• Yahoo – 3 Billion Accounts in 2013
Many years after the fact, the website admitted that ALL 3 billion accounts had usernames, passwords, phone numbers, and birth dates exposed in a company-wide security breach in 2013. They also gained access to security questions and answers as well as backup emails to recover/reset passwords. The breach was ultimately credited to overall weak encryption and poor security practices. The company, now owned by telecom giant, Verizon, has now adopted new security standards to better protect their consumer data.
• Mariott/Starwood – 500 Million Guests in 2018
It was discovered in late 2018 that over 500 million guests had their personal information compromised over a long term attack stretching all the way back to 2014. Guests names, email and physical addresses, phone numbers, passport numbers, account info, birth dates, gender, travel info, accommodation info, and hashed credit card data was all exposed. It was originally identified as “unauthorized access” to servers. However, it is now believed to have been carried out by the Chinese government for political purposes
• Equifax – 145.5 Million in 2017
In mid-2017, credit reporting and financial services company, Equifax, announced that 145.5 Million of its customers had their names, social security numbers, birthdates, and other PII (Personally Identifiable Information) exposed to hackers. Hackers were able to gain access to the company’s databases through exploiting a vulnerability in their website application.
• Uber – 57 Million Users/Drivers in 2016
Ridesharing platform, Uber, experienced a breach in 2016 that exposed the personal information of 57 million users, including the driver’s license numbers of 500,000. Instead of notifying the public of the breach, the company quietly paid the hacker $100,000 through its bug bounty program – which rewards hackers for identifying and disclosing bugs and security vulnerabilities. The employees who authorized the payment have since been fired. Uber underwent a $148 Million USD settlement in late 2018 for the breach.
• Facebook – 87 million users in 2016
Facebook announced in 2018 that it suffered a security breach in 2016 that exposed the personal data of over 87 million of its users. Cambridge Analytica was the culprit – and the attack was carried out to learn and potentially influence users decisions in the 2016 United States presidential election. The company has since put a larger emphasis on security.