A Look at Some of History’s Worst Data Breaches

While data breaches have dominated the InfoSec headlines (and increasingly the mainstream ones, too) for several years, they aren’t a new phenomenon. In fact, one of the first recorded hacks took place way back in 1903, and it involved breaching a Morse code transmission.

Technology has come a long way since then — and, unfortunately, so have hackers, cyber criminals, nation states and other bad actors. And really, it’s not hard to understand why: the demand for technology-led solutions is relentless and never-ending, and a lot of products that make it to market haven’t undergone rigorous security testing. Sadly, there’s no such thing as a truly “bulletproof” technology. Given enough time and resources, hackers will find a way in.

With this in mind, here’s a look at some of history’s worst data breaches:

Yahoo’s 2013 Breach

Yahoo’s 2013 breach is back in the headlines. While the initial reports said that (cue Dr. Evil voice) “1 billion” accounts were hacked, it turns out that ALL 3 billion accounts were hacked. That means everyone was and still might be vulnerable. You, me...heck, even your grandparents who think this whole internet thing is a weird fad, and things were a lot better back when the only mail you had to deal with was the kind that came with a stamp. The stolen data included names, telephone numbers, DOBs, passwords and security questions.

eBay 2014 Breach

As someone who buys stuff on eBay, I vividly remember the panic back in 2014 when it was revealed that hackers accessed the email addresses and encrypted passwords of all 145 million eBay users. Even more shocking is that the hackers didn’t hatch some super-sophisticated plan worthy of a Hollywood movie – they compromised the weak credentials of three eBay employees, and then spread out from there as if they had an all-access pass. If eBay employees used strong passwords, or if eBay had been using suitable PAM solution to protect high-access accounts and data, the breach wouldn’t have happened.

Equifax 2017 Breach

This one is still unfolding, and we probably haven’t heard the last of it (especially since the CEO kind of mysteriously just left the company…hmmm). In case you’re unfamiliar with Equifax, it’s a massive consumer credit reporting agency that collects and aggregates data on over 800 million consumers and more than 88 million businesses around the world. In this breach, hackers reportedly accessed sensitive data (names, social security numbers, DOBs, addresses, driver’s license information, etc.) of about half of the U.S. population, and about 10,000 Canadians (initially the estimate was around 150,000 Canadians, but the number has seen been reduced). Criticism of Equifax has been fast and furious, with everyone from security experts to politicians saying that Equifax was more interested in profits than security. Under relentless pressure, the company is re-assessing its security standards and technologies, and there will probably be some turnover in the executive ranks (as in: get lost and don’t come back). If you want more details on this scenario, and what has been learned so far, check out this article.

Anthem Medical 2015 Breach

Anthem is one of the largest health insurers in the U.S. It was victim to one of the largest breaches in history back in 2015, when 80 million people had their sensitive information stolen, including names, social security numbers, DOBs, addresses, emails, employment information, and more.

FriendFinder Network 2016

The FriendFinder Network owns and operates several sites, such as AdultFriendFinder, Cams.com, Penthouse, Stripshow and iCams.com. Unfortunately, back in 2016 hackers wanted to be included among the company’s friends, and ended up accessing more than 412 million accounts. As noted by Techcrunch: “FriendFinder messed up in a few ways. For one, the company either stored user passwords in plain text, without any protection, or hashed them using the notoriously weak SHA1 algorithm, according to LeakedSource. The company also kept logins for a site they don’t even run anymore.”

That’s not very friendly, is it?

“But Wait, There’s More!”

Obviously, I could spend the next several days writing about high-profile data breaches. In fact, in 2016 alone there were 4,149 confirmed breaches around the world, which exposed more than 4.2 billion records. And this is just the confirmed breaches! Plenty of breaches are unconfirmed or unreported (or under-reported). Here are some of the victims that wish they weren’t on the list:

• Cellebrite
• Instagram
• MySpace
• Dailymotion
• AOL
• Adobe
• eBay
• Target
• JP Morgan Chase
• Dropbox
• Apple
• LinkedIn
• US military
• Steam
• …and the list goes on.

If you want to dive deeper on this topic, here’s a great website where you can explore the worst data breaches year-by-year. Hopefully, you won’t see something and say to yourself, “Oh no, I had an account there!”

White Paper: How to Avoid Getting Hacked

Again, the truth is that it’s impossible to completely eliminate the possibility of being hacked. But you should take steps to lower the chances of becoming a victim, such as using a PAM solution, a robust password manager, and 2FA — or even better, MFA. To learn more about security breaches and how to prevent them, I invite you to download our free white paper.