19 Large-Scale Data Breaches

19 Large-Scale Data Breaches
Datami Newsroom
Datami Newsroom Datami Newsroom
Nov 12, 2024

To what extent is user data from the Internet available on the DarkNet? To what extent is personal data, including email addresses, passwords, dates of birth, full names, and cities of residence, stolen from major web resources on a daily basis?

Indeed, this occurs with great frequency, nearly every day. Once this data is uploaded, it is made available for sale or use in harmful ways on a closed, hidden Internet. Various hackers employ it for their own plans and purposes. 

Let's look at 19 cases of major data breaches: In this article, we will publish only a small fraction, a tiny portion of the information that helps to understand the scale of cybercrime development in recent years. These are merely the data of several hundred million users.

Hacking of the Bulgarian National Income Agency

In July 2019, a massive data breach of the Bulgarian National Revenue Agency with data on 5 million people began. Allegedly obtained in June, the data was widely disseminated on the Internet and included information on the taxation of Bulgarian citizens with names, phone numbers, physical addresses and 471 thousand unique email addresses.

The breach is said to have affected "almost all adults in Bulgaria." According to other sources, the data of more than 5 million people in Bulgaria were stolen. This is 70% of the country's total population. The most interesting thing is that this data contained all the information about tax data, deductions and taxes of citizens.

Hacking Canva

In May 2019, the graphic design tool site Canva suffered a data breach affecting 137 million subscribers. The data provided included email addresses, usernames, logins, locations, and passwords stored as hashes that did not involve social accounts.

Clash of Kings hack

In July 2016, the Clash of Kings forum suffered a data breach that affected 1.6 million subscribers. The affected data included usernames, IP addresses, email addresses, and passwords stored as MD5 hashes.

Ixigo hacking

In January 2019, the travel and hotel booking website ixigo was hacked. The data appeared for sale on a dark web exchange the following month and included more than 17 million unique email addresses, as well as names, genders, phone numbers, Facebook profile connections, and passwords stored as MD5 hashes.

The source was identified as "[email protected]". Stolen data: authorization tokens, device information, email addresses, gender, names, passwords, phone numbers, greetings, social media profiles, usernames.

LiveJournal hacking

In mid-2019, reports surfaced of a possible LiveJournal data breach. This followed numerous reports of credential misuse against Dreamwidth since 2018, a LiveJournal fork with a significant cross-section of the user base. The breach allegedly dates back to 2017 and contains 26 million unique usernames and email addresses (both of which were confirmed by LiveJournal) along with plain text passwords.

The data archive was subsequently published on a popular hacker forum in May 2020.

Hacking Lumin PDF

In April 2019, PDF file management service Lumin PDF suffered a data breach. The breach was not publicly disclosed until September, when 15.5 million records of user data appeared for download on a popular hacker forum.

The data was made public in a MongoDB instance, after which Lumin PDF was allegedly "contacted several times but did not receive a response." The data provided included names, email addresses, gender, spoken language, and a bcrypt hash password or Google authorization token.

Mastercard hacking 

In August 2019, the German Mastercard bonus program Priceless Specials was hacked. The personal data of nearly 90,000 Mastercard members was subsequently widely disseminated on the Internet and included names, email addresses, IP addresses, phone numbers, and partial credit card information. Following the incident, the program was subsequently terminated.

Hacking of MGM Resorts3

In July 2019, MGM Resorts revealed a data breach of one of its cloud services. The breach included 10.6 million guest records with 3.1 million unique email addresses dating back to 2017. The exposed data included email and physical addresses, names, phone numbers, and dates of birth, and was then shared on a popular hacker forum in February 2020, where it was widely used in the future.

Hacking Minehut

In May 2019, the Minecraft server website Minehut experienced a data breach. The company reported that a backup copy of the database was obtained, after which they subsequently notified all affected users. 397 thousand email addresses were provided to HIBP after the incident. A dataset with email addresses and bcrypt password hashes was also later provided to HIBP.

Hacking ShareThis

In July 2018, social bookmarking service ShareThis suffered a data breach. The incident revealed 41 million unique email addresses along with names, and in some cases, birth dates and password hashes. In 2019, the data was put up for sale on the Dark Net (along with several other large databases), and then began to spread further.

Stronghold Kingdoms 

In July 2018, the massively multiplayer online game Stronghold Kingdoms suffered a data breach. The incident affected nearly 5.2 million accounts, which contained email addresses, usernames, and passwords stored in SHA-1 hashes.

Hacking of the Universarium

Around November 2019, Universarium, a distance learning faculty for IT majors in Russia, suffered a data breach. The incident revealed 565 thousand email addresses and passwords in plain text. The university did not respond to numerous attempts to establish contact for many weeks.

Zynga hack

In September 2019, game developer Zynga received a notification of a data breach. The incident revealed 173 million unique email addresses along with usernames and passwords stored as SHA-1 hashes.

Adult FriendFinder (2016)  

In October 2016, Friend Finder Networks, an adult entertainment company, suffered a huge data breach. The incident affected several separate online assets owned by the company, the largest of which was the Adult FriendFinder website, which is claimed to be "the world's largest swinger community."

The data exposed included usernames, passwords stored as SHA-1 hashes, and 170 million unique email addresses. 

AnimeGame

In February 2020, the gaming site AnimeGame suffered a data breach. The incident affected 1.4 million subscribers and disclosed email addresses, usernames, and passwords stored as MD5 hashes.

Aptoide 

In April 2020, the independent Android app store Aptoid experienced a data breach. The incident exposed 20 million customer records, which were subsequently published online via a popular hacker forum. The affected data included emails and IP addresses, names, IP addresses, and passwords stored as SHA-1 hashes.

Go Games 

Around October 2015, a data breach occurred on the Go Games website. The exposed data included 3.4 million customer records, including email addresses and IP addresses, usernames and passwords stored as MD5 hash codes.

HTC Mania hack

In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach from the vBulletin website. The incident revealed 1.5 million members' email addresses, usernames, IP addresses, dates of birth, and MD5 password hashes and password history. The data from the hack was subsequently shared on popular hacking sites.

Straffic 

In February 2020, the Israeli marketing company Straffic disclosed a database with 140 GB of personal data. The public Elasticsearch database contained more than 300 million rows with 49 million unique email addresses. The data provided also included names, phone numbers, physical addresses, and gender. In their breach notification, the authors state that "it is impossible to create a completely immune system, and these things can happen." 

Don't forget to analyze cybersecurity threats on your resources.

free_consulidation

Fill out the form below, and we’ll get in touch with you right away to discuss a plan to protect your business!

Updated: 16.01.2025
(0 assessments, average 0/5.0)

Related content

Information Security: Types of Threats and Methods of Mitigation Datami Newsroom
Datami Newsroom

Information Security: Types of Threats and Methods of Mitigation

Information security encompasses methods for protecting data from threats that can harm individuals or companies, and it requires continuous improvement due to the evolving technologies of criminals.

Nov 14, 2024
Smartphone Security and Cybersecurity Datami Newsroom
Datami Newsroom

Smartphone Security and Cybersecurity

Smartphone security is important, as the increase in their usage comes with the risks of data breaches, so users should adhere to basic protection rules, such as updating software and using complex passwords.

Nov 14, 2024
What is Penetration Testing, or How Can You Avoid Being Caught Off Guard by Hackers? Oleksandr Filipov
Oleksandr Filipov

What is Penetration Testing, or How Can You Avoid Being Caught Off Guard by Hackers?

Penetration test definition and types. The key steps penetration testers take during different pentestings and how it helps companies improve their overall cybersecurity resilience

Dec 9, 2024
E-commerce has become the new norm in today's digital era Datami Newsroom
Datami Newsroom

E-commerce has become the new norm in today's digital era

E-commerce has become the new norm in today's digital era, transforming consumer behavior and business models as more people turn to online shopping for convenience and accessibility.

Nov 6, 2024
Dangerous Smartphone Apps You Should Delete Datami Newsroom
Datami Newsroom

Dangerous Smartphone Apps You Should Delete

Malicious apps for Android can steal data, track geolocation, and display unwanted advertisements, so it is important to remove them from devices to ensure security.

Nov 14, 2024
Ranking — Top Secure Browsers with VPN Datami Newsroom
Datami Newsroom

Ranking — Top Secure Browsers with VPN

The rating of secure browsers with VPN helps users choose the optimal option for online privacy protection, as modern threats require reliable solutions to ensure security while web surfing.

Nov 14, 2024
Back to home page
Order a free consulidation
We value your privacy
We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy