Monday, September 11, 2023

Yahoo! 2013: The biggest data breach on record

By Dr. Tim Sandle
DIGITAL JOURNAL
September 8, 2023

Image: © AFP/File Fred TANNEAU

A new study has revealed that Yahoo’s data breach in 2013 had the greatest number of compromised data records, with three billion records compromised. The patch management software company NinjaOne has analysed the data breaches with the greatest number of records compromised to see which companies have had the largest data breaches and provided the assessment to Digital Journal. The outcome is:

Yahoo (2013) – 3 billion records

The 2013 attack on Yahoo is the largest known data breach in history, with all three billion Yahoo user accounts at the time being compromised. Originally, it was reported that only one billion user accounts were compromised, but this figure was later revised to three billion. The attack resulted in data such as email addresses, passwords, dates of birth, and telephone numbers being stolen.

First American Corporation (2019) – 885 million records

Financial services provider First American Corporation has the second largest known data breach in history, with 885 million records being compromised in 2019. The breach was a result of poor security practices on their servers, with sensitive information being accessible to external users. This information included bank account details, Social Security digits, wire transactions, as well as other mortgage paperwork.

Facebook (2019) – 540 million records


The third largest known data breach belongs to social media giant Facebook, with 540 million records compromised in 2019. Third-party app developers posted the records on a public Amazon cloud server with the compromised records including information such as account names, IDs, and information about reactions and comments on posts.

Marriott International (2018) – 500 million records

Hotel chain Marriott International has the tied fourth largest known data breach, with 500 million records compromised in a 2018 attack. Hackers suspected of working on behalf of the Chinese government were behind the attack on Marriott’s reservation database. The information that was compromised included unencrypted passport numbers and encrypted credit card numbers stored on the same server as their encryption keys.

Yahoo (2014) – 500 million records


The second time Yahoo has featured on this list, the 2014 attack was the tied fourth largest known data breach, with 500 million records compromised. The attack resulted in information such as names, email addresses, telephone numbers, dates of birth, and answers to security questions being stolen.

Friend Finder Networks (2016) – 412 million records

Online dating and adult entertainment company, Friend Finder Networks, has the sixth largest known data breach, with 412 million records compromised in a 2016 attack. The largest share of the compromised accounts belonged to the AdultFriendFinder website, with stolen information including email addresses and passwords. This information was stored either as plain text or encrypted using obsolete and insecure methods.

The top 20 are:

Rank Entity    Year of data breach   
 Number of compromised records

1 Yahoo 2013 3,000,000,000
2 First American Corporation 2019 885,000,000
3 Facebook 2019 540,000,000
=4 Marriott International 2018 500,000,000
=4 Yahoo 2014 500,000,000
6 Friend Finder Networks 2016 412,214,295
7 Exactis 2018 340,000,000
8 Airtel 2019 320,000,000
9 Truecaller 2019 299,055,000
10 MongoDB 2019 275,000,000
11 Wattpad 2020 270,000,000
12 Facebook 2019 267,000,000
13 Microsoft 2019 250,000,000
14 MongoDB 2019 202,000,000
15 Unknown 2020 201,000,000
=16 Instagram 2020 200,000,000
=16 Unknown agency (believed to be tied to the United States Census Bureau) 2020 200,000,000
18 Zynga 2019 173,000,000
19 Equifax 2017 163,119,000
20 Dubsmash 2018 162,000,000

INFOGRAPHIC VERSION

Other notable entrants on the list, making up the top ten are:

Exactis (2018) – 340 million records

Marketing and data aggregation company Exactis has the seventh largest known data breach, with 340 million records compromised in 2018. The firm posted the data on a publicly accessible server and included detailed personal information on millions of people. This featured information such as phone numbers, home addresses, and email addresses among others for each name.

Airtel (2019) – 320 million records

Indian telecom giant Airtel has the eighth largest known data breach, with 320 million records being compromised in 2019. A security flaw in Airtel’s mobile app caused the breach, with information such as names, email addresses, dates of birth, and addresses being at risk.

Truecaller (2019) – 299 million records


Caller ID and call-blocking app Truecaller has the ninth largest known data breach, with 299 million records being compromised in 2019. The leaked information included data such as phone numbers, email addresses, and other personal information.

MongoDB (2019) – 275 million records


Tech company MongoDB has the tenth largest known data breach, with 275 million records being compromised. Information such as dates of birth, email addresses, phone numbers, employment details, as well as other personal information, was posted on a publicly accessible server in the 2019 breach.

No comments: