top of page

Why is Data Loss Insurance important and what steps should be taken to safeguard Data Loss?


Data loss is one such area of concern for the organizations across the globe. Data is considered as the backbone of any business entity and millions of dollars are being spent to safeguard the same data to protect business and personal interests which are crucial to the survival of entities.


About 3.5 billion people saw their personal data stolen in the top two of 15 biggest breaches of this century alone. The smallest incident on this list involved the data of a mere 134 million people. Twitter, for example, left the passwords of its 330 million users unmasked in a log, but there was no evidence of any misuse. So, Twitter did not make this list.


Without further ado, here, listed in alphabetical order, are the 15 biggest data breaches in recent history, including who was affected, who was responsible, and how the companies responded.


Biggest data breaches which have shook the world:


1. Adobe

2. Adult Friend Finder

3. Canva

4. Dubsmash

5. eBay

6. Equifax

7. Heartland Payment Systems

8. LinkedIn

9. Marriott International

10. My Fitness Pal

11. MySpace

12. NetEase

13. Sina Weibo

14. Yahoo

15. Zynga


Below we give you the case studies of few of the most renowned brands where massive data breaches have happened.


Adobe


Impacted 153 million user records in early October of 2013 by security blogger Brian Krebs, Adobe originally reported that hackers had stolen nearly 3 million encrypted customer credit card records, plus login data for an undetermined number of user accounts.


Later that month, Adobe raised that estimate to include IDs and encrypted passwords for 38 million “active users.” Krebs reported that a file posted just days earlier “appears to include more than 150 million username and hashed password pairs taken from Adobe.” Weeks of research showed that the hack had also exposed customer names, IDs, passwords and debit and credit card information.


An agreement in August 2015 called for Adobe to pay a $1.1 million in legal fees and an undisclosed amount to users to settle claims of violating the Customer Records Act and unfair business practices. In November 2016, the amount paid to customers was reported at $1 million.


Adult Friend Finder


In October 2016, 412.2 million accounts were hacked. This breach was particularly sensitive for account holders because of the services the site offered. The Friend Finder Network, which included casual hookup and adult content websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com and Stripshow.com, was breached in mid-October 2016. The stolen data spanned 20 years on six databases and included names, email addresses and passwords.


The weak SHA-1 hashing algorithm protected most of those passwords. An estimated 99% of them had been cracked by the time LeakedSource.com published its analysis of the data set on November 14, 2016.


“A researcher who goes by 1x0123 on Twitter and by Revolver in other circles posted screenshots taken on Adult Friend Finder (that) show a Local File Inclusion vulnerability (LFI) being triggered.” He said the vulnerability, discovered in a module on the production servers used by Adult Friend Finder, “was being exploited.”


Canva

In May 2019 Australian graphic design tool website Canva suffered an attack that exposed email addresses, usernames, names, cities of residence, and salted and hashed with bcrypt passwords (for users not using social logins — around 61 million) of 137 million users. Canva says the hackers managed to view, but not steal, files with partial credit card and payment data.


The suspected culprit(s) — known as Gnosticplayers — contacted ZDNet to boast about the incident, saying that Canva had detected their attack and closed their data breach server. The attacker also claimed to have gained QAuth login tokens for users who signed in via Google.


The company confirmed the incident and subsequently notified users, prompted them to change passwords, and reset OAuth tokens. However, according to a later post by Canva, a list of approximately 4 million Canva accounts containing stolen user passwords was later decrypted and shared online, leading the company to invalidate unchanged passwords and notify users with unencrypted passwords in the list.


eBay


eBay reported that an attack exposed its entire list of 145 million users in May 2014, including names, addresses, dates of birth and encrypted passwords. The online auction giant said hackers used the credentials of three corporate employees to access its network and had complete access for 229 days—more than enough time to compromise the user database.

The company asked customers to change their passwords. Financial information, such as credit card numbers, was stored separately and was not compromised. The company was criticized at the time for a lack of communication with its users and poor implementation of the password-renewal process.


LinkedIn


As the major social network for business professionals, LinkedIn has become an attractive proposition for attackers looking to conduct social engineering attacks. However, it has also fallen victim to leaking user data in the past.

In 2012 the company announced that 6.5 million unassociated passwords (unsalted SHA-1 hashes) were stolen by attackers and posted onto a Russian hacker forum. However, it wasn’t until 2016 that the full extent of the incident was revealed. The same hacker selling MySpace’s data was found to be offering the email addresses and passwords of around 165 million LinkedIn users for just 5 bitcoins (around $2,000 at the time). LinkedIn acknowledged that it had been made aware of the breach, and said it had reset the passwords of affected accounts.


Marriott International


Marriott International announced in November 2018 that attackers had stolen on approximately 500 million customers. The breach initially occurred on systems supporting Starwood hotel brands starting in 2014. The attackers remained in the system after Marriott acquired Starwood in 2016 and were not discovered until September 2018.