Top 7 Biggest Data Breaches of the 21st Century

1. Adobe (2013)

Date: October 2013
Leaked: 153 million user records

The breach eventually affected 153 million users, making it one of the largest in history at that time.

2. Canva (2019)

Date: May 2019
Leaked: 137 million user accounts

Details: The Australian graphic design platform Canva suffered a major breach that exposed:

• Email addresses
• Usernames
• Names
• Cities of residence
• 61 million bcrypt hashed passwords
• OAuth login tokens

3. eBay (2014)

Date: May 2014
Leaked: 145 million users

Details: The attack compromised eBay’s entire user database, exposing:

• Names
• Addresses
• Dates of birth
• Encrypted passwords

4. Equifax (2017)

Date: July 29, 2017
Leaked: 147.9 million customer data

Equifax was found guilty of a number of security and response violations. Chief among them was that an application vulnerability that allowed attackers to gain access was not fixed. Inadequate segmentation of the system made it easier for attackers to navigate the structure of the system.

5. Dubsmash (2018)

Date: December 2018
Leaked: 162 million user accounts

Details: In December 2018, New York-based Dubsmash video messaging service lost 162 million email addresses, usernames, PBKDF2 password hashes and other personal information such as stolen birth dates.

The stolen information was put up for sale on the Dark Web Dream Market in December of the following year. The information was sold as part of a collected dump, including the likes of MyFitnessPal, MyHeritage (92 million), ShareThis, Armor Games and the dating app CoffeeMeetsBagel.

6. LinkedIn (2012 and 2016)

Date: 2012 and 2016
Leaked: 165 million user accounts

In 2012, the company announced that 6.5 million unlinked passwords (unsalted SHA-1 hashes) had been stolen by attackers and posted on a Russian hacker forum. However, it was only in 2016 that the full scale of the incident was revealed. The same hacker selling MySpace data was found to offer email addresses and passwords to about 165 million LinkedIn users for just 5 bitcoins (about $ 2,000 at the time). LinkedIn acknowledged that it became aware of the hack and said it had reset the passwords of the affected accounts.

7. Yahoo (2013-14)

Date: 2013-14
Leaked: 3 Billion User Accounts

Then, in December 2016, Yahoo exposed another breach in 2013 by another attacker that compromised names, dates of birth, email addresses and passwords, as well as security questions and answers from 1 billion user accounts. Yahoo revised this estimate in October 2017 to include all 3 billion user accounts .

The initial announcement of the hack was unfortunate as Yahoo was in the process of acquiring Verizon, which ultimately paid $ 4.48 billion for Yahoo’s main internet business. These violations are estimated to have lowered the company’s value by $ 350 million.