Data breaches in 2018 affected more people than any other year on record. With the amount of logins that people now have for various services and sites, this should not be surprising. In fact, these numbers will probably get worse before they get better. SecurityCoverage watches data breaches carefully and our products are built to help protect businesses and consumers. Over the course of the year, these are the 5 data breaches that most stood out to us.
- Google Plus – 52.5 million accounts
Google Plus was breached through a bug that allowed outside developers to view personal information on app users Google Plus profiles. User names, email addresses and occupations were visible, even if they were set to private. Although it did not leak financial data, national ID numbers or passwords, this breach was the last nail in the coffin for Google Plus. Google has accelerated its plans to terminate the social media platform in April now instead of August.
- Facebook – at least 50,000,000 accounts
This year Facebook said that at least 50 million users’ data was at risk after a website vulnerability was exploited. This data included names, genders and hometowns of users that linked to their profile page. No credit card info or private messages were taken in the breach but the investigation continues. Considering Facebook has over 2.2 billion (!) active users, this seems like a fairly small section of their user base. However, breaches like this are starting to lead to more talks of government regulation.
- MyHeritage – over 92,000,000 accounts
Over the last few years, the popularity of DNA genealogy tests has exploded. One such company that offers this service, MyHeritage, was breached and leaked the data of over 92 million users. The data that was breached included email addresses and hashed passwords of users. Family tree and DNA data was stored on separate servers so it was safe. For the futurists out there, this seems like a scary proposition: If a group was successful at getting it, what kind of things could be done with your DNA and family tree information?
- Quora – 100,000,000 accounts
Question and Answer site Quora was hacked by a malicious third party this year, exposing the personal data of up to 100 million users. The personal information that was stolen included usernames, email addresses and passwords. Data from Facebook and Twitter may have been taken as well if they were linked to their Quora accounts. This was one of the biggest breaches of the year and shows that no matter the type of account you are using; the data you are using to login is valuable.
- Marriott International – 500,000,000 accounts
The Marriott International hack was massive with up to 500 million guest’s personal information compromised. According to Marriott around 327 million of those had ‘some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (‘SPG’) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences stolen. Other guests may have had credit card numbers and expiration dates stolen. The Marriott hack is probably one of the worst this year, due to the fact that hackers can now use that credit card info for unauthorized purchases and may be able to open up new accounts with the mountain of personal data that was also gathered.
Of course there were many other data breaches this year, but these were the events that really stood out to us. As we mentioned earlier, this is not a problem that is going away anytime soon. We urge you and your customers to practice safe data habits. Create strong unique passwords for all of your logins, install a strong anti-malware/anti-phishing solution, and consider an identity protection and restoration solution to alert you of breaches that include your data and provide recovery services if you’re the victim of identity fraud (coming soon from SecurityCoverage).