1️⃣ Yahoo Leak (2013-2014) – 3 Billion Accounts
The data leak of Yahoo which took place in 2013 and 2014 It is one of the largest security breaches in internet history.
🔴 What happened;
- August 2013: Initially, Yahoo revealed in 2016 that 1 billion accounts were affected.
- December 2014: A second attack affected 500 million accounts.
- October 2017: The company's new management (under Verizon) announced that all 3 billion accounts Yahoo's were affected.
📌 What data was exposed?
The hackers gained access to:
✔ Usernames
✔ Email addresses
✔ Dates of birth
✔ SHA-1 hashed passwords (some were easy to crack)
✔ Phone numbers
✔ In some cases, security questions and answers (some were encrypted)
🕵️ Who was responsible?
The US government indicted two Russian FSB agents and two hackers who worked for them in 2017.
💡 Impact and importance
- The leak called into question Yahoo's security practices.
- It reduced the value of Verizon's acquisition of Yahoo by 350 million.
- It showed its importance secure data storage and encryption from large companies.
🔎 Conclusion: This leak is a reminder of the importance of online security and the need for constant vigilance from users and companies.
2️⃣ Facebook (2019) – 533 Million Users
The data leak of Facebook This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. 2019 is one of the most significant security breaches, as it affected 533 million users with a sticker 106 countries.
📌 What happened;
- The data was leaked through a old vulnerability on Facebook, which allowed the user data collection through the "Find My Friends" function.
- Although Facebook claimed that the problem had been fixed in 2019, the data appeared for free on hacking forums in April 2021.
(I.e. What data was exposed?
The leaked details include:
✔ User names
✔ Phone numbers
✔ Email addresses (for some users)
✔ Locations ????
✔ Dates of birth
✔ Biographical information
✔ Details from Facebook ID
❌ They did not leak: Passwords or private messages.
🕵️ How was the data used?
- Spam & Phishing: The hackers used the data to send misleading messages and phishing emails.
- SIM Swapping Attacks: The phone numbers could be used for SIM swapping attacks, where hackers gain control over user accounts.
- Social Engineering: The data was used for deception of users through phone calls, messages and social media.
💡 Impact and importance
- The leakage damaged Facebook's credibility regarding data protection.
- It highlighted the importance of using strong personal security settings.
- Show that even old leaks can reappear and be exploited by hackers.
???? Conclusion: This leak is a reminder that personal data on the internet are never completely safe and that users should take preventive protection measures. 🛡
3️⃣ Equifax (2017) – 147 Million People
Η Equifax data breach 2017 is considered one of the most serious cyberattacks of all time, as it affected 147 million people – almost half of the population of the United States. Hackers managed to gain access to sensitive personal information is covered, such as:
- Names
- Social Security Numbers (SSN)
- Dates of birth
- Addresses
- Credit card numbers (approximately 209.000 people)
- Driving license data
🔴 How did the leak happen?
The breach occurred due to a vulnerability in a web application (Apache Struts), which had not been updated in a timely manner. Cybercriminals exploited this weakness and gained unauthorized access to Equifax’s systems from May to July 2017.
The most worrying thing is that the Equifax did not immediately announce the breach, but waited until September 2017, increasing public and regulatory anger.
💡Consequences & Impacts
- Legal sanctions: Equifax forced to pay 700 million in a settlement with the US government and consumers.
- Loss of trust: The company's credibility suffered a serious blow, affecting its reputation in the credit rating industry.
- Increased identity risk: Leaked personal data put millions of people at risk identity theft and financial fraud.
The Equifax case is a typical example of devastating consequences of a data breach and emphasizes the importance of cybersecurity for companies and consumers.
4️⃣ Marriott International (2014-2018) – 500 Million Customers
Η Marriott International, one of the world's largest hotel chains, suffered one of the largest data breaches in history. The attack affected 500 million customers and revealed sensitive personal information.
📌 What happened?
The breach involved the hotel's booking database. Starwood, a hotel company acquired by Marriott in 2016. However, the attack had already begun the 2014, two years before the acquisition, and remained unnoticed for four years, until it was discovered 2018.
The hackers had access to personal data of millions of visitors who made reservations at Starwood hotels (such as Sheraton, Westin, St. Regis and Le Méridien).
📂 What data was exposed?
- Customer names
- Email addresses
- Phone numbers
- Addresses of residence
- Dates of birth
- Passport data (about 5 million passport numbers in unencrypted form!)
- Credit card details (encrypted, but there was a possibility of decryption)
- Hotel reservation information
It is estimated that of the 500 million customers affected, about 327 million were exposed to highly sensitive information.
💥 How was the attack detected?
Marriott identified the breach in end of 2018, when he noticed unauthorized access in Starwood's reservation database. An internal investigation revealed that the attackers were in the system for years, extracting data without being noticed.
🎭 Who was behind the attack?
Although Marriott did not publicly confirm the perpetrator, reports from US government agencies claim that the attack may be behind a group of hackers linked to the Chinese governmentIt is believed that the attack was aimed at espionage, as passport data is particularly valuable for government purposes.
⚖️ Implications for Marriott
The leak had huge consequences:
- Η Marriott fined $23,8 million from the United Kingdom (GDPR).
- Cope with it class actions from affected customers.
- He lost public trust, as customers were concerned about the security of their data.
- It invested millions of dollars to improve cybersecurity measures.
5️⃣ LinkedIn (2021) – 700 Million Users
The LinkedIn, the popular professional social networking platform, suffered one of the largest data breaches in history in 2021The breach affected 700 million users, that is over 90% of the total users of the platform during that period.
📌 What happened?
In June 2021, a hacker posted on a hacking forum a sample of data 1 million users of LinkedIn, claiming that he had access to data 700 of millions of users.
The hacker who published the data used a technique called "web scraping", where data is collected through automated tools from publicly available user profile information.
📂 What data was exposed?
The leaked data included:
- User names
- Email addresses
- Phone numbers
- Locations (city, country)
- Job details (job title, company, experience, skills, connections)
- Links to social media profiles
- Sex
- Other public profile data
⚠️ No passwords or financial data were leaked., but leaking this information could expose users to phishing attacks, identity spoofing and targeted cyberattacks.
🛠️ How did the leak happen?
The LinkedIn said that there was no hacking into its systems, but that the data was collected through web scraping, i.e. obtaining public information from user profiles.
Although scraping is not considered a traditional cyberattack, the mass collection of data violates the platform's terms of use and can be used for malicious purposes.
🎭 Who was behind the attack?
The identity of the hacker remains unknown. However, the leaked data was sold to hacking forums on the dark web, where cybercriminals could purchase it for use in phishing, identity theft and social engineering attacks.
⚖️ Consequences for LinkedIn
- The leak caused huge concern for the protection of personal data.
- LinkedIn faced negative reputation and criticism of its data security.
- Thousands of users started change their personal data or delete profiles.
- The government authorities investigated the case, as the massive data collection posed legal and ethical issues.
6️⃣ Adobe (2013) – 153 Million Accounts
The 2013The Adobe Systems, one of the world's largest software companies, suffered a massive data leak which affected 153 million user accountsThis attack revealed passwords, emails and other personal data, putting millions of users at risk.
📌 What happened?
In October of 2013, Adobe announced that it had suffered security breach, in which hackers gained access to names, emails, encrypted passwords and credit card details of its users.
Initially, the company stated that the attack affected 3 million accounts, but a few weeks later it became known that the real number was 153 million!
📂 What data was exposed?
- User names
- Email addresses
- Encrypted passwords
- Credit card details (encrypted)
- User IP addresses
- Adobe product details that users were using
⚠️ The biggest issue was that the passwords were encrypted but not hashed, which means they could be decrypted relatively easily.
💥 How did the leak happen?
Η Adobe did not reveal exactly the technique used for the attack, but the hackers appear to have exploited vulnerabilities in the company's servers to gain access to user data.
The most worrying thing was that Adobe was storing the passwords with simple encryption and not with hashing, which made it easier for hackers to decrypt millions of codes.
🎭 Who was behind the attack?
The exact identity of the perpetrators remains unknown. However, the Adobe data leaks appeared later on the internet, on hacking forums and on the dark web, which suggests that the hackers likely sold or distributed the data to third parties.
⚖️ Implications for Adobe
- Adobe forced to notify millions of users to change their passwords.
- Accepted class actions for inadequate data protection.
- He paid a $1 million fine. for data security deficiencies.
- The company's reputation suffered a serious blow, as users began to question the safety of its products.
7️⃣ MySpace (2016) – 360 Million Accounts
The 2016, it was revealed that the MySpace, once the most popular social networking platform, had suffered one of the largest data breaches in history. The attack affected 360 million accounts, with the data ending up for sale in Dark web.
📌 What happened?
The leak was detected on 2016, but the data appears to have been stolen many years ago, most likely the 2013 or even earlier.
A well-known hacker with the pseudonym "Peace", the same one who had leaked data from the LinkedIn and Tumblr, leaked his data MySpace and sold them on the dark web.
📂 What data was exposed?
- Usernames
- Email addresses
- passwords (hashed but with weak encryption)
- Account data created before 2013
⚠️ The biggest problem was that MySpace used weak SHA-1 encryption for passwords, which had already been deemed unsafe at that time. This meant that hackers could easily decrypt the codes and gain access to user accounts.
💥 How did the leak happen?
The exact method used for the breach remains unknown, but it appears that the hackers exploited older security vulnerabilities of MySpace.
The fact that the leak included accounts created before 2013 shows that MySpace probably had not upgraded its security measures for years.
🎭 Who was behind the attack?
The hacker "Peace" (ή "Peace_of_Mind") was the main person responsible for the leak. He was the same person who leaked data from the LinkedIn and Tumblr the same year.
MySpace data sold on the dark web for less than 6 Bitcoin (about $2.800 at the time).
⚖️ Consequences for MySpace
- MySpace had already lost its popularity after the rise of Facebook, so the leak didn't cause as much of an outcry as other attacks.
- The company delete all old passwords and asked users to create new passwords.
- The leak showed poor data security management from MySpace.
- Millions of users who used the same password and on other platforms they were at risk of attacks credential stuffing.
8️⃣ eBay (2014) – 145 Million Users
Η eBay data breach in 2014 was one of the largest cyberattacks of that decade, affecting 145 million user accounts.
📌What happened;
In May 2014, the eBay announced that he suffered massive security breach between February and March 2014. The hackers managed to gain access to corporate employee credentials, which allowed them to infiltrate the company's systems and obtain sensitive user data.
(I.e.What data was exposed?
- User names
- Email addresses
- Addresses of residence
- Phone numbers
- Dates of birth
- Encrypted passwords
❌ No financial data was disclosed. (such as credit card numbers or banking information), according to eBay.
💥How did the attack happen?
Cybercriminals have gained employee credentials through one phishing attack, which gave them access to the company's internal systems. From there, they were able to extract user data.
️What were the consequences?
- eBay asked all users to change their passwords.
- The attack damaged user trust, as eBay was slow to disclose the leak.
- The users who they used the same password in other services became vulnerable to further attacks (credential stuffing).
9️⃣ Capital One (2019) – 106 Million Customers
Η Capital One data breach in 2019 was one of the largest data breaches in the financial sector, affecting approximately 106 million customers in the United States and Canada.
📌What happened;
At 29 July 2019, Capital One announced that a hacker had gained unauthorized access to the personal data of millions of customers. The attack was carried out through a vulnerability in cloud-based servers used by the company.
The hacker, Paige Thompson, a former Amazon Web Services (AWS) software engineer, exploited a firewall misconfiguration to gain access to the data.
(I.e. What data was exposed?
The leak included:
- Personal Information (names, addresses, phone numbers, emails)
- Financial information (credit scores, credit card limits, account balances)
- Social security numbers (~140.000 customers)
- Bank account numbers (~80.000 customers)
However, no access details (passwords) or credit card numbers were leaked.
💥How was it revealed?
Paige Thompson boasted about the attack on a public forum and a GitHub repository. A user who saw her posts alerted Capital One, which notified the FBI. Thompson was arrested on 29 July 2019 and was sentenced to 5 years in prison the 2022.
️ Implications for Capital One
- $80 million fine by the U.S. Office of the Comptroller of the Currency (OCC) due to inadequate security measures.
- $190 million settlement in a class action lawsuit of affected customers.
- Forced strengthening cybersecurity measures the company's.
🔟 Dropbox (2012) – 68 Million Accounts
The data leak in Dropbox in 2012 was one of the largest account breaches in history, affecting approximately 68 million usersAlthough the breach occurred in 2012, the data was leaked online in 2016, causing major concerns about user security.
📌 What happened;
The 2012, malicious hackers managed to gain access to a Dropbox database containing user email addresses and encrypted passwords. However, the company didn't have a full picture of the leak until 2016, when the data appeared on dark web markets (Dark web).
(I.e. What data was leaked?
- Email addresses (~68 million users)
- Encrypted passwords (hashed passwords)
Passwords were stored using two different methods:
- bcrypt – a strong encryption method
- SHA-1 (with salt) – less secure method, more vulnerable to attacks
💥 How did the attack happen?
The leak started with a reused password! A Dropbox employee used the same password on multiple servicesWhen another service was breached, hackers obtained the employee's password and used it to gain access to Dropbox's internal systems.
💥When was the leak revealed?
- The 2012, Dropbox suspected suspicious activity, but did not have full knowledge of the scale of the breach.
- The 2016, the data appeared in Dark web and on hacking forums.
- Dropbox confirmed the leak and forced users to change their passwords.
️Dropbox's Consequences and Reaction
✔ Mandatory password change for all users who had not changed their password since 2012.
✔ Improving security with the support Two Factor Authentication (2FA).
✔ Personnel training to avoid errors such as code reuse.
Conclusions & Lessons
Data protection requires systematic security, user training, regular updates and effective crisis management.
Ultimately, cybersecurity is not a luxury, but a necessity!
