6 biggest user data leaks in tech history

1. 50 million Facebook users leaked

A report last weekend said that the biggest leak of user information in Facebook's history had occurred, causing more than 50 million Facebook accounts to be analyzed by a data analysis company with offices in the UK and the US, Cambridge Analytica, in June 2016 without their consent.

The incident has severely affected Facebook, causing many investors to sue the company. Even the co-founder of WhatsApp - a company that was acquired by Facebook - has called for users to boycott the social networking site, while a technology investor called for CEO Mark Zuckerberg to resign for not being able to handle such a situation.

On the stock market, Facebook shares fell 3% on March 20, 2018, causing the company's market value to evaporate by about $50 billion. More seriously, the Facebook scandal had an impact on the market in general by pulling down the prices of technology stocks and social networking companies such as Twitter and Snap, in which Twitter fell 10% and Snap fell 3%.

2. Yahoo with huge data leak scandal - 3 billion accounts

According to the technology news site Techcrunch, this is new information that Yahoo has admitted after receiving new evidence collected during the investigation into the company's massive data leak in 2013.

Accordingly, Yahoo said that in the cyber attack that happened to them in 2013, all 3 billion of their user accounts were affected, not 1 billion accounts as previously stated.

This account number includes everyone who has a Yahoo email account and everyone who has signed up to use other Yahoo services like Flickr.

Yahoo is now part of Oath, a company that Verizon acquired for $4.5 billion and merged with AOL. Yahoo said new evidence of the number of user accounts affected by the data breach was discovered during the consolidation of the businesses.

Yahoo also tried to downplay the severity of the problem, saying that after discovering the incident in 2013, the company implemented measures to protect all user accounts.

Accordingly, the company has sent direct notifications to affected users, asking them to change their passwords and disable unencrypted security questions/answers.

3. Malaysia: Information of more than 46 million mobile users leaked

The warning comes after information emerged about the country’s biggest ever data breach. The leak of personal information was announced by lowyat.net in early November 2017 and was reported to the Malaysian Communications and Multimedia Commission.

With this information leak, from residential addresses, identification card numbers to phone SIM card information, detailed personal information of almost all Malaysians could fall into the hands of scheming people.

Upon receiving a report of the incident, the Malaysian Communications and Multimedia Commission (MCMC) coordinated with the police to launch an investigation. Regarding the incident, cybersecurity experts are concerned that the leaked personal data will create opportunities for criminals to impersonate to conduct online transactions.

Meanwhile, a Singaporean cybersecurity company revealed that the leaked information was initially sold on some “underground” forums for 1 bitcoin (equivalent to 6,500 USD on November 1). Not only that, at least one person who exploited the leaked information created a link so that many others could download it for free.

4. 60 million Uber users' information leaked

In 2016, a cyberattack on Uber exposed a large amount of its user and driver data. It was reportedly carried out by two hackers on a third-party cloud service, where the hackers stole the names and driver's license numbers of about 600,000 drivers in the US, as well as email addresses and mobile phone numbers.

Uber said information such as location history, credit card numbers, bank account numbers, social security numbers or dates of birth did not appear to have been taken. The company also assured drivers affected by the attack that free credit monitoring and identity theft protection would be available.

It is known that Uber agreed to pay $100,000 to the hackers to destroy all the information they obtained and keep the incident a secret, but the company did not disclose the incident to the public at the time.

5. Equifax -US credit company, leaked information of 143 million customers

According to the Los Angeles Times (USA), on September 7, 2017, Equifax confirmed that their computer system had been hacked, resulting in the leak of a database containing Social Security numbers and birth dates of 143 million American customers.

According to the Atlanta-based company, the cyberattack occurred between May and July of this year. Hackers targeted a security vulnerability on the company's website.

Equifax only discovered the incident on July 29 and has been investigating the matter for weeks, working with a cybersecurity consultant and authorities.

It is known that in addition to Social Security numbers and dates of birth, other personal information of customers was also compromised such as their full names, addresses and driver's license numbers.

Not only that, the credit card numbers of 209,000 US customers were also manipulated. Disputed documents related to 182,000 US customers were also compromised...In addition to US customers, an unknown number of British and Canadian customers were also affected in the incident.

6. Spambot exposes 711 million email accounts

Around the end of August 2017, more than 700 million personal email accounts along with a large number of passwords were made public by a spambot, in one of the largest digital information attacks.

This is one of the largest email account breaches ever. Data experts estimate that the actual number of accounts compromised in the attack is lower than the 711 million, largely because of duplicate or fake accounts in the database.

“The new data entry will be 711 million email addresses, the largest number ever entered into Have I Been Pwned at one time,” said Troy Hunt, an Australian cybersecurity expert who runs the website “Have I Been Pwned.” “To put that in perspective, that’s the number of men, women, and children living in all of Europe.” Have I Been Pwned is a website that reports on user email accounts that have been compromised.

The data was leaked because the Spambot owner accidentally left a vulnerability unpatched in one of the servers hosting it, allowing anyone to log in and download the entire information. There is currently no way to know how many people downloaded the entire data from the server.