Personal information such as your address, name, credit card is really valuable in the dark markets.
Hackers want that kind of information to sell or to steal identities so they can remain anonymous and blame yours for their criminal acts.
There are a lot of people that use the expression “They can hack me, I have nothing to hide”, next time think twice, everyone, even if they say “I have nothing to hide” have to keep their personal information, personal.
We’re going to cover the biggest data breaches of 2018. If you didn’t know about these and you use any of the following services, review your security options and change passwords.
10 – Timehop – 21 million users compromised
Timehop is an app for iPhone that brings together memories from photos you’ve uploaded in the past and creates you a story tell of your life, remembers you what you’ve done in that day in other years.
This breach happened because one of the credential access to the cloud computing environment was compromised. The account was not protected with multi-factor and that led the hackers to steal names, emails, and some phone numbers.
It happened between December 2017 and July 2018.
9 – Ticketfly – 27 million users compromised
Ticketfly is an online platform for selling tickets for any kind of event.
Ticketfly was targeted by a hacker named “IsHaKdZ”. He compromised the site’s webmaster and gained access to a database called “backstage”, this database contained personal information from clients that purchased tickets there (festivals, parties tickets, etc).
The personal information that was compromised was names, addresses, emails, and phone numbers.
This huge breach was discovered in late May 2018.
8 – Facebook – 29 million users compromised
Hackers were able to exploit Facebook Code and get their hand on “access tokens” (digital keys that give them full access to compromised accounts), then they stole highly sensitive data like locations, contact details, relationship status, recent searches and devices used to log in.
Happened between July 2017 and September 2018.
7 – Chegg – 40 million users compromised
Chegg is a platform where you can sell, buy or rent books. It also offers help in homework 24/7 with their tutoring service.
According to Chegg’s SEC filing: “An unauthorized party gained access to a Company database that hosts user data for chegg.com and certain of the Company’s family of brands such as EasyBib.”
The hackers had access to names, emails, shipping addresses, usernames, and passwords.
Happened between April 2018 and September 2018.
6 – Google+ – 52.5 million users compromised
After a report from the Wall Street Journal about a glitch in google that revealed personal data from 500.000 users, they announced the shutdown of the social platform.
In December Google suffered another data breach in the platform even bigger, 52.5 million users personal data got exposed, now they announced the shutdown of the platform for April 2019. This data breach leaked private information on Google+ profiles, names, employer and job title, emails, birth date, and relationship status.
The first leak was in 2015 and the second happened now in 2018.
5 – Quora – 100 million users compromised
A “malicious third party” accessed one of Quora’s systems.
It stole names, email addresses, encrypted passwords, data from user accounts linked to Quora, and users’ public questions and answers.
Discovered in November 2018.
4 – MyFitnessPal – 150 million users compromised
This is an app and website that tracks your diet and exercise to determine optimal caloric intake and nutrient for the users.
An “unauthorized party” gained access to data from user accounts on MyFitnessPal, an under Armour-owned fitness app.
The users of that app saw their usernames, emails, and passwords exposed.
This was found in February 2018.
3 – Exactis – 340 million users compromised
Exactis is an American data broker.
This breach was found by a security expert Vinny Troia. Basically, he found a database with pretty much every US citizen in it left exposed on a publicly accessible server. It’s unknown if this vulnerability was exploited by hackers.
This database contained in it detailed information compiled on millions of people and businesses including phone numbers, addresses, personal interests and characteristics, and more.
Found in June 2018.
2 – Marriott Starwood hotels – 500 million users compromised
Marriott International is an American multinational diversified hospitality company that manages and franchises hotels and related lodging facilities.
Hackers accessed the reservation database for Marriott’s Starwood hotels, copied and stole all the guest’s information.
The data stolen was phone numbers, email addresses, passport numbers, reservation dates, and some payment card numbers and expiration dates.
Happened between 2014 and September 2018.
1- Aadhar – 1.1 billion users compromised
India’s government ID database, which stores citizens’ identity and biometric info, experienced “a data leak on a system run by a state-owned utility company Indane.”
Indane hadn’t secured their API, which is used to access the database, which gave anyone access to Aadhar information.
In the breach, private information on India residents, including names, their 12-digit ID numbers, and information on connected services like bank accounts got leaked.
The date of the first breach is not known but this was found in March 2018.