By definition, a data breach occurs when sensitive, confidential, or protected information is intentionally/unintentionally released to an untrusted environment. In case you don’t know, data breaches may involve several things, including personal health information, trade secrets, and personally identifiable information. Furthermore, data breaches can occur as a result of several factors. First, it may occur when attackers hack into a corporate website, stealing sensitive data from the database. Apart from that, it can also occur as a result of missing software patches and weak passwords. Admittedly, there have been a lot of data breaches in the past years. According to a recent study by Statista, the US witnessed over 1,473 data breaches in 2019 alone. Furthermore, the country saw about 540 reported data breaches during the first half of 2020. That said, in this post, we’ll be sharing with you the top 10 biggest data breaches so far.
Here’s The Top 10 List Of The Biggest Data Breaches So Far
1- Adobe (October 2013)
Occupying the first spot on our top 10 list of the biggest data breaches so far is that of Adobe. The incident, which occurred in October 2013, affected the records of over 153 million users. Furthermore, according to reports, Adobe initially announced that hackers stole over 3 million encrypted customer credit card records and login data for several users. Later, the company revealed that IDs and encrypted passwords, belonging to 38 million users, were also stolen. Unfortunately, Adobe had to pay a fine of $1.1 million in legal fees, and about $1 million to the affected users.
2- Canva (May 2019)
Sitting on the second position on our list of the top 10 biggest data breaches is the one that happened to Canva. According to reports, the incident, which occurred in May 2019, affected the accounts of about 137 million users. Also, reports confirmed that the suspected hacker is GnosticPlayers. They later contacted ZDNet regarding the incident, saying that Canva was able to detect their attract and shut down the vulnerable server.
3- Adult Friend Finder (October 2016)
The incident with Adult Friend Finder occupies the third spot on our list of the top 10 biggest data breaches so far. In case you don’t know, Adult Friend Finder is a US-based internet company. In October 2016, reports confirmed that attackers took over most of the FriendFinder Network, including Penthouse.com, Cams.com, Stripshow.com, and Adult Friend Finder. Furthermore, they were able to hack about 412 million accounts.
4- eBay (May 2014)
Next, on our list of the top 10 biggest data breaches so far, is eBay. According to reports, the data breach incident, which occurred in May 2014, affected about 145 million users on the platform. Speaking about the incident, the company revealed that hackers utilized the credentials of three corporate employees to gain access to its network. Furthermore, it took the company about 229 days before discovering the attack. With that, it means that the hackers had enough time to acquire all the users’ data.
5- Dubsmash (December 2018)
Another incident on our top 10 list of the biggest data breaches happened to Dubsmash. In case you don’t know, Dubsmash is an American mobile application, which is compatible with both iOS and Android devices. It helps its users to smash their videos with pre-recorded dubbed sounds. In December 2018, about 162 million user accounts on Dubsmash were breached. Furthermore, reports confirmed that the affected information included usernames, phone numbers, unique email IDs, and many more. After acquiring the data from the platform, the attackers placed it on sale on the dark web, for about $20,000 in Bitcoin, .
6- Equifax (July 2017)
The data breach incident in Equifax occurred on July 29, 2017. We’re adding it to our list of the top 10 biggest data breaches because it affected 147.9 million consumers. For those who don’t know, Equifax is an American multinational consumer credit agency. Also, it’s one of the three largest companies in the industry. While explaining the incident, Equifax mentioned that the vulnerability of an application on one of its websites resulted in the data breach.
7- Heartland Payment Systems (March 2008)
Occupying the seventh spot on this list is the data breach incident involving Heartland Payment Systems. According to reports, the incident, which occurred in March 2008, resulted in the leak of about 134 million credit cards. Going into details, hackers took advantage of a known vulnerability on the platform. After that, they performed an SQL injection attack and acquired the information.
8- Sina Weibo (March 2020)
Next, on our list of the top 10 biggest data breaches so far, is the incident involving Sina Weibo. Speaking of it, reports confirmed, that over 538 million accounts on the platform were up for sale on dark web markets. The information acquired includes the real names, site usernames, phone numbers, gender, and location of each of the accounts. Since the hackers couldn’t acquire passwords to the Weibo accounts, they only offered to sell the acquired data for ¥1,799 ($250).
9- Yahoo (2013/2014)
Between 2013 and 2014, some hackers (state-sponsored actors) attacked the popular web services provider, Yahoo. During the incident, reports confirmed that over 3 billion user accounts were affected as a result of the data breach incident.
10- Zynga (September 2019)
Last, on our list of the top 10 biggest data breaches so far, is the incident involving Zynga. According to several reports, the incident, which occurred last year, affected about 218 million user accounts. Furthermore, reports also confirmed, that the popular hacker Gnosticplayers was behind the attack.