The biggest data breaches of the decade (and the lessons learned)
Cybersecurity has to be one of the hottest topics of 2021, even more so than in previous years thanks to the pandemic and hybrid working and a plethora of unexpected security vulnerabilities. As organisations move carefully into 2022, the top five biggest data breaches of the decade are here to teach some lessons, raise some red flags, and hopefully guide organisations down a far more secure path.
Here, in order of data, are five breaches that made news headlines so big and so bold that even technophobes heard of them…
01: Yahoo
Yahoo has face so many attacks over the years that it would be easy to wonder which one made the list, but it was the highly successful hacking of every, single Yahoo account in 2013 that takes the top spot. The hack got hold of accounts on email, Flickr, Tumblr and Fantasy and included people’s names, email addresses and passwords. Fortunately, for Yahoo and its users, no financial information was stolen in the hack, but it did seriously impact the company’s reputation and customer trust. For Yahoo, bought by Verizon a few years after the attack, the hack inspired them to change how security questions were validated and the steps they took to validate user information.
02: Alibaba
In 2019, Alibaba was hit by one successful hack that saw around 1.1 billion user titbits harvested by a developer and his employer. The two were sentenced to three years in prison, even though they didn’t sell the information on, but they should be commended for their success where millions have failed. According to a CNBC article published the same year, the Alibaba Group deflects around 300 million hack attempts a day. The one lesson learned here is that the bigger you get, the more of a target sits on your back, but equally it’s that consistent investment into security protocols and awareness paid off for this giant that has yet to lose any money or important financial information to these hackers.
03: Facebook
The Facebook hack of 2019 left users reeling. Two sets of data were exposed to the public internet and included information about more than 530 million people. This information included phone numbers, account names and Facebook IDs, and was such a significant steal of phone data that HaveIBeenPwned added phone number searching to its functionality. The biggest lesson here, other than to keep an eye on defunct platform features in case they pose a security risk, is to put user feelings ahead of corporate speak. Facebook’s reputation took a hit, not just because of the attack, but because of the way the company responded to it.
04: MyFitnessPal
While this very popular diet and fitness application had 150 million user accounts hacked, the company is a lesson on how to handle a data breach effectively. The company’s data loss may not have been as high as Yahoo or Facebook, but its response to the hack was superb. The company immediately acknowledged the breach, notified the users, and then got in touch with specialised companies to help them minimise the damage and find those responsible.
05: Robinhood
November 2021 and Robinhood had seven million customer accounts exposed. The type of data leaked, and the amount of data leaked, varies but most had their email addresses or names exposed. The stock trading app claims that no financial information was leaked, but this may change as often the sheer extent of a hack is only discovered months, even years, later. This is something that Yahoo found out – initially the numbers of its 2013 hack were way below the final tally of three billion – so users should change their information if they were affected. The breach shone another light on the infamous company but they did everything right, from notifying their customers to the authorities and setting out to find out exactly what happened.
And the lesson learned? Cybersecurity is an imperative, especially now in the hybrid world, and every organisation should be consistently focusing on the right technology, staff training, and processes to minimise their security risk and maximise their security posture.
