s largest hotel chain. For four years, hackers had access to the Starwood database, stealing passport data, phone numbers, email addresses, and some credit card details.
In 2018, when the Marriott Starwood data breach was discovered, the company announced that about 500 million guests were affected. Yet, in early 2019, Marriott said that “only” 383 million records were stolen. Eventually, the company offered a service for their guests to check if they became victims of the breach. Ironically, this system requests quite a lot of personal information to proceed.
FriendFinder Networks breach
Accounts affected: 412 million
For many people, their account on a typical dating website is quite a sensitive topic. So, a data breach at FriendFinder Networks, an adult entertainment company, was especially stressful for the victims.
The numbers here are impressive: over 412 million accounts were exposed with usernames, passwords, emails, and other details uncovered. The database contained information added throughout the previous 20 years, including deleted accounts—not a pleasant discovery for those who wanted to forget their youthful adventures.
Accounts affected: 360 million
Here’s another case that makes you worry about accounts on the websites you stopped using a long time ago. Myspace was extremely popular in the late 2000s, but the security standards back then were lower than today. This is why Myspace’s database of 360 million accounts became an attractive target for a hacker.
Email addresses and passwords to accounts created prior to June 11, 2013 were stolen and made available in a hacker forum. Myspace attributed the data breach to a Russian cyberhacker “Peace.”
Under Armour breach
Accounts affected: 150 million
In 2018, you would probably expect that at least all large companies would be immune to breaches. Too bad, this incident proves it wrong.
In March 2018, Under Armour announced that around 150 million of its MyFitnessPal app accounts were hacked. The stolen data included usernames, passwords, and email addresses.
Under Armour experienced immediate “feedback” as its shares dropped almost 4% during after-hours trading. Moreover, one of the app users filed a lawsuit against the company soon afterwards.
What’s interesting here is that some of the passwords in the app were encrypted in a stronger way, while some were encrypted using a weaker function. It’s unlikely that the users could know about that, but now they might face consequences of different severity.
Accounts affected: 143 million
The final one in this list of recent data breaches is the Equifax breach. Equifax is one of the largest credit reporting agencies in the US. Hackers gained access to the data of more than 143 million Americans due to a vulnerability on one of the company's web servers.
The stolen information included names, dates of birth, Social Security numbers, addresses, and, in some cases, credit card numbers and driver’s licenses. By the way, the CEO of Equifax was himself a victim of identity theft three times before.
According to the official governmental report on this accident, Equifax breach “was entirely preventable.” It happened because the company’s security practices and policies were inefficient and its systems were outdated. Again, this is one of the facts that the breach victims could neither foresee nor influence.
What do the big numbers mean?
The list of recent data breaches could go on and on. Well-known cases, including the Anthem data breach, Uber’s hushed-up attack, Twitter’s password exposure, and many more, add millions more victims to data breaches statistics.
Yet, some researchers say that the impact of a data breach is not defined by the number of the affected accounts. For instance, Danyal Effendi from PureVPN says, “I believe the top data breach in the last 5 years is hacking of U.S. Department of Justice’s database on the 9th of February 2016… According to CNN, they released data including personal information of 10,000 employees of the Department of Homeland Security and 20,000 FBI employees… I rank it is as top data breach of the year because it can still have an effect on greater stakeholders such as governments, politicians, US national departments, as well as common men.”
Why do data breaches happen?
Cybersecurity experts note that there are two main reasons for the breaches being widespread:
- Technologies are changing and new services appear while the security specialists often don't have enough time, skills, or technical possibilities to configure them properly. As a result, they don’t protect their products efficiently enough.
- Lack of experience in working with security technologies, weak security processes, and mere inattentiveness have their negative impact as well.
Consequently, it is critical that all those involved in digital product development keep up with new security standards at all stages.
How to stay protected?
2018 research proved that out of 3.5 billion exposed credentials, in 24% of cases, the same password was reused for different accounts and, in 90% of cases, the password was altered just a little bit. Do not follow this practice.
Here are five easy steps to strengthen your online security:
- Create unique passwords for each new service that you utilize. Consider using a password manager (such as 1password, LastPass, or KeePass) to be able to use complex passwords while not having to remember them.
- Enable two-factor authentication for your accounts to make it harder for hackers to break in.
- Check if your email was hacked. You can also subscribe for breach notifications regarding your email.
- If the breach has already happened, change the password on the respective website immediately. Make sure to do the same for any other accounts if you use the same password for them.
- Consider using automated privacy protection tools to keep you safe.