{"id":510,"date":"2017-09-07T23:24:38","date_gmt":"2017-09-07T23:24:38","guid":{"rendered":"http:\/\/people.utm.my\/nurazean\/?p=510"},"modified":"2017-09-07T23:27:27","modified_gmt":"2017-09-07T23:27:27","slug":"the-16-biggest-data-breaches-of-the-21st-century","status":"publish","type":"post","link":"https:\/\/people.utm.my\/nurazean\/2017\/09\/07\/the-16-biggest-data-breaches-of-the-21st-century\/","title":{"rendered":"THE 16 BIGGEST DATA BREACHES OF THE 21ST CENTURY"},"content":{"rendered":"<p class=\"name\"><a title=\"Taylor Armerding\" href=\"http:\/\/www.itnews.com\/author\/Taylor-Armerding\/\" rel=\"author\"><img decoding=\"async\" class=\"bylineImage  imgId100261203 \" src=\"https:\/\/images.techhive.com\/images\/article\/2014\/04\/taylor-armerding-headshot_150x150-100258256-byline-100261203-byline.jpg\" alt=\"Taylor Armerding\" width=\"34\" \/><\/a><span class=\"by\">By\u00a0<\/span><span class=\"fn\"><a href=\"http:\/\/www.itnews.com\/author\/Taylor-Armerding\/\" rel=\"author\">Taylor Armerding<\/a><\/span><\/p>\n<p class=\"dateline\"><span class=\"publisher\"><a href=\"http:\/\/www.csoonline.com\/\" target=\"new\" rel=\"nofollow\">CSO<\/a><\/span>\u00a0<span class=\"divider\">|<\/span>\u00a0<span class=\"pub-date\">SEP 7, 2017 2:56 PM PT<\/span><\/p>\n<h1><\/h1>\n<h1>Security practitioners weigh in on the 16 worst data breaches in recent memory.<\/h1>\n<p>&nbsp;<\/p>\n<p>Data breaches happen daily, in too many places at once to keep count. But what constitutes a huge breach versus a small one? CSO compiled a list of 16 of the biggest or most significant breaches of the 21<sup>st<\/sup>\u00a0century.<\/p>\n<p>This list is based not necessarily on the number of records compromised, but on how much risk or damage the breach caused for companies, insurers and users or account holders. In some cases, passwords and other information were well protected by encryption, so a password reset eliminated the bulk of the risk.<\/p>\n<div class=\"apart ad lazyload_ad_article\"><\/div>\n<div class=\"tocWrapper scaleArticleToc some-toc\">\n<ul class=\"articleToc\">\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-1\">1. Yahoo<\/a><\/li>\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-2\">2. Adult Friend Finder\u00a0<\/a><\/li>\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-3\">3. eBay<\/a><\/li>\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-4\">4. Equifax<\/a><\/li>\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-5\">5. Heartland Payment Systems\u00a0<\/a><\/li>\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-6\">6. Target Stores\u00a0<\/a><\/li>\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-7\">7. TJX Companies, Inc.<\/a><\/li>\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-8\">8. JP Morgan Chase\u00a0<\/a><\/li>\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-9\">9. US Office of Personnel Management (OPM)\u00a0<\/a><\/li>\n<li><a class=\"trackLink\" href=\"http:\/\/www.itnews.com\/article\/2130877\/data-breach\/the-16-biggest-data-breaches-of-the-21st-century.html#toc-10\">10. Sony&#8217;s PlayStation Network\u00a0<\/a><\/li>\n<\/ul>\n<\/div>\n<h2 id=\"toc-1\" class=\"toc\">1. Yahoo<\/h2>\n<p><strong>Date:<\/strong>\u00a02013-14<br \/>\n<strong>Impact:<\/strong>\u00a01.5 billion user accounts<br \/>\n<strong>Details:<\/strong>\u00a0In September 2016, the once dominant Internet giant, while in negotiations to sell itself to Verizon, announced it had been the victim of the biggest data breach in history, likely by \u201ca state-sponsored actor,\u201d in 2014. The attack compromised the real names, email addresses, dates of birth and telephone numbers of 500 million users. The company said the &#8220;vast majority&#8221; of the passwords involved had been hashed using the robust bcrypt algorithm.<\/p>\n<aside id=\"fsb-2252\" class=\"fakesidebar fakesidebar-auto\"><a href=\"http:\/\/www.gamestar.com\/newsletters\/signup.html\">Our new gaming site is live! Gamestar covers games, gaming gadgets and gear. Subscribe to our newsletter and we\u2019ll email our best stuff right to your inbox. Learn more here.<\/a><\/aside>\n<p>A couple of months later, in December, it buried that earlier record with the disclosure that a breach in 2013, by a different group of hackers had compromised 1 billion accounts. Besides names, dates of birth, email addresses and passwords that were not as well protected as those involved in 2014, security questions and answers were also compromised.<\/p>\n<aside class=\"nativo-promo smartphone\"><\/aside>\n<p>The breaches knocked an estimated $350 million off Yahoo\u2019s sale price. Verizon eventually paid $4.48 billion for Yahoo\u2019s core Internet business. The agreement called for the two companies to share regulatory and legal liabilities from the breaches. The sale did not include a reported investment in Alibaba Group Holding of $41.3 billion and an ownership interest in Yahoo Japan of $9.3 billion.<\/p>\n<p>Yahoo, founded in 1994, had once been valued at $100 billion. After the sale, the company changed its name to Altaba, Inc.<\/p>\n<p><a href=\"http:\/\/www.csoonline.com\/article\/3176181\/security\/yahoo-execs-botched-its-response-to-2014-breach-investigation-finds.html\">Read more about the Yahoo data breach&#8230;<\/a><\/p>\n<h2 id=\"toc-2\" class=\"toc\"><strong>2. Adult Friend Finder<\/strong><\/h2>\n<p><strong>Date:<\/strong>\u00a0October 2016<br \/>\n<strong>Impact:<\/strong>\u00a0More than 412.2 million accounts<br \/>\n<strong>Details:<\/strong>\u00a0The FriendFinder Network, which included casual hookup and adult content websites like Adult Friend Finder,\u00a0<a class=\"vglnk\" href=\"http:\/\/penthouse.com\/\" rel=\"nofollow\">Penthouse.com<\/a>,\u00a0Cams.com,\u00a0iCams.com\u00a0and\u00a0Stripshow.com, was breached sometime in mid-October 2016. Hackers collected 20 years of data on six databases that included names, email addresses and passwords.<\/p>\n<div class=\"related-promo-wrapper\">\n<div class=\"promo apart\">\n<div class=\"hed\">More like this<\/div>\n<ul class=\"\">\n<li class=\"clearfix \">\n<div class=\"item\">\n<div class=\"title\"><a href=\"http:\/\/www.itnews.com\/article\/2399262\/data-breach\/data-breach-the-15-worst-data-security-breaches-of-the-21st-century.html\">The 15 worst data security breaches of the 21st century<\/a><\/div>\n<\/div>\n<\/li>\n<li class=\"clearfix with-image\">\n<div class=\"item\">\n<div class=\"title\"><a href=\"http:\/\/www.itnews.com\/article\/3223229\/security\/equifax-says-website-vulnerability-exposed-143-million-us-consumers.html\">Equifax says website vulnerability exposed 143 million US consumers<\/a><\/div>\n<\/div>\n<\/li>\n<li class=\"clearfix with-image\">\n<div class=\"item\">\n<div class=\"title\"><a href=\"http:\/\/www.itnews.com\/article\/3220449\/cyber-attacks-espionage\/credit-card-fraud-what-you-need-to-know-now.html\">Credit card fraud: What you need to know now<\/a><\/div>\n<\/div>\n<\/li>\n<li class=\"clearfix \">\n<div class=\"item\">\n<div class=\"item-eyebrow\">DEALPOSTS<\/div>\n<div class=\"title\"><a href=\"http:\/\/www.itnews.com\/article\/3222828\/home-tech\/52-off-299-piece-all-purpose-first-aid-kit-deal-alert.html\">52% off 299-Piece All-Purpose First Aid Kit &#8211; Deal Alert<\/a><\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<aside class=\"nativo-promo tablet desktop\"><\/aside>\n<p>Most of the passwords were protected only by the weak SHA-1 hashing algorithm, which meant that 99 percent of them had been cracked by the time\u00a0LeakedSource.com\u00a0published its analysis of the entire data set on November 14.<\/p>\n<p>CSO Online\u2019s\u00a0<a href=\"http:\/\/www.csoonline.com\/article\/3132533\/security\/researcher-says-adult-friend-finder-vulnerable-to-file-inclusion-vulnerabilities.html\" target=\"_blank\" rel=\"noopener\">Steve Ragan reported<\/a>\u00a0at the time that, \u201ca researcher who goes by 1&#215;0123 on Twitter and by Revolver in other circles posted screenshots taken on Adult Friend Finder (that) show a Local File Inclusion vulnerability (LFI) being triggered.\u201d He said the vulnerability, discovered in a module on the production servers used by Adult Friend Finder, \u201cwas being exploited.\u201d<\/p>\n<p>AFF Vice President Diana Ballou issued a statement saying, \u201cWe did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.\u201d<\/p>\n<p><a href=\"http:\/\/www.csoonline.com\/article\/2925833\/data-breach\/adult-friend-finder-confirms-data-breach-3-5-million-records-exposed.html\">Read more about the Adult Friend Finder data breach&#8230;<\/a><\/p>\n<div class=\"apart ad lazyload_ad_article\"><\/div>\n<h2 id=\"toc-3\" class=\"toc\">3. eBay<\/h2>\n<p><strong>Date:<\/strong>\u00a0May 2014<br \/>\n<strong>Impact:<\/strong>\u00a0145 million users compromised<br \/>\n<strong>Details:<\/strong>\u00a0The online auction giant reported a cyberattack in May 2014 that it said exposed\u00a0names, addresses, dates of birth and encrypted passwords of all of its 145 million users. The company said hackers got into the company network using the credentials of three corporate employees, and had complete inside access for 229 days, during which time they were able to make their way to the user database.<\/p>\n<p>It asked its customers to change their passwords, but said financial information, such as credit card numbers,\u00a0was stored separately and was not compromised. The company was criticized at the time for a lack of communication informing its users and poor implementation of the password-renewal process.<\/p>\n<p>CEO John Donahue said the breach resulted in a decline in user activity, but had little impact on the bottom line \u2013 its Q2 revenue was up 13 percent and earnings up 6 percent, in line with analyst expectations.<\/p>\n<p><a href=\"http:\/\/www.csoonline.com\/article\/2157782\/security-awareness\/raising-awareness-quickly-the-ebay-database-compromise.html\">Read more about the eBay data breach&#8230;<\/a><\/p>\n<h2 id=\"toc-4\" class=\"toc\">4. Equifax<\/h2>\n<p><strong>Date:<\/strong>\u00a0July 29 2017<\/p>\n<div class=\"apart ad lazyload_ad_article\"><\/div>\n<p><strong>Impact:<\/strong>\u00a0Personal information (including\u00a0Social Security Numbers, birth dates, addresses, and in some cases drivers&#8217; license numbers) of\u00a0143 million consumers;\u00a0209,000 consumers also had their credit card data exposed.<\/p>\n<p><strong>Details:\u00a0<\/strong>Equifax, one of the largest credit bureaus in the U.S., said on Sept. 7, 2017 that an application vulnerability on one of their websites led to a data breach that exposed about 143 million consumers.\u00a0The breach was discovered on July 29, but the company says that it likely started in mid-May.<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/3223229\/security\/equifax-says-website-vulnerability-exposed-143-million-us-consumers.html\">Read more about the Equifax breach&#8230;<\/a><\/p>\n<h2 id=\"toc-5\" class=\"toc\">5. Heartland Payment Systems<\/h2>\n<p><strong>Date:<\/strong>\u00a0March 2008<br \/>\n<strong>Impact:<\/strong>\u00a0134 million credit cards exposed through SQL injection to install spyware on Heartland&#8217;s data systems.<br \/>\n<strong>Details:<\/strong>\u00a0At the time of the breach, Heartland was processing 100 million payment card transactions per month for 175,000 merchants \u2013 most small- to mid-sized retailers. It wasn\u2019t discovered until January 2009, when Visa and MasterCard notified Heartland of suspicious transactions from accounts it had processed.<\/p>\n<p>Among the consequences were that Heartland was deemed out of compliance with the Payment Card Industry Data Security Standard (PCI DSS) and was not allowed to process the payments of major credit card providers until May 2009. The company also paid out an estimated $145 million in compensation for fraudulent payments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By\u00a0Taylor Armerding CSO\u00a0|\u00a0SEP 7, 2017 2:56 PM PT Security practitioners weigh in on the 16 worst data breaches in recent memory. &nbsp; Data breaches happen daily, in too many places at once to keep count. But what constitutes a huge breach versus a small one? CSO compiled a list of 16 of the biggest or [&hellip;]<\/p>\n","protected":false},"author":66,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-510","post","type-post","status-publish","format-standard","hentry","category-it-news","entry"],"_links":{"self":[{"href":"https:\/\/people.utm.my\/nurazean\/wp-json\/wp\/v2\/posts\/510","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/people.utm.my\/nurazean\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/people.utm.my\/nurazean\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/people.utm.my\/nurazean\/wp-json\/wp\/v2\/users\/66"}],"replies":[{"embeddable":true,"href":"https:\/\/people.utm.my\/nurazean\/wp-json\/wp\/v2\/comments?post=510"}],"version-history":[{"count":0,"href":"https:\/\/people.utm.my\/nurazean\/wp-json\/wp\/v2\/posts\/510\/revisions"}],"wp:attachment":[{"href":"https:\/\/people.utm.my\/nurazean\/wp-json\/wp\/v2\/media?parent=510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/people.utm.my\/nurazean\/wp-json\/wp\/v2\/categories?post=510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/people.utm.my\/nurazean\/wp-json\/wp\/v2\/tags?post=510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}