The Biggest Data Breaches of the Last Decade

Back to Blog

When it comes to data breaches, 2020 certainly makes claim to some of the biggest. Many have been fuelled by the Coronavirus pandemic, with cybercriminals taking advantage of lack of security and people working remotely.

But not all data breaches have been confined to the last 12 months. Over the last decade we’ve continued to see cybercriminals up the ante, using more sophisticated means of breaching and exposing some of the most sensitive data held by large and small organisations across the globe.

As we look back over the last 10 years, there are certainly a few that come to mind as some of the biggest. Here are a few that we think deserve to be in the top 10.

Many you will no doubt remember, if not here’s a reminder.

The LinkedIn breach of 2012

The professional social networking site, LinkedIn, suffered a huge data breach in 2012. The breach was initially thought to have exposed 6.5 million passwords, but, in reality, it was more like 117 million accounts. The business networking giant was forced to reset passwords of all users who were thought to have been impacted.

The breach was first exposed when a hacker posted a list of 6.5 million unique passwords to a Russian hacker forum.

It wasn’t until 2016 that the full extent of the attack was uncovered.

The Adobe breach of 2013

The Adobe breach in 2013 is up there as one of the costliest data breaches of the last decade.

Towards the end of 2013, the software company suffered a severe data breach that resulted in hackers stealing nearly 3 million encrypted customer credit card records, as well as login data for an undetermined number of Adobe user accounts. At the time, reports stated that the breach impacted at least 38 million users.

Three years later, Adobe was fined $1.1 million for legal fees and for violating the Customer Records Act. North Carolina Attorney General, Ray Cooper, who announced the multi-state settlement said that the hacked servers contained the personal information of approximately 552,000 residents of 15 US states.

Adobe was ordered to pay the settlement and implement new policies and practices to prevent future similar breaches.

The eBay breach of 2014

In 2014, eBay fell victim to a catastrophic data breach, which led to the exposure of their entire account list (145 million users). The leaked data included names, addresses, dates of birth and encrypted passwords. And not only that, but the hackers also had complete access for 229 days after using the credentials of three employees. Gaining full access to the network they had plenty of time to compromise the user database.

The Yahoo data breach of 2014

In 2014, Yahoo fell victim to one of the biggest data breaches in history. The hackers who are believed to be state-sponsored actors, compromised over 500 million users! They gained access to real names, email addresses, dates of birth and telephone numbers.

However, this wasn’t a one-time deal, in 2013 it was announced that Yahoo had another breach in which cybercriminals gained access to names, dates of birth, passwords and security question answers of 1 billion user accounts. These breaches combined, knocked an estimated $350 million off the company’s value!

The MyFitnessPal breach of 2018

In 2018, MyFitnessPal fell victim to a massive data breach.

150 million customers’ usernames, email addresses and IP addresses and bcrypt-hashed passwords were leaked and a year later put up for sale on the Dark Web.

After urging the customers to change their passwords, MyFitnessPal didn’t share how many accounts were actually affected, nor how the cybercriminals gained access to the data.

The Canva data breach of 2019

In 2019, Canva suffered a data breach that exposed a multitude of sensitive data including: usernames, email addresses, names, cities of residence. This affected 137 million users of the platform. Thankfully, the hackers were only able to view and not steal credit card information, although that doesn’t change the fact it was available to view in the first place.

Canva notified the users with the usual path of advising users to create new a password but approximately 4 million account passwords were shared online, this led Canva to invalidate unchanged passwords and notify users who had unencrypted passwords shared online.

The Microsoft breach of 2020

In 2020, Microsoft disclosed a data breach that took place in December 2019 regarding their servers, of which 250 million entries were exposed online without any password protection. This leak included email addresses, IP addresses and support case details.

The database consisted of five ElasticSearch servers, of which misconfigured security rules were to blame for the accidental server exposure. Microsoft quickly fixed this issue with the intention that no more data leaks would occur.

The Wattpad breach of 2020

In 2020, the Canada-based website for writers, Wattpad, suffered an attack on its SQL database. The leaked database included more than 270 million records, with more than 268 million unique email address and password combinations. This incident caused Wattpad to reset all user passwords to help prevent any future attacks.

The Estée Lauder breach of 2020

In 2020, the U.S cosmetics giant, Estée Lauder, suffered a data breach, which exposed its unprotected database of 440 million records. The database contained sensitive data such as email addresses, internal documents and IP addresses. The company closed the database off once they were made aware of the situation.

The Whisper data breach of 2020

In 2020, the popular secret-sharing app, Whisper, left 900 million user records exposed online. Personal confessions that are meant to be anonymous and location coordinates of those users were publicly viewable on a non-password protected database. If accessed by hackers, this sensitive data could be used for identification and blackmail purposes. Access to the data was removed once Whisper was made aware of the incident.

Make sure your business isn’t next on the list. Get in touch to discuss how we improve your I.T. security:

Or get in touch on social media, via: