Although it had long stopped being a powerhouse that it was once, the social media site MySpace hit 360 million user accounts in 2016 after leaking on leaksource.com and kept for sale on the dark web market.
As CompanyLost data included email addresses, passwords and user names for a part of accounts created before June 11, 2013 on the old MySpace Platform. For the safety of our users, we have invalidated all user passwords for the affected accounts created before June 11, 2013.
It is believed that the password was stored as the Sha-1 hash of the first 10 characters of the password, which were converted into a lowercase.
13. Netz
date: October 2015
Effect: 235 million user accounts
A provider of Melbox services, allegedly faced a violation in October 2015, when the email addresses related to 235 million accounts and plaintext passwords were being sold by Doubleflag, a provider of mailbox services through the choice of Netease, 163.com and 126.com. Netease has said that no data was breeted and on it Day hib states: “While there is evidence that the data itself is valid (many HIBP customers have confirmed a password that they use), it has been marked as” rejected “due to the difficulty of clearly verification of Chinese violations.
14. Court Ventures (Experion)
date: October 2013
Effect: 200 million individual records
Experience became a Vietnamese man in 2013 Assistant Court Ventures 2013 Cheated it To provide access to a 200 million individual record database by presenting him as a private investigator from Singapore. The details of the exploits of Hieu Minh NGO came out only after their arrest to sell personal information of American residents (including credit card numbers and social security numbers) in cyber criminals worldwide, which he had been doing since 2007. In March 2014, he convicted several allegations for fraud of identity in the district court of the US for the district of New Humpsshire. The DOJ said at the time that the NGO had earned a total of $ 2 million from selling personal data.
15. LinkedIn
date: June 2012
Effect: 165 million users
Its second appearance in this list is LinkedIn, this time in the context of a violation of it in 2012 that it was announced that 6.5 million unsated passwords (unsalted sha-1 hash) were stolen by the attackers and posted on a Russian hacker forum. However, it was not until 2016 that the entire limit of the incident was revealed. The same hacker selling MySpace’s data was found to offer only 5 bitcoins (at that time about $ 2,000) to offer email addresses and passwords of about 165 million linked users. Linkedin accepted It was made aware of the violation, and said that it rested the passwords of the affected accounts.
16. Dubsmash
date: December 2018
Effect: 162 million user accounts
In December 2018, 162 million email addresses, user names, PBKDF2 password hash, and other personal data such as The Dates of Birth Stunn, which were then placed for sale on the Dream Market Dark Web Market. The information was being sold as part of a collected dump, including MyFitnesspal (more on it), Myheritage (92 million), Sharethis, Armor Games and Dating App Coffemeetsbagel’s choice.
Dubsmash admitted that information was violated and sold and advised around changing passwords. However, it failed to explain how the attackers got or confirmed how many users were affected.
17. Adobe
date: October 2013
Effect: 153 million user records
In early October 2013, Adobe reported Hackers stole approximately three million encrypted customer credit card records and login data for an undesirable number of user accounts. After days, Adobe increased the estimate, including ID and encrypted password 38 million “active users”. Security Blogger Brian Krebs then reported that a file posted a few days ago includes “more than 150 million user names and hashed password pairs taken from Adobe.” The research week revealed that Hack had also highlighted the information of the customer’s name, password and debit and credit card. In August 2015, an agreement called for Adobe to pay $ 1.1 million in legal fees and to pay an unknown amount to users to settle the claims of customer records act and inappropriate business practices. In November 2016, the amount paid to customers was reported $ 1 million.
18. National public figures
date: December 2023
Effect: 270 million people
Background check firm National public data violations highlighted data of hundreds of crores of people through an estimated 2.9 billion records. As a result of the December 2023 hack, the stolen data was for sale on the dark web by the group USDOD hacking in April 2024. Most of the stolen data was leaked and made freely available in a 4TB dump on a cybercrime forum.
After a category of action in August 2024, only public knowledge became, this event, social security number, name, mailing address, email and phone numbers of 270 million people, highlighted most American citizens. Most data, including information related to Canadian and British residents, appears to be chronic or incorrect, but the effect of contact with such personal information is still serious. The estimated 70 million rows of the record cover the US criminal record.
Early violation mechanism is unconfirmed but investigative reporter Brian Krebs Reports Until the beginning of August 2024, NPD property, Recordschec.Net, a plain text collection included the user name and password for the administrator of the site.
One in statementJericho Pictures (which trades as national public data) advised people to closely monitor their financial accounts for unauthorized activity. National public data stated that the law was working with enforcement and government investigators, saying that it is reviewing the potentially affected records to understand the scope of violation. This will “try to inform the affected parties” if there are “further important events”.
Experts recommend consumers to consider freezing credit with three major bureau (Equifax, Experien and Transunion) and use identity stolen safety services as possible precautions.
19. Equifax
date: 2017
Effect: 159 million records
Credit reference agency Equifax faced a data violation in 2017 that affected 147 million US citizens and 15 million Britain. Name, social security numbers, birth dates, addresses along with the driver’s license of over 10 million was exposed when the attackers took advantage of web security vulnerability to break into the system of Equifax. Breach also highlighted credit card data of a small group of 209,000 people.
Between May and July 2017, the attackers broke to hack the Credit Reference Solutions Portal by taking advantage of an unexpected Apache struts between May and July 2017. Patch for exploited vulnerability was available from March 2017 months before the attack. Strits are a popular outline for creating a Java-based web application.
Cyber ​​criminals through their entry points allowed to querry their database before stealing their database, allowing systematically stolen data. US officials accused four nominated members of the Chinese army Masterminding with hack. Chinese officials have denied any participation in the attack.
Equifax faced several cases and government investigations in view of violation. The Credit Reference Agency was left out of an estimated $ 1.7 billion pockets because the impact on its stock price was taken into consideration without breech. Equifax spent an estimated $ 337 million On improving your technology and data security, legal and computer forensic fees and other direct costs alone.
20. EBay
date: 2014
Effect: 145 million records
A violation on the late February 2014 and early March 2014 highlighted the sensitive personal information of the estimated 145 million user accounts. The cyber criminal gained access to the eBay system after compromising a small number of employee login credentials.
Hack allowed access to miscreants to sensitive information including encrypted passwords, email addresses, mailing addresses, phone numbers and birth dates. Financial information, including data on PayPal accounts, was stored on different systems and hence was not influenced by breech. In response to the incident, eBay implemented a forced reset for the user password.
