A data breach is the unveiling of classified, delicate, secure information to an unauthorized, suspicious territory. This data could have been released by malicious hackers or individuals for the purpose of stealing sensitive details like credit card and bank details, information on a corporation’s inner workings and secrets, patents, trademarks, and copyrights, being some of them. This could be done by a rival corporation to know the weaknesses and trade secrets of your company or even an individual.
Some of the most significant data breaches in history had left the world appalled and threatened. Let us look at some of them as reported on Cyberbeat, the leading online platform for news pertaining to the cyberworld: –
- Facebook – The social media giant was the victim to a data breach which exposed the personal information of over 540 million Facebook users on Amazon’s cloud computing service.
The data breach was traced back to two third-party app developers who were held accountable for exposing the information publicly. This was one the most impactful data breaches the world had seen as 146 gigabytes of sensitive user information was leaked which contained account names, IDs, details regarding comments and reactions to posts. Cultura Colectiva, a Mexican company, was held responsible for this breach.
- Yahoo! – The Yahoo! data breach has always been considered as the world’s biggest data breach. In late 2016, the company reported a data breach which dated back to the second half of 2014 and had impacted more than 500 million users. Another breach that occurred in August 2013 was also reported in 2016. It was later declared by the company that 3 billion i. e its entire user base had been affected by the breach. It was also reported that the hackers used web cookies as a method to gain access to the user’s account without even requiring a password, as the web cookies helped in forging login credentials. In March 2017, 4 men were charged guilty for the data breach, 2 of whom worked for Russia’s Federal Security Service (FSB).
- First American Financial Corp. – The breach was announced by Brian Krebs, a security researcher. He brought to light the exposé of 885 million confidential and private information which included bank details like the customer’s bank account number, bank statements, mortgage statements, tax documents, social security number and pictures of driver’s license. The information that was stored in the corporation’s server, which dated back to 2003 was revealed in plain sight. This was the result of a poor website design fault which is known as Insecure Direct Object Reference (IDOR).
- LinkedIn – In 2012, LinkedIn reported a data breach which stole 6.5 million users passwords. These passwords were revealed on a Russian hacker platform. However, it was only in 2016 that the impact of the breach was brought to light. The hacker who hacked LinkedIn, was also responsible for the MySpace hack and had stolen information of 165 million LinkedIn users and was selling them for five bitcoins which was equivalent to $2000 during that time.
- Marriott International – In late 2018, precisely November, Marriott International reported that the information of around 500 million customers was under threat as perpetrators had stolen the data. This breach first started taking place in 2014, on systems of Starwood hotel chains. These perpetrators conveniently lasted in the systems and were not discovered until September of 2018. The perpetrators stole information on contacts, passport numbers, preferred guest list numbers, travel information and other private information. More than 100 million customers had their bank details stolen, like their credit card numbers and expiration dates, but it was unclear if the perpetrators could decode the bank details. This data breach was traced back to a Chinese Intelligence organization which apparently had intentions of stealing valuable information about the US citizens.
- eBay – A data breach was announced by eBay that threatened 145 million of its users i. e, its entire user base. This breach occurred in May 2014. The data that was stolen included names, addresses, dates of birth and coded passwords. This hack was conducted by first hacking into the accounts of three company officials by using their credentials and then gaining access to the company’s networks. These hackers remained in the system for 229 days which gave them a lot of time to corrupt the entire user database. The users were asked to change their passwords. However, since the company had a separate storage system for credit card numbers, the bank details remained secure.
The Cyberbeat is a trusted source for all things related to cybersecurity. So, if you want to stay updated and aware, do not forget to religiously check their website. Better to be informed than sorry, isn’t it?