Data Breach

The 10 biggest baddest data breaches of the 21st century

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.
Here are some of the biggest and baddest data breaches in recent years.

1. Adobe

153 million user records were breached in this incident.
In October of 2013, Krebs reported that a file posted just days earlier “appears to include more than 150 million username and hashed password pairs taken from Adobe.” Weeks of research showed that the hack had also exposed customer names, IDs, passwords and debit and credit card information.

2. Adult Friend Finder

412.2 million accounts were affected by this breach.
This breach was particularly sensitive for account holders because of the services the site offered. The FriendFinder Network, which included casual hookup and adult content websites like Adult Friend Finder,,, and, was breached in mid-October 2016. The stolen data spanned 20 years on six databases and included names, email addresses and passwords.

3. Canva

In May 2019, Canva suffered an attack that exposed email addresses, usernames, names, cities of residence, and salted and hashed with Bcrypt passwords (for users not using social logins — around 61 million) of 137 million users. Canva says the hackers managed to view, but not steal, files with partial credit card and payment data.

4. eBay

eBay reported that an attack exposed its entire account list of 145 million users in May 2014, including names, addresses, dates of birth and encrypted passwords. The online auction giant said hackers used the credentials of three corporate employees to access its network and had complete access for 229 days—more than enough time to compromise the user database. Financial information, such as credit card numbers, was stored separately and was not compromised.

5. Equifax

Equifax, said on Sept. 7, 2017 that an application vulnerability in one of their websites led to a data breach that exposed about 147.9 million consumers. The breach compromised the personal information (including Social Security numbers, birth dates, addresses, and in some cases drivers’ license numbers) of 143 million consumers; 209,000 consumers also had their credit card data exposed. That number was raised to 147.9 million in October 2017.

6. Dubsmash

This data breach affected 162 million user accounts.
In December 2018, New York-based video messaging service Dubsmash had 162 million email addresses, usernames, PBKDF2 password hashes, and other personal data such as dates of birth stolen, all of which was then put up for sale on the Dream Market dark web market the following December.

7. Heartland Payment Systems

Though it had long stopped being the powerhouse that it once was, social media site MySpace hit the headlines in 2016 after 360 million user accounts were leaked onto both LeakedSource (a searchable database of stolen accounts) and put up for sale on dark web market The Real Deal with an asking price of 6 bitcoin (around $3,000 at the time).

8. LinkedIn

In 2012 the company announced that 6.5 million unassociated passwords (unsalted SHA-1 hashes) were stolen by attackers and posted onto a Russian hacker forum. However, it wasn’t until 2016 that the full extent of the incident was revealed. LinkedIn acknowledged that it had been made aware of the breach, and said it had reset the passwords of affected accounts.

9. Marriott International

Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers. The breach initially occurred on systems supporting Starwood hotel brands starting in 2014.
The attackers were able to take some combination of contact information, passport number, Starwood Preferred Guest numbers, travel information, and other personal information. The credit card numbers and expiration dates of more than 100 million customers were believed to be stolen, but Marriott is uncertain whether the attackers were able to decrypt the credit card numbers. The breach was eventually attributed to a Chinese intelligence group seeking to gather data on US citizens, according to a New York Times article.

10. My Fitness Pal

MyFitnessPal was among the massive information dump of 16 compromised sites that saw some 617 million customers’ accounts leaked and offered for sale on Dream Market.
In February 2018 the usernames, email addresses, IP addresses, SHA-1 and Bcrypt-hashed passwords of around 150 million customers were stolen and then put up for sale a year later at the same time as Dubsmash et al. MyFitnessPal acknowledged the breach and required customers to change their passwords, but didn’t share how many accounts were affected or how the attackers gained access to the data.
The digital age has brought about ample opportunities for hackers to thrive. It may affect any brand, no matter what its operational size is. That’s where Trixter comes in. Don’t wait until you become a part of the list too! Let us help you.
You can get in touch with us by simply filling up the contact form here.
Follow Trixter Cyber Solutions on LinkedIn for a weekly dose of useful cybersecurity updates and information.


Leave a Reply

Your email address will not be published. Required fields are marked *