Cyber Security – The biggest breaches so far

Cyber Security is a well-documented and topical subject within the media at present and in recent times, a number of well-recognised brands have been targeted by data breaches.

Here’s our run-down of five of the most noteworthy.

Yahoo (2016) – One Billion users

In December 2016, Yahoo admitted it had been the victim of a massive data breach, the largest in history. One Billion user accounts were affected, and it is thought the breach happened sometime in 2013. The number of affected users were double those affected by the 2014 breach that Yahoo had admitted to in September 2016 (500 Million). The case of Yahoo has been reported tirelessly in the Cyber Security sector – primarily due to the scale of the operation, but in addition relating to how Yahoo handled the situation and how they were able to be breached in the first place.

Myspace (2000s) – 360 Million users

Sometime prior to 2013, Myspace was targeted by hackers who stole personal data from 360 million users. Myspace were allegedly unaware of the breach, until in 2016, the stolen data found it’s way to LeakedSource (a paid hacked data search engine). Each record in the hacked dataset contains “an email address, a username, one password and in some cases a second password,” according to LeakedSource. It was later put up for sale on the dark web market The Real Deal for $2,800.

Despite the fact that this is a historic hack, it is still a worrying amount of user data that was compromised. The site still receives a large volume of traffic. In addition, if users use the same passwords across many sites, even those abandoned and dormant accounts could pose a risk of users’ other accounts being compromised.

LinkedIn (2012) – 167 Million users

In  June 2012, around 6.5-6.7 Million users details were hacked from LinkedIn by Russian Hackers. Owners of hacked accounts were no longer able to access the site and were encouraged to change their passwords. In May 2016, it was revealed that an additional £100 Million accounts had been compromised in that same attack. This meant that in total  a data set including 167 million accounts, (117 million had both emails and encrypted passwords) was released onto a Russian hacker forum in 2012. In retaliation, LinkedIn invalidated the passwords of any users who had not updated their password in four years.

Sony PlayStation Network (2011) – 77 Million users

In September 2011, PlayStation admitted that the details of 77 million of users on its ‘PSN’ online network had been compromised. The information taken included names, date of birth, email addresses and home addresses.  Sony estimated that as a result of the attack they would lose around $171 Million as it paid out for security improvements, ‘welcome back’ packages for users and lost revenue. In hindsight, it was a good estimate.

Nationwide Building Society (2006) – 11 Million users

Nationwide Building Society were fined £1,000,000 by the Financial Services Authority, following the theft of an employee laptop in August 2006. The theft exposed flaws in Nationwide’s security procedures which risked the security of their 11 Million users.  It was found that Nationwide failed to have adequate training programmes for staff and did not have procedures to deal with the loss of customer information.

Do you work in CyberSecurity and are you looking for a new role? We can help, click here to go to our Security sector roles!