Cyber Security

Worst data security breaches of 2016

2016 was a busy year for our arch-nemesis, The Hackers. Data security and theft recovery is a serious issue. Sometimes people and companies take it for granted.

worst data security breaches

2016 was a busy year for our arch-nemesis, The Hackers. Data security and theft recovery is a serious issue. Sometimes people and companies take it for granted.

Remember that Anti-theft security is not just about protecting your laptop or corporate mobile phone, but the sensitive information that they store. The value of a security software also lies in protecting your data.

If your company’s higher management is as stubborn as Grand Moff Tarkin with the Death Star breach, to realize how important is secure data and tracking your devices, may we remind you of some high-profile data security breaches that were the highlight of 2016?

moff tarkin data breaches

You may have a point to make at the next IT management meeting.

Our friends at the portal Information is Beautiful ran indeed a wonderful job compiling the world’s biggest data security breaches. We’ve selected the most massive cases of data loss of 2016 to show you how some of the planet’s most massive repositories of people’s private information can have small but easy to breach weak spots. They don’t amount to A New Hope or Return of the Jedi’s Death Stars, but The Force Awakens’ own Starkiller Base.

starkiller base data breaches

 1. Friend Finder Network: 412,000,000 records

According to ZDNet, the parent company of many adult sites was hacked and compromised usernames, email addresses and passwords for adult sites Adult Friend Finder and Penthouse. Although passwords are encrypted, some sites claim they can crack most of them.

These SQL databases were either stored in plaintext or scrambled, and included site membership data and IP addresses.

2. Myspace: 164,000,000 records

The social media giant got punked apparently by the same hacker who was selling LinkedIn user data, according to Motherboard sources.

The portal reports that, if the numbers were accurate, this was one of the largest data thefts ever. “And either the company never found out, or didn’t disclose it, neither publicly nor to its users,” it claims.

“There are still risks for users, even in the case of abandoned or dormant accounts, which might still contain personal data that could be leveraged for other attacks.”

3. VK: 100,544,934 records

Motherboard recalls Russia’s own Facebook wannabe, where 100 million user accounts were hacked, “and the data put up for sale online,” even though the company has denied breaches, as the data details for sales were no longer in use.

Well that’s no excuse, is it?

The lesson, according to the report:” users have to create a unique password for every site. This shouldn’t be seen as a fancy, additional security step, but a fundamental one to stop hackers getting into different accounts. When the most popular sites on the internet, and the ones that hold our most personal information, are being breached, proper password use is a must”.

4. Dailymotion: 85,200,000 records reports the hacking of this video sharing site, where 85.2 million email addresses were extracted, but only 18.3 million had associated passwords.

5. Philippines’ Commission on Elections (COMELEC):  55,000,000 records

This is the first non-website on the list. Trendmicro’s blog reports that hackers from Anonymous warned the Philippine government “not to mess with the elections,” and their entire database was stolen and posted online.

The reports on the leak also show that there was a “huge number of sensitive personally identifiable information (PII)–including passport information and fingerprint data–were included in the data dump.”

6. Turkish citizenship database: 49,611,709 records

Business Insider reports that the country’s Automated Voting System (AVS) had allegedly been hacked and leaked online. The hack looked to be politically motivated and put a strain on other countries’ sensitive data, such as the United States’ election information.

 7. Weebly: 43,000,000 records

TechCrunch reports that the web design platform was hacked in February, including usernames and passwords. Fortunately, they were encrypted. According to the site, “This is just the latest in a string of megabreaches. Yahoo recently revealed that data for 500 million users were stolen, and breaches of Dropbox, MySpace and Tumblr have all come to light this year.”

 8. 25,000,000 records

Millions of Russian emails were compromised in 2016. Zdnet reports that two hackers attacked three game-related forums hosted by the Russian e-mail service provider, including usernames, email addresses, scrambled passwords, birthdays and even some IP addresses.

 9. Telegram: 15,000,000 records

According to Venturebeat, this German-based instant messaging service was hacked by a group called Rocket Kitten.

The portal quotes independent cyber researchers claiming that the attacks “jeopardized the communications of activists, journalists and other people in sensitive positions in Iran.”

This is an important threat to mobile device security, as the company’s vulnerability lies on SMS text messages to activate new devices. “Armed with the codes, the hackers can add new devices to a person’s Telegram account, enabling them to read chat histories as well as new messages.”

 10. Mossack Fonseca: 11,500,000 records leaked

This is part of the infamous Panama Papers scandal, with shady information on anonymous offshore companies around the world. This Panamanian law firm was hacked of 2.6TB of data “on politicians, criminals, professional athletes,” including emails, contracts, scanned documents and transcripts.

The leaked data allowed journalists to compile lists of politicians, criminal and athletes involved in cases of corruption.

Worst Data Security Breaches of 2016

graph data breaches 2016

Source: Information is Beautiful

Even though this is just a shortlist, there is a load of reports of dumped data hacked by experts and amateurs. This shows not only the shortcoming of people’s personal online security, but all corporate data security gaps, and a headache for asset management.

Do you have a plan?

Is there any other security breach you recall? What is your company doing to prevent these leaks?

About the author

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.