6 Biggest User Data Leaks in Tech History
(Baonghean.vn) - In today's digital age, data is considered an extremely valuable resource. In recent times, Facebook, Yahoo, Uber and many other technology giants have all encountered incidents related to data leaks of millions and even billions of users.
1. 50 million Facebook users leaked
![]() |
Last weekend's report said that the biggest user information leak in Facebook's history occurred, causing more than 50 million Facebook accounts to be analyzed by data analysis company Cambridge Analytica with offices in the UK and US in June 2016 without their consent.
The incident has severely affected Facebook, leading many investors to sue the company. Even the co-founder of WhatsApp - a company that was acquired by Facebook - has called for users to boycott the social networking site, while a technology investor called for CEO Mark Zuckerberg to resign for not being able to handle such a situation.
On the stock market, Facebook shares fell 3% on March 20, 2018, causing the company's market value to evaporate by about $50 billion. More seriously, the Facebook scandal had an impact on the market in general, causing the prices of technology stocks and social networking companies such as Twitter and Snap to fall, with Twitter falling 10% and Snap falling 3%.
2. Yahoo with huge data leak scandal - 3 billion accounts
![]() |
According to the technology news site Techcrunch, this is new information that Yahoo has admitted after receiving new evidence collected during the investigation into the company's massive data leak in 2013.
Accordingly, Yahoo said that in the cyber attack that happened to them in 2013, all 3 billion of their user accounts were affected, not 1 billion accounts as previously stated.
This account number includes everyone who has a Yahoo email account and people who have signed up to use other Yahoo services like Flickr.
Yahoo is now part of Oath, after Verizon acquired it for $4.5 billion and merged it with AOL. Yahoo said new evidence of the number of user accounts affected in the data breach was discovered during the consolidation of the businesses.
Yahoo also tried to downplay the severity of the problem, saying that after discovering the incident in 2013, the company implemented measures to protect all user accounts.
Accordingly, the company has sent direct notifications to affected users, asking them to change their passwords and disable unencrypted security questions/answers.
3. Malaysia: Information of more than 46 million mobile users leaked
![]() |
The warning comes after the country’s biggest ever data breach. The leak of personal information was reported by lowyat.net in early November 2017 and was reported to the Malaysian Communications and Multimedia Commission.
With this information leak, from residential addresses, identification card numbers to phone SIM card information, detailed personal information of almost all Malaysians could fall into the hands of scheming people.
Upon receiving a report of the incident, the Malaysian Communications and Multimedia Commission (MCMC) coordinated with the police to launch an investigation. Regarding the incident, cybersecurity experts are concerned that the leaked personal data will create opportunities for criminals to impersonate to conduct online transactions.
Meanwhile, a Singaporean cybersecurity company revealed that the leaked information was initially sold on some “underground” forums for 1 bitcoin (equivalent to 6,500 USD on November 1). Not only that, at least one person exploiting the leaked information created a link so that many others could download it for free.
4. 60 million Uber users' information leaked
![]() |
In 2016, a cyberattack on Uber exposed a large amount of user and driver data. The attack was reportedly carried out by two hackers on a third-party cloud service, where the hackers stole the names and driver’s license numbers of about 600,000 drivers in the US, as well as email addresses and mobile phone numbers.
Uber said that information such as location history, credit card numbers, bank account numbers, social security numbers or dates of birth did not appear to have been taken. The company also assured that drivers affected by the attack would receive free credit monitoring and identity theft protection.
It is known that Uber agreed to pay $100,000 to the hackers to destroy all the information they obtained and keep the incident a secret, but the company did not disclose the incident to the public at the time.
5. Equifax -US credit company, 143 million customer information leaked
![]() |
According to the Los Angeles Times (USA), on September 7, 2017, Equifax confirmed that their computer system had been hacked, resulting in the leak of a database containing Social Security numbers and dates of birth of 143 million American customers.
According to the Atlanta-based company, the cyberattack occurred between mid-May and July of this year. Hackers targeted a security vulnerability on the company's website.
Equifax only discovered the incident on July 29, and over the past several weeks, the company has been working with a cybersecurity consultant and authorities to investigate the incident.
It is known that in addition to Social Security numbers and dates of birth, other personal information of customers was also compromised such as their full names, addresses and driver's license numbers.
Not only that, the credit card numbers of 209,000 US customers were also manipulated. Disputed documents related to 182,000 US customers were also compromised...In addition to US customers, an unspecified number of British and Canadian customers were also affected in the incident.
6. Spambot exposes 711 million email accounts
![]() |
Around the end of August 2017, more than 700 million personal email accounts along with a large number of passwords were made public by a spambot, in one of the largest digital information attacks.
This is one of the largest email account breaches ever. Data experts estimate that the actual number of accounts compromised in the attack is lower than the 711 million, largely because of duplicate or fake accounts in the database.
“The new data entry will be 711 million email addresses, the largest number ever entered into Have I Been Pwned at one time,” said Troy Hunt, an Australian cybersecurity expert who runs the website “Have I Been Pwned.” “To put that in perspective, that’s the number of men, women and children living in the whole of Europe.” Have I Been Pwned is a website that reports on user email accounts that have been compromised.
The data was leaked because the Spambot owner accidentally left a vulnerability unpatched in one of the servers hosting it, allowing anyone to log in and download the entire file. There is currently no way to know how many people downloaded the entire file from the server.