The Largest Data Breaches Ever

Every year, companies ranging from worldwide conglomerates to small businesses join the ranks of organizations that have suffered data breaches. While all incidents of stolen data can put consumer information at risk, some are more memorable than others — for all the wrong reasons, of course. Check out a compilation of the largest data breaches of all time.

Collection No. 1 — 2.7 billion records (Largest cache at 87 GB)

In January 2019, one cybersecurity researcher stumbled upon the largest treasure chest of stolen information ever found. Troy Hunt, owner and manager of a cybersecurity service, reported his findings on his website. The list included 2.7 billion records comprised of more than 770 million email addresses and passwords. Unlike most data breaches today, no one company can step forward to claim responsibility, because the credentials come from thousands of sources. Even worse, researchers later discovered that Collections #2 – #5 were also up for grabs.

The good news is there were no SSNs or financial information included in this stolen data. However, for the right hackers, an email address and password would be all they need to log into susceptible bank accounts, especially those of consumers who use the same passwords across multiple platforms.

Yahoo — 3.5 billion accounts

While Collection #1 was certainly the largest cache ever found, it is Yahoo that holds the title for largest number of accounts compromised, at 3 billion. In fact, this represents the entire number of accounts existing on Yahoo servers in 2013, at the time of the hack. So, how do another half a billion accounts come into play? Without a doubt, there are some overlaps, but in 2014 Yahoo suffered a second breach totaling 500 million accounts.

Here is the type of stolen data between these two Yahoo attacks:

  • Names
  • Email addresses
  • Back-up email addresses for password resets
  • Passwords
  • Phone numbers
  • Security questions

Unique Identification Authority of India — 1.1 billion accounts

If you’re not familiar with this large-scale breach, it may be because it was only specific to India. Aadhar, the Indian equivalent of the American Social Security number, is used by the UIDAI. While the government agency has not been able to identify when the breach first began, it was discovered in March 2018. Among the lineup of stolen data are 12-digit ID numbers and connected information such as bank accounts.

Marriott Starwood Hotels — 500 million accounts

Last year, while many people were back at work and refreshed after the long Thanksgiving weekend, Marriott woke up to a nightmare: a large-scale security breach. It went down as one of the largest number of compromised accounts in cybersecurity history, affecting up to 500 million customers around the world.

The company discovered the four-year long breach while conducting an internal investigation. Here are some of the types of stolen data hackers made off with:

  • Names
  • Dates of birth
  • Email addresses
  • Phone numbers
  • Mailing addresses
  • Passport numbers

Friend Finder Networks — 412 million accounts once boasted that it was the largest community in the world for swinging and hookups, even over Tinder. Apparently, this caught the eye of hackers, because in 2016, a malicious attack succeeded in compromising 336 million accounts. Even 15 million deleted accounts were affected by the breach. Though deleted, the accounts had not yet been removed from the servers. In addition to this, 7 million and 62 million accounts were compromised from and, respectively.

By the time the data was discovered and examined, it was reported that two decades’ worth of information had been taken from the servers. The stolen data included usernames, emails and passwords.

Exactis — 340 million records

In June 2018, a security researcher alleged that he had found a database online with information on almost every U.S. citizen. Considering that the breach later totaled 340 million records and that the U.S. population is roughly  328 million, he was not wrong. Even worse, it was on a publicly accessible server. It was later discovered that the data belonged to Exactis, a Florida-based marketing company.

Not surprisingly, the information included in this stolen data sheet was extensive. Both personal and business data was discovered:

  • Addresses
  • Phone numbers
  • Personal characteristics
  • Personal interests

Facebook and Cambridge-Analytica — 87 million accounts (328 million affected)

In 2015, 270,000 Facebook users installed an app called “thisisyourdigital life.” It was created by a professor at the University of Cambridge and was used to pass on Facebook users’ personal information to third-party companies, such as Cambridge Analytica. Cambridge Analytica is the data analytics firm that worked on Donald Trump’s presidential campaign and is frequently credited for contributing to his 2016 U.S. presidential election win.

So, how did the number of affected users climb to 87 million? The friends of the users who installed the app also had their data stolen. The stolen data helped Cambridge Analytica to create targeted ads based on user behavior and voter data. For better or worse, the results of the presidential election affect every single member of the American population, further extending the reach of this breach.

In 2018 alone, there were 700 disclosed security breaches. As experts continue to study the trends of failing cybersecurity measures, negligence on behalf of companies and government agencies, and increased levels of cybercrime, the predictions are that cybersecurity breaches will only continue to trend upwards. Because of this, consumers must exercise vigilance when sharing their information, even with reputable companies. You never know who’s watching, waiting, ready to steal your information and pawn your stolen data for $45 on Telegram.