While every organization strives to patch all possible loopholes in their software, hackers won’t stop exploiting vulnerabilities to expose new ones. And with the recent rampancy of data breach reports, it seems the menace won’t stop any time soon.
These are some of the most shocking data breaches in history that are unforgettable, including government-related ones.
1. US Federal Government Serial Data Breach (2020)
In December 2020, the US government discovered a shocking major data breach initially thought to have affected a few organizations.
Not long after the discovery, it became clear that up to 200 prominent organizations, even outside the jurisdiction of the US, including NATO, and the European Parliament, had been perforated in a supply chain attack that works by hiding malicious code in updated software.
While brooding over the cause and source of this unprecedented data hack, it soon occurred that the attackers meant the deal and had coordinated the attack undetected for over eight months in what is called an Advanced Persistent Threat (APT).
The attackers leveraged loopholes in Microsoft’s cloud infrastructure, VMware’s software, and a government and military monitoring software update released by SolarWind Corps. Sources claimed that the breach was a nation-sponsored targeted attack aimed at leaking sensitive information belonging to various parastatals within the US, including its military.
To date, it’s still one of the most seriously coordinated cyberattacks against the US and some of the world’s major multinationals.
2. MyFitnessPal (2018)
Hackers will stop at nothing to bring popular apps on their knees. In 2018, attackers gained unauthorized access into the database of MyFitnessPal and obtained millions of users’ information in the process.
According to Under Amour, the unprecedented breach affected approximately 150 million accounts. As a precautionary measure, security experts from the company notified users of the breach and asked that they change their passwords.
Although the company instantly reset all affected users’ passwords, unfortunately, users’ emails also got leaked. So this exposes them to possible phishing attacks and identity theft.
The consequence of this data breach would later become more disturbing after a year when the obtained information, including emails, usernames, and encrypted passwords, surfaced on the dark web. And this time, they were placed on sale for an estimated price of $20,000.
3. Swedish Transport Agency Data Breach (2017)
Although most data breaches involve deliberate hacking of a victim’s software, this wasn’t the case in the Swedish transport agency data breach. As a result of careless data handling, the country’s transport agency was hit hard in 2017 by data leakage after outsourcing its IT infrastructure and database management to IBM.
The severity would’ve been minimal had it been limited to the thousands of drivers’ license information that got exposed. But the government claimed that in addition to leaking information about national roads and bridges, the identity of undercover agents working with the intelligence unit and the military got exposed.
This event, however, resulted in the firing of Maria Ågren—the Director-General of the agency at the time. Ultimately, it was described by security affairs as the worst-known governmental data leak that ever affected the Swedish government.
4. Yahoo! (2013 and 2014)
Yahoo!’s announcement in 2016 that hackers gained unauthorized access into its database and stole the personal information of well-over 500 million users on its platform back in 2014 came as a shock.
Later that year, the internet space received the bombshell when the company revealed that there’d been an earlier separate breach of its database in 2013, affecting over one billion users.
It became glaring that Yahoo!’s security wall was heavily compromised when the company later confirmed in 2017 that the 2013 data breach affected all its three billion users.
The hackers in both cases had forged and used malicious browser cookies, which deceived Yahoo!’s security system, to gain unauthorized access into any user’s account at any time without using a password.
Thus, unencrypted security questions, phone numbers, and emails got leaked during this raid, which to date is considered the worst security breach ever experienced on the internet.
Consequently, later in early 2017, Verizon—which had earlier offered to buy Yahoo! at the rate of $4.8 billion—priced down the platform to $350 million less than the agreed price. Yahoo! was forced to sell at this new price, with Mayer stepping down as CEO.
5. Facebook (2019)
Facebook has faced many criticisms for being insecure, with critics calling its users to delete the app. Moreover, the platform has been involved in a plethora of data breaches.
In 2019, the social media platform suffered a major security breach that resulted in the exposure of over 500 million users’ personal information. Later that year, another database containing the personal information of 267 million users surfaced online. Speculations were that the database was freely available on the Dark Web for nearly two weeks.
These breaches happened only a year after Facebook suffered a separate data breach that affected approximately 50 million users.
Information stolen in both cases were Facebook IDs, Usernames, and phone numbers. According to Facebook, the breaches resulted from a security…
Read More:8 Historic Data Breaches That Shook the World