With 3,950 confirmed data breaches in 2020, we’ve outlined some of the most recent and impactful security breaches of the year. This data indicates the widespread impact data breaches are having on compromising sensitive information.
1. Microsoft – 250 million records On January 22, Microsoft disclosed a data breach that took place December 2019. According to ZDNet, the servers contained 250 million entries, with information such as email addresses, IP addresses, and support case details. (Security Magazine). 2. Wattpad – 268 million records
In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 268.745.495 million records. The data was initially sold in private sales of over $100,000, and then published on a public hacking forum where it was broadly shared for free, according to Bleeping Computer.
3. Broadvoice – 350 million records
Security researcher Bob Diachenko discovered an exposed cluster of databases belonging to the Voice over IP (VoIP) telecommunications vendor Broadvoice that contained the records of more than 350 million customers. 4. Estée Lauder – 440 million records
On January 30, security researcher Jeremiah Fowler discovered a database online that contained what he says was "a massive amount of records." The database belonged to cosmetics giant Estée Lauder and contained a total of 440,336,852 records.
5. Sina Weibo – 538 million records
In March, news broke that the personal details of more than 538 million users of Chinese social network Weibo were available for sale online. A hacker then claimed to have breached Weibo in mid-2019 and obtained a database that allegedly contained the details of 538 million users and was selling the data for $250 on the dark web.
6. Whisper – 900 million records
An unprotected database, containing 900 million Whisper posts, and all the metadata related to those posts, was found online earlier in March. A “secret-sharing” app, Whisper, who called itself the “safest place on the Internet,” exposed PII, including, intimate confessions, ages, locations and other details, and allowed anyone to access all of the information tied to anonymous “whispers” posted to the app. According to The Washington Post, the database was discovered by independent researchers and consultants Matthew Porter and Dan Ehrlich, who said they were able to access almost 900 million user records from the app’s release in 2012 to the present day.
7. BlueKai – billions of records
In June 2020, security researcher Anurag Sen found an unsecured BlueKai database accessible on the open Internet. A startup, BlueKai was bought for over $400 million in 2019 by Oracle. The database held billions of records containing names, home addresses, email addresses, and web browsing activity like purchases and newsletter unsubscribes. 8. Keepnet Labs – 5 billion records
In March 2020, Bob Diachenko reported coming across a leaky Elasticsearch database which appeared to be managed by a U.K.-based security company, according to SSL certificate and reverse DNS records. Diachenko noted that “the irony of the discovery is that it was a ‘data breach database’, an enormously huge collection of previously reported security incidents spanning 2021-2019 era.”
9. Advanced Info Service (AIS) – 8.3 billion records
Security researcher and head of Trust & Safety at Cloudflare Justin Paine discovered an open ElasticSearch database when browsing BinaryEdge and Shodan on May 7. According to Paine’s summary of the incident, the database appeared to be controlled by a subsidiary of a major Thailand-based mobile network operator named Advanced Info Service (AIS). AIS is a large GSM mobile phone operator with 39.87 million customers.
10. CAM4 – 10.88 billion records
Anurag Sen, at Safety Detectives, discovered a significant data leak belonging to adult live-streaming website CAM4.com. The website is owned by Irish company Granity Entertainment. The database, according to the research team, exceeded 7 terabytes with production logs dating from March 16, 2020 and increasing daily, containing 10.88 billion records with PI
#IDENTITY FRAUD #IDENTITY THEFT #KEYLOGGER #KEYSTROKE ENCRYPTION