Some biggest data breaches in recent memory are the weight of security practitioners. Data breaches are not new as they happen daily, in many places at once to keep the count. But what is the formation of a huge breach against the small one?
Here we present you 21st century’s biggest or most significant breaches.
This list is not entirely based on the number of records compromised, but on how much risk or damage the breach caused by companies, insurers, and users or account holders.
In some cases, passwords and other information were secured by encryption, so a password reset removed the bulk of the risk.
Impact: 3 billion user accounts
Details: The past dominant Internet giant in September 2016, while in negotiations to sell itself to Verizon, announced it had been the victim of the biggest data breach in history, probably by “a state-sponsored actor,” in 2014.
The attack compromised the exact names, email addresses, dates of birth and telephone numbers of 500 million users.
The company said the “vast majority” of the passwords included has been highlighted using the strong bcrypt algorithm.
A few months later, in December, it disclosed that earlier records revealed that a breach in 2013, by a separate group of hackers had compromised 1 billion accounts.
Apart from names, birth dates, email addresses, and passwords, those who were not well protected as those included in 2014, security questions and answers were also compromised.
In October of 2017, Yahoo revised that estimate and said that, in fact, all 3 billion user accounts were compromised.
Breaches hit an estimated $350 million from the sale price of Yahoo. Verizon in the course of time paid $4.48 billion for Yahoo’s original Internet business.
The agreement called for both companies to share regulatory and legal liabilities from the breaches. The sale didn’t include a stated investment in Alibaba Group Holding of $41.3 billion and an ownership interest in Yahoo Japan of $9.3 billion.
An informed investment in Alibaba Group Holdings of $ 41.3 billion in sales and $ 9.3 billion of Yahoo! owned ownership in Japan was not included.
Founded in 1994, Yahoo was once valued at $100 billion. After the sale, the company changed its name to Altaba, Inc.
Date: Late 2016
Impact: The personal information of 57 million Uber users and 600,000 drivers were made public.
Details: The scope of the Uber breach warrants to join the list alone, and this is not the worst part of the hack. The way Uber handled breach after searching, it is a big hot disturbance, and it is a lesson for other companies on what not to do it.
At the end of 2016, the company learned that two hackers were able to get names, email addresses, and mobile phone numbers of 57 users of the Uber app.
They also get driver license numbers of 600,000 Uber drivers. As far as we know, no other data like credit card or social security numbers were stolen.
Hackers were able to access GitHub account of Uber, where they found the username and password credentials to AWS account of Uber. Those credentials should never have been on GitHub.
Here’s what’s the worst is: it was not until almost a year later when Uber had violated it. The worse thing is that they paid hackers $100,000 to destroy the data so that they could verify that this was a “bug bounty” fee. Uber fired its CSO due to the breach, effectively putting the blame on him.
It is believed that both the reputation and money have cost Uber extremely. At the time the breach was announced, the company was on talking terms with SoftBank to sell a stake.
Initially, Uber’s valuation was $ 68 billion Until the deal closed in December, its valuation decreased to $48 billion. All drops are not responsible for the breach, but analysts believe that this is an important factor.
Date: October 2013
Impact: 38 million user records
Details: Initially reported by security blogger Brian Krebs in early October, it took weeks to detect the scale of the violation and what it included. The company originally told that hackers have stolen around 3 million encrypted customer credit card records, as well as login data for one undefined number of user accounts.
Later in the month, Adobe asserted that the attackers accessed IDs and encrypted passwords for 38 million “active users”. But Krebs told that a file was posted a few days ago, which includes more than 150 million usernames and hashed password pairs taken from Adobe.
“After several weeks of research, it finally came out, as well as source code for many Adobe products, Hack also exposed customer names, IDs, passwords, and debit and credit card information.
In August 2015, an agreement called for Adobe to pay $ 1.1 million in legal fees and pay an unknown amount to settle claims of violating the Customer Records Act and unfair business practices.
In November 2016, the amount paid to customers was stated to be $ 1 million.
Date: May 2014
Impact: 145 million users compromised
Details: In May 2014, the humongous online auction reported a cyber attack in which it said exposed all 145 million users’ names, addresses, dates of birth, and encrypted passwords.
The company said that hackers came into the company network using the credibility of three corporate employees, and had full inside access for 229 days, during which time they were able to lead their way to the user database.
It asked its customers to change their passwords but said that financial information like credit card numbers, were stored individually and was not compromised.
At that time the company was criticized for its lack of communication in informing its user and poor implementation of the password-renewal process.
John Donohue, CEO said that the user activity has declined as a result of the breach, but the bottom line has had very little effect – its Q2 revenue increased by 13 percent and earned up to 6 percent, which was in line with analyst expectations.
5. Sony’s PlayStation Network
Date: April 20, 2011
Impact: 77 million PlayStation Network accounts were hacked; The estimated loss was of $171 million whereas the site was down for a month.
Details: This is seen as the worst gaming community data breach so far. When more than 77 million accounts were affected, 12 million had unencrypted credit card numbers.
Hackers acquired access to full names, e-mails, passwords, home addresses, purchase history, PSN/Qriocity logins, credit card numbers, and passwords.
“It is enough to surprise every person with good security,” If this is like Sony, then what is there at every other multi-national company that’s millions of user data records are sitting on?” Quoted by eIQnetworks’ John Linkous.
He says that it should remind those people in IT security to recognize and apply security controls usually across their organizations.
For customers, “Be careful to whom you give your data to. It cannot be worth the price to get access to online games or other virtual assets.”
Sony agreed to the initial $15 million settlement in a class action lawsuit over the breach in 2014.