Here are the 7 largest data breaches in history

Hackers have exposed hundreds of millions of records from Facebook, Microsoft and other tech giants. Here are the biggest privacy disasters of the last decade.

By Robert Stevens

5 min read

Decentralization is the buzzword on everyone’s lips—from world leaders talking about blockchain to Jack Dorsey wanting to decentralize Twitter.

The nascent technology offers a number of benefits, including making data more secure. Centralized databases have often been exposed, leading to massive data breaches. So, to highlight why decentralized tech is so important—and considering that today is International Data Privacy Day—we’ve rounded up the biggest data breaches of the last decade.

1. Capital One

Capital One is the 11th largest bank in the US. Image: Shutterstock.

In March 2019, Paige Thompson, a former employee of online retail giant Amazon, exploited misconfigured firewalls on Amazon servers rented by Capital One, a global credit card company, to gain access to 106 million records. Records included 140,000 US Social Security numbers, one million Canadian Social Insurance numbers, and 80,000 bank account numbers, according to data published by Capital One.

Thompson also used the servers to mine cryptocurrency, a practice known as “cryptojacking”. Her crime spree ended after she boasted about her deeds on file hosting platform GitHub; one of her trusted friends then snitched on her to the FBI.

2. Microsoft

Microsoft's error left a huge amount of data available to anyone. Image: Shutterstock.

In late December 2019, Microsoft discovered that an internal support database it was using for measuring analytics was misconfigured for around three weeks. As a result of the misconfiguration, anyone with a web browser could access over 250 million customer support records. An internal investigation by Microsoft found “no malicious use”, but that some customers had “personally identifiable information exposed.”

3. Friend Finder Networks

Friend Finder Networks is one of the largest adult dating sites. Image: Friend Finder Networks.

In 2016, over 412 million accounts on the adult dating site Friend Finder Network were hacked, exposing its users’ information, including email addresses and passwords.

The breach included 319 million accounts from AdultFriendFinder.com, the “world’s largest sex and swinger community”—15 million accounts that weren’t deleted from the network were included. Data from a further 62 million accounts of Cams.com were breached.

The 2016 hack didn’t leak sensitive information, such as each user’s sexual preference. But a prior hack on Friend Finder in 2015, in which 4 million accounts were compromised did.

Friend Finder Networks isn’t the only sex-related leak. A 2015 hack on Ashley Madison,  a hookup site for unfaithful partners looking for affairs, saw the breach of 32 million accounts. The site claimed to have almost 40 million accounts at the time. Information was used as part of a “sextortion” campaign, where those involved were threatened with leaks if they didn’t send money.

4. Marriott Hotels

Chinese hackers stole data from millions of Marriott's guests. Image: Shutterstock.

In late 2018, researchers discovered that computer systems of the Marriott hotel chain were breached by Chinese government hackers, exposing the personal details of around 500 million guests.

The hackers, suspected of working for China’s Ministry of State Security, the country’s spy agency, had been stealing personal records from its Starwood reservation system as far back as 2014. The hackers took information including encrypted credit card details, addresses, passport numbers, email addresses, phone numbers, and birth dates of guests who made reservations from 2014 to September 2018.

5. First American Corporation

A design defect exposed millions of records. Image: First American Corporation.

In May 2019, 885 million records from customers of the insurance company First American, were found to be publicly accessible. A spokesperson from First America told Gizmodo that the error was due to a “design defect” in one of its apps.

“Security, privacy and confidentiality are of the highest priority, and we are committed to protecting our customers’ information,” the company said. But it was too little too late.

6. Facebook

Facebook has had a few hiccups in keeping control of its data. Image: Shutterstock.

Hundreds of millions of user accounts from the social networking site Facebook were compromised or left exposed in three separate breaches in 2019.

The first, in March, left up to 600 million passwords exposed. In what Facebook called a “glitch,” employees of the company could view them in plain text. Facebook engineer Scott Renfo said that an internal investigation launched by Facebook did not find any “signs of misuse.”

The second, in April 2019, exposed information from over 540 million users, after a Mexican social media company, Cultura Colectiva, collected data from Facebook users on unsecured Amazon servers. The information, since removed, contained account names, ID numbers, comments and reactions.

The third, in December 2019, a data breach on the social networking site leaked the information of over 267 million users. The information was posted on a hacker forum for ten days before security researcher Bob Diachenko found it. The names, phone numbers and Facebook user IDs were already exposed in the hack. And that’s not even including the Cambridge Analytica scandal.

7. Yahoo

All of Yahoo's accounts were affected in one huge hack in 2013. Image: Shutterstock.

And now, the biggest data breach in history: Yahoo.

All of its 3 billion accounts were affected in a 2013 hack, the magnitude of which was only discovered years later when Yahoo was sold to Verizon for $4.48 billion in June 2017. Hackers stole names, birth dates, phone numbers, and passwords with poor encryption protection. In addition, they also got access to the security questions and backup emails, useful info in case they weren’t able to crack some of the passwords. Verizon pledged to “enhance” Yahoo’s security.

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News