As the world gets more interconnected and the surveillance state grows, it’s clear that lots of private data about us – our activities, health, finances, really everything – is being collected about us.
This massive collection of data is creating additional issues. It’s a near impossibility to keep all of that private data secure and under wraps. This data is being lost, mishandled, and stolen at a record pace. There have been three breaches of over 500 million records in the first quarter of 2019 alone. It is also not the big breaches one should worry about. There is a constant drip-drip-drip of smaller breaches from companies, health institutions, and governments that get less press attention, but can still impact your privacy. Whether you are an individual or a corporation, these can take a toll on your privacy and finances.
For the individual, security means putting your own digital house in order, using secure and individual passwords for your various accounts, preferably with the use of a password manager to keep them straight. It also means keeping alert to when someone in your digital food chain has had a data breach and you need to change passwords and account credentials – a service provided with the Avira Password Pro.
Top 10 data leaks
#1: Yahoo
By the numbers: 3 billion user accounts
Organization: Yahoo
Exposed data: account name, passwords
Details: All Yahoo users were affected by the breach which has been attributed to Russian hackers. The breached data included names, email addresses, dates of birth, telephone numbers, and security questions.
Timing: 2013-2014
#2: Facebook and Cultura Colectiva
By the numbers: 540 million users
Organization: Facebook and Cultura Colectiva
Exposed data: Account names, passwords, IDs, comments and reactions to posts.
Details: Data was originally collected from Facebook and kept in unprotected Amazon servers used by 3rd party associates such as Cultura Colectiva, a Mexican media company. A second batch of data was from an app called “At the Pool” which had been dead for over four years.
Timing: uncovered in 2019.
#3: Marriott/Starwood
By the numbers: 500 million customers
Organization: Marriott International/Starwood
Exposed data: Ranged from just name and contact information up to a combination of contact info, passport number, loyalty club info, and credit card numbers.
Details: The breach started at the Starwoods hotel brand before its acquisition by Marriott. The stolen data has not appeared since in online forums, fueling the belief that the breach was made by Chinese hackers looking for data on US citizens.
Timing: 2014-2018
#4: Adult Friend Finder
By the numbers: 412.2 million accounts
Organization: Adult Friend Finder
Exposed data: Names, email addresses and passwords.
Details: Hackers collected 20 years of data on the FriendFinder Network, a grouping of six adult website databases including Adult Friend Finder, Penthouse.com, and Cams.com. Most of the passwords were protected by the easily breakable SHA-1 hashing algorithm.
Timing: October 2016
#5: eBay
By the numbers: 145 million users
Organization: eBay
Exposed data: encrypted passwords along with addresses, dates of birth, and other personal information.
Details: Hackers gained access to eBay accounts through stolen login credentials from three employees.
Timing: May 2014
#6: Equifax
By the numbers: 143 million people
Organization: Equifax
Exposed data: Personal information (including Social Security Numbers, birth dates, addresses, and in some cases drivers’ license numbers and credit card data.
Details: Equifax is one of the biggest credit bureaus in the USA. Hackers were able to hack its servers by exploiting a vulnerability in unpatched, open-source software. The breach lead to the direct theft of several hundred thousand identities.
Timing: July 2017
#7: JP Morgan Chase
By the numbers: 83 million home and business accounts
Organization: JP Morgan Chase
Exposed data: personal data on bank clients including names, email addresses and phone numbers.
Details: Hackers used the Heartbleed vulnerability to penetrate the bank servers. Stolen data was used in identity theft schemes and money laundering.
Timing: July 2014
#8: Sony’s PlayStation Network
By the numbers: 77 million PlayStation Network accounts
Organization: Sony
Exposed data: More than 77 million accounts of which 12 million had unencrypted credit card details. Hackers got users’ full names, passwords, emails, home addresses, purchase history, credit card numbers and game PSN/Qriocity login details.
Details: Sony servers hacked, game site knocked offline for a month. Users reported fraudulent use of payment cards.
Timing: April 2011
#9: Uber
By the numbers: 57 million drivers and customers
Organization: Uber
Exposed data: names, email addresses, phone numbers, and license plate numbers
Details: Hackers stole engineers’ credentials from a private GitHub account, then used those credentials to break into an Uber Amazon account. Uber tried to conceal the breach by paying off the hackers.
Timing: October 2016
#10: Sony Pictures
By the numbers: Over 100 terabytes of data
Organization: Sony Pictures
Exposed data: Confidential company communications, private data, company records
Details: Spear-phishing attack and stolen employee credentials used to hack the Sony network. The attack – and subsequent damaging of the company network – have been attributed to North Korean hackers.
Timing: 2014