One of our favorite topics to discuss with clients is security. Although each organization varies in size and revenue, we all have steps we can take to improve our overall cybersecurity. And some businesses are definitely more prepared than others. In this article, we’ll walk you through the six largest data breaches in history and discuss how they happened in the first place. Then, we’ll show you how you can avoid a similar outcome by improving your cybersecurity.
1. Yahoo Data Breach (2013)
In August of 2013, Yahoo experienced the largest data breach in history. And even though all 3 billion of Yahoo’s user accounts were affected, it took Yahoo 3 years to discover and disclose the breach.
Andrew Komarov, chief intelligence officer of the cybersecurity firm InfoArmor, was helping Yahoo in response to another attack in 2016. In trying to track down stolen data, he discovered evidence of the 2013 breach when he noticed a dark web seller offering close to $300,000 for a list of more than one billion Yahoo accounts in August 2015.
Yahoo notified its accounts of the breach in December of 2016, requiring password resets and renewed security questions. News of the breach lowered Yahoo’s value by $350 million and dropped its stock price by 3%.
How it Happened
It’s not clear exactly who retrieved the data from Yahoo, but many suspect the same aggressors who targeted Yahoo in 2014. The only information released by Yahoo is that the breach was conducted by an “unauthorized third party.”
What it Means for You
Although the breach itself was massive, the cover up seemed to have greater long-term consequences for Yahoo as a company. Yahoo ran into trouble with various regulators and civil litigants because it failed to disclose the breach in a timely manner. Many of Yahoo’s post-breach injuries could have been largely avoided had it investigated and disclosed the breach sooner.
2. First American Financial Corporation Data Breach (2019)
- Bank account numbers
- Bank statements
- Mortgage and tax records
- Social security numbers
- Wire transaction receipts
- Drivers license images
How it Happened
This data leak was unique in that there weren’t clear details as to exactly how it started. There wasn’t an obvious breach of the company’s servers, making it different from most other cybersecurity issues.
Instead, First American experienced a common web design error called Insecure Direct Object Reference (IDOR). Basically, a web page with sensitive information is created with the intent that it will only be viewed by a specific party. However, there’s no way to verify the identity of the person viewing the link. Essentially, anyone who types the link directly into a browser can view it.
Once a single link is discovered, cyber criminals can utilize Advanced Persistent Bots (APBs) to collect and index the remaining documents. Even if the information was left largely undetected, some of it was still recognized by search engines, making it even more widely available.
What it Means for You
Cases like this show that organizations can’t rely on unique URLs to safeguard sensitive information. Instead, documents should be password protected and require multi-factor authentication. That way, only the intended recipients have access, not everyone with an Internet account.
3. Facebook Data Breach (2019)
Facebook has experienced a number of privacy issues in the last few years. Last year, Facebook disclosed that millions of Instagram passwords had been stored online in plain text. Since then, other issues continued to arise, like a technical flaw that allowed children to chat with strangers online, unbeknownst to their parents.
Then, in September 2019, news emerged of a data leak that exposed the phone numbers linked to over 400 million Facebook accounts. A TechCrunch investigation found that the affected databases also contained users’ names, genders, and locations.
How it Happened
The databases in question were found to be unprotected by passwords or encryption. That meant that anyone searching the web could have found and accessed this information.
The databases included records across multiple geographic locations, including 133 million records on Facebook users in the United States, 18 million records on users in the U.K., and more than 50 million records on users in Vietnam.
What it Means for You
Although Facebook announced in 2018 that it was making changes to “better protected people’s information” (Forbes), there was still sensitive data that fell through the cracks. This data breach shows that even with today’s sophisticated security tools, organizations must remain vigilant when it comes to protecting user data.
Jake Moore, a cybersecurity specialist at ESET, said regarding the incident: “it seems crazy that personal data of this magnitude could be on a server unprotected in 2019, but this just highlights how data gets forgotten about and mistakes can happen.”
4. Marriott International Data Breach (2018)
On September 8, 2018, a security tool flagged a suspicious attempt to access a guest reservation database for Marriott’s Starwood brands. Through the investigation that followed, it was discovered that the Starwood network had been compromised in 2014—back when it was a separate company from Marriott.
When Marriott purchased Starwood in 2016, they failed to integrate the new company with their reservation system. By 2018, Starwood was still using it’s previous IT infrastructure.
As a result of the attack, up to 500 million guest records were encrypted and removed from the Starwood systems. Once they realized the severity of the breach, Marriott released a statement, outlining the details of the breach, on November 30, 2018.
How it Happened
When the breach was first discovered, investigators found suspicious activity that indicated someone had taken control of an administrator account. Through a series of tools—including a Remote Access Trojan (RAT) and MimiKatz—a group of attackers were able to test a series of username/password combinations and gain access to the account.
It’s not clear how these tools were placed onto the Starwood server, but it’s possible that they were downloaded from a phishing email.
However, the most disturbing fact is not simply that the hackers were able to access the account, but rather that the breach went undetected for almost four years. Starwood didn’t have a greater reputation for security in the first place, and by not updating its IT system, Marriott experienced the same shortfalls.
What it Means for You
As illustrated by this security breach, not every organization can avoid a cyber attack. Despite having their information password-protected, Starwood was still hacked through Trojan software.
However, even companies who experience theft can recover if they have the appropriate procedures in place. The more quickly an organization recognizes and responds to an attack, the easier it is to mitigate potential losses. But when an attack goes unnoticed for years at a time, it’s just leaving the door open for criminals to do as much damage as possible.
5. Yahoo Data Breach (2014)
As if Yahoo didn’t have enough on their plate with their 2013 data breach, another round of targeted attacks hit Yahoo the following year. Yahoo claims the two events were separate incidents, but it’s possible that the same aggressor was responsible for both attacks.
Although the 2014 attack took place on a much smaller scale than the breach in 2013, it still affected millions of users. More than 150,000 United States government and military accounts were included among the victims of the data breach.
How it Happened
In 2014, a spear phishing email was sent to a Yahoo company employee. The email gave network access to Aleksey Belan, a Latvian hacker hired by Russian agents. Through the phishing email, he was able to access Yahoo’s user database and their Account Management Tool, used to edit the database.
To ensure he wouldn’t lose access, Belan installed a backdoor on a Yahoo server. He then stole a backup copy of Yahoo’s user database and saved it to his own computer. The database included general information, like names and phone numbers, but it also provided password recovery emails and a unique cryptographic value associated with each account.
The hackers were able to use these recovery email addresses to identify targets and access their email accounts through access cookies. Of the 500 million accounts the hackers had access to, they were able to generate cookies for over 6,000, including significant members of the Russian government.
What it Means for You
It’s possible that phishing email used to lure Yahoo was sent to thousands of employees. But all it took was one click for Belan to access 500 million accounts and steal important user information.
Employees can’t forget the level of risk involved in even a single phishing email. Training employees and establishing strong security policies is critical in avoiding massive data breaches like this one.
6. FriendFinder Networks Data Breach (2016)
Finally, in October of 2016, FriendFinder Networks Inc. experienced another of the largest data breaches in history. The six compromised databases exposed over 400 million accounts, with the majority of them coming from AdultFriendFinder.com.
On October 18, 2016, a researcher tweeted about vulnerabilities he had discovered on the AdultFriendFinder website. He also posted screenshots as proof.
Two days later, Salted Hash was the first to report that FriendFinder Networks had been compromised.
This data breach marked the second time that FriendFinder accounts had been compromised, the first time being in May of 2015.
How it Happened
Each database involved in the breach contained usernames, passwords, and email addresses stored in plain text. Like the Facebook data breach that happened last year, leaving this information unsecured made it easy for anyone to access it, just by searching online.
What it Means for You
Just as with Facebook and FriendFinder, organizations need to be extra cautious about how they store their data. No form of protection is foolproof, but by doing nothing, you leave the door open for all kinds of attacks.
Instead, learn how to store data securely. Protect databases with strong passwords and multi-factor authentication. Encrypt sensitive information so that even if a hacker gains access to a database, the information is still protected.
Learn from the Past, or History will Repeat Itself.
Although these examples represent the largest data breaches in history, they aren’t isolated events. Over the past 10 years, organizations have experienced over 300 data breaches that involved the theft of 100,000 or more records (Forbes).
And many of these cyber attacks stem from the same issues. In the examples we shared above, there was a common theme of organizations failing to properly secure their data. Everyone runs the risk of suffering a cyber attack, but you multiply your chances when you fail to maintain a high level of security.
Here at CR-T, we take pride in providing enterprise-level IT services at prices that work for small businesses. Our team of experts can become your IT support department, responding to issues quickly, often before you even know about them. Covering everything from your servers and network infrastructure to your computers, workstations and mobile devices, we provide end-to-end solutions for all your technology needs.
Time and experience have helped us develop best practices and workflow procedures designed to keep your focus on your business, not your technology.
Blog & Media
Cloud Services
Managed IT Support
Cyber Security
Project Services
Servers/Infrastructure
Firewalls
Networking
Hardware/Software
Microsoft Products/Cloud
Amazon Web Services
Penetration Testing vs Vulnerability Scanning
If you’re responsible for managing the security of your organization’s network or systems, you may have heard the terms “penetration testing” and “vulnerability testing” thrown
Backup and Disaster Recovery
Your organization can’t afford to neglect backup and disaster recovery. If it takes your business too long to get back online after a disaster, you
6 Steps to Secure Customer Data
Securing customer data is essential for one major reason: your business depends on it. As an IT director, you recognize the importance of cybersecurity when
5 Steps to Promote Compliance in the Workplace
You’re familiar with the ever-changing world of regulatory compliance. Robust compliance enables you to avoid legal liabilities while improving your organization’s effectiveness. And many of
