Top 10 Data Breaches of 2018

Data leaks happen daily around the world, that it’s difficult to keep up.

But, today, we are only listing the biggest data breaches of 2018. If you use any of the following services, we advise you to review your security options and change passwords.

Personal data such as your name, address, and credit card number, is really valuable in dark web markets.

Hackers want that kind of information to sell or steal identities so they can remain anonymous, while blaming others for their criminal acts.

Lots of people think that: “They can hack me, I have nothing to hide”. But, next time, think twice! Everyone, even those who “have nothing to hide” must keep their personal information, personal.

10 – Timehop – 21 million users compromised

What company? Timehop is an app for iPhone that selects photos you’ve uploaded in the past to create a story of your life. It shows your dearest memories and reminds you of others you may have forgotten.

What happened? One of the credential accesses to the cloud computing environment was compromised. The account was not protected with multi-factor authentication. That made it easy for hackers to steal names, emails, and some phone numbers.

When? It took place between December 2017 and July 2018.

9 – Ticketfly – 27 million users compromised

What company? Ticketfly is an online platform that sells tickets for any kind of event.

What happened? A hacker named “IsHaKdZ” targeted Ticketfly. He compromised the site’s webmaster and gained access to a database called “backstage”. This database contained personal information from clients that purchased tickets (festival, party tickets, etc…).

The personal information compromised was mainly names, addresses, emails, and phone numbers.

When? It happened in late May 2018.

8 – Facebook – 29 million users compromised

What company? Facebook, developed by Harvard students has been facing scrutiny over how it handles the private data of its users.

What happened? Hackers were able to exploit Facebook’s Code and get their hands on “access tokens” (digital keys that give them full access to compromised accounts) Then, they stole highly sensitive data like locations, contact details, relationship status, recent searches and devices used to log in. 

When? It occurred between July 2017 and September 2018.

7 – Chegg – 40 million users compromised

What company? Chegg is a platform where you can sell, buy or rent books. Their tutoring service offers  24/7 help with homework.

What happened? According to Chegg’s SEC filing: “An unauthorized party gained access to a Company database that hosts user data for chegg.com and certain of the Company’s family of brands such as EasyBib.”

The hackers had access to names, emails, addresses, usernames, and passwords.

When? It happened between April 2018 and September 2018.

6 – Google+ – around 52.5 million users compromised

What company? Google+ was Google’s social network company.

What happened? A report from the Wall Street Journal about a glitch in google which revealed that personal data from 500.000 users. 

In December, Google suffered another even bigger data breach, 52.5 million users personal data got exposed. They then announced the shutdown of the platform in April 2019. This data breach leaked private information on Google+ profiles, names, employers and job titles, emails, birthdates, and relationship status.

When? The first leak was in 2015 and the second in 2018.

5 – Quora – 100 million users compromised

What company? Quora is an American question-and-answer website.

What happened? A “malicious third party” accessed one of Quora’s systems. It stole data from user accounts linked to Quora: users’ public questions and answers. names, email addresses, encrypted passwords, etc.

When did it happen? It was discovered in November 2018.

4 – MyFitnessPal – 150 million users compromised

What company? MyFitnessPal is an app and website that tracks your diet and exercise, to determine optimal caloric and nutrient intake and for users.

What happened? An “unauthorized party” gained access to data from user accounts. The users of that app saw their usernames, emails, and passwords exposed.

When did it happen? It was found in February 2018.

3 – Exactis – 340 million users compromised

What company? Exactis is an American data broker.

What happened? This breach was found by security expert Vinny Troia. Basically, he discovered a database with pretty much every US citizen in it left exposed on a publicly accessible server. It’s unknown if this vulnerability was exploited by hackers.

This database contained detailed information compiled on millions of people and businesses, including phone numbers, addresses, personal interests and characteristics, and more.

When? Vinny Troia detected the breach in June 2018.

2 – Marriott Starwood hotels – 500 million users compromised

What company? Marriott International is an American multinational hospitality company that manages and franchises hotels and related lodging facilities.

What happened? Hackers accessed the guest reservation database of Marriott’s Starwood hotels, copied and stole all the clients’ information.

They stole phone numbers, email addresses, passport numbers, reservation dates, and some payment card numbers and expiration dates.

When? It occurred between 2014 and September 2018.

1- Aadhar – 1.1 billion users compromised

What company? India’s government ID database, which stores citizens’ identity and biometric info, experienced “a data leak on a system run by a state-owned utility company Indane.”

Indane hadn’t secured their API, that is used to access the database, which gave anyone access to Aadhar’s information.

Private information on India’s residents, including names, ID numbers, and bank accounts, was leaked.

When? The agency identified the breach in March 2018.