Daily Management Review

Five loudest data leaks


Data leaks occur daily around the world, so it is quite difficult to track them. However, they can be so large that it is impossible not to pay attention, since such leaks affect a huge number of people. And the consequences can be truly catastrophic.

1. Yahoo!

When: 2013-2014

Impact: 3 billion user accounts

In 2013, hackers gained access to 3 billion Yahoo! accounts. The hackers obtained names, date of birth, phone numbers, email addresses, hashed passwords, as well as questions and answers for password recovery. However, they were unable to get information about credit cards. The US Securities and Exchange Commission (SEC) fined Yahoo! for $ 35 million for the massive user data leak. The penalty will be paid by Altaba company, which owns part of Yahoo!, remaining after the sale of the main business of the corporation telecom operator Verizon. According to the regulator, Yahoo! failed to properly investigate this incident.

2. Adult Friend Finder

When: October 2016

Impact: over 412.2 million accounts

In the autumn of 2016, LeakedSource information security specialists obtained a database of user accounts for Friend Finder Network Inc services, as evidenced by the corresponding entry in their blog. The main business of FFN are dating sites, such as Adultfriendfinder.com, Cams.com and Penthouse.com. In total, the base consisted of almost 400 million accounts. According to experts, this was the largest leakage of accounts in 2016. According to LeakedSource analysts, most of the information about accounts was stored in the clear or protected using the SHA-1 hashing algorithm. As a result, about 99% of the data was decrypted. The top five most popular passwords include the combinations "123456" (used more than 900 thousand times), "12345" (more than 635 thousand times) and "123456789" (more than 585 thousand times), as well as "12345678" (more than 145 thousand times) and "1234567890" (almost 133 thousand times).

3. eBay

When: May 2014

Impact: 145 million users

In May 2014, a hacker attack brought data on 145 million eBay user accounts. The company recommended that customers immediately change their passwords, noting that these data were also stolen. According to eBay Inc., the incident happened somewhere "in late February - early March," but the hacking itself was discovered only in May. Forensic experts were called in to investigate, and after the worst suspicions were confirmed, the company made an official statement. Among the information stolen were data such as "names, encrypted passwords, email addresses, physical addresses, phone numbers and eBay customer birth dates."

4. Equifax

When: July 29, 2017

Impact: 143 million customers

On the night of September 7-8, 2017, it became known about the hacking of Equifax and one of the largest data breaches in recent years. For example, representatives of the North American division of Equifax reported that unknown perpetrators took possession of personal information of 143 million people (324 million people live in the USA), including social security numbers and driving licenses, full names, addresses, and so on. In addition, in 209 thousand cases, the documents also featured information on bank cards of the victims. Official representatives of Equifax reported that unknown persons penetrated the company's servers back in May 2017, but their presence remained unnoticed until the end of July 2017.

5. Heartland Payment Systems

When: March 2008

Impact: 134 million credit cards

From 2006 to early 2008, hackers have shown keen interest in one of the world's largest payment processing companies, Heartland Payment Systems. "Strong interest" led to the largest hacking of the payment system in the world and data leakage of 130 million credit cards. In 2008, a group of hackers, organized by Albert Gonzales, managed to penetrate the computer systems of Heartland Payment Systems and steal a huge amount of personal data from the company's clients. At the time, this security incident was called the largest data breach in US history. In 2008, Gonzales was arrested on charges of stealing 130 million bank card numbers.