.png){kind=logo}
Data breaches are a huge problem for companies and government organisations. Data is widely regarded as one of the most important commodities in the modern world. It helps businesses find customers, create more profitable marketing strategies, and allow for more informed decision-making, among other things. Unfortunately, it's also much sought-after by criminals.
Hackers try and steal data for a variety of reasons. Sometimes it is to prove their skill, but often it is for monetary gain. Data can be sold on the dark web so other criminals can steal people's identities or login credentials. It can also be used as a tool to blackmail companies and for phishing scams.
Criminals always seem to be one step ahead and even though security measures are continually improving, hacks still take place. Over the years, there have been some truly disastrous data breaches, which caused a lot of damage to some major brands. As the data found on melitabusiness.com, some cyber-attacks were massive.
The biggest cyber-attack in history occurred in August 2013, although it didn't come to light until December 2016. Initially, Yahoo said the breach affected just over one billion customers, but it later revised this to three billion. An investigation later revealed that bank data and payment card information had not been stolen. At the time the news broke, Yahoo was being acquired by Verizon. The deal still went through but at a much-reduced price.
River City Media was a US-based SMS and email marketing company. It held massive databases containing a wealth of information, including names, addresses, IP addresses. The data breach was less of a deliberate hack and more of an oversight. An investigation by a data security researcher found that backups of MySQL servers were not password protected, and this information was exposed for around three months. It was unclear whether hackers had accessed the databases, but if they had, it would have been very valuable information indeed.
The Aadhaar data theft broke in January 2018. At the time, Aadhaar was the world's largest database, and the hack exposed data on more than 1.1 billion Indian citizens. The treasure trove of information stolen included names, phone numbers, addresses, and also biometric data. In addition, hackers also had access to bank accounts, even though it wasn't supposed to store this type of data.
It later transpired that the security breach was caused when a state-owned utility company accessed the database via a programming application. There were no access controls in place on the API, so hackers were easily able to gain entry. Even after the data breach came to light, it still took the authorities three months to fix the hole in the database's security.
885 million records from First American Financial Corporation were exposed in 2019, from an unsecured database. The records included complete identities of people who bought and sold properties, such as names, addresses, and social security numbers. Once again, the breach was caused by an unsecured database left on a web server. Rather than being deliberately targeted, the First American Corp leak was accidental, but it doesn't make it any less serious, especially for anyone affected by the breach. The company was later fined a whopping $7.5 million for their mistake.
A spambot is a computer program designed to spread spam. Somewhat ironically, one of the world's largest spambots accidentally leaked email addresses from around 700 million people us 2017, thus fuelling the problem. The leak was caused because the spambot had been wrongly configured. Security experts later said a lot of the data was fake, repeated, or malformed, but it still would have been valuable in the wrong hands. The leak does, at least, go some way to explaining why spam proliferates at such an alarming rate.
LinkedIn is the world's largest professional networking site, with more than 134 million active users. In July 2021, 700 million users had their data scraped from the site and posted on the Dark Web. This was done by exploiting LinkedIn's API. LinkedIn claimed at the time that no private personal data was stolen, but a sample posted online revealed enough data to ensure cyber criminals would have enough to start a wave of phishing and social engineering attacks.
In 2010, Facebook was found to have allowed Cambridge Analytica access to private data from millions of users, without their consent. At the time, the scandal was huge. Unfortunately, this wasn't the end of Facebook's woes. In 2021, it emerged that Facebook had failed to properly deal with a platform vulnerability and by the time the issue was fixed, data from 533 million Facebook users had been leaked. Not surprisingly, Facebook users were not happy.
Other significant data breaches of note include those from Marriott International, Adult Friend Finder, and MySpace.
