Have Your Been Breached? 10 Data Breaches in the Last 10 Years

/

Data Breaches are unfortunately fairly common and will not be a thing of the past for a long while.

Check for yourself at https://haveibeenpwned.com to see if you have been impacted by any reported data breaches.

Were you impacted by any of these breaches? What are some of the breaches we don’t have listed here that you were impacted by? See more websites/services that have been breached at https://haveibeenpwned.com/PwnedWebsites.

Some Tips to Follow

  • Change your password for the impacted service immediately

  • If you are using that password for any other service change the password for that account as well.

  • Don’t use the same password across the accounts or even slight variations.

  • Use a trusted password manager for your passwords.

  • Remove all personal identifying information you can from the account, especially billing information.

1.       Zynga – Sep 2019

Do you or have you played Words with Friends, Farmville, Draw Something? Then you might be caught up in the information accessed due to an unpatched vulnerability in discovered in September of 2019. Information gained for the 173 million accounts included Dates of birth, emails, IP Addresses, Passwords (stored as slated SHA-1 hashes) and Usernames.

2.       MyFitnessPal – Feb 2018

The popular fitness, diet and exercise tracking app MyFitnessPal suffered a data breach back in February of 2018 that wasn’t apparent until February 2019 when the data surfaced for purchase. Just shy of 144 million accounts were compromised with information such as emails Ip Addresses, passwords (stored as SHA-1 and bcrypt) and usernames collected.

3.       LinkedIn – 2012/2016

In May 2016, over 164 million sets of emails and passwords for LinkedIn users surfaced to be purchased after it had been breached. However, the breach didn’t happen in 2016, it had occurred 4 years prior in 2012. The passwords were stored as SHA1 hashes without salt, the majority of which were cracked in the days following the release.

4.       Canva – May 2019

The popular online graphic design tool was breached in May of 2019 and over 137 million subscribers had their data exposed. The types of data exposed included, emails, usernames, Full Names, cities of residence and passwords stored as bcrypt hashes.

5.       Ancestry – November 2015

A slightly different breach for an Ancestry service known as Rootsweb happened back in November 2015 when over 300,000 emails and plain text passwords were collected. However, the data didn’t surface for purchase, the document containing all the information was identified in December of 2017 alerting them to the breach.

6.       Bitly - May 2014

In May 2014, Bitly announced that they had suffered a breach and over 9.3million accounts had their data collected. The information included emails, usernames and hashed passwords, most using SHA1 with a small number using bcrypt.

7.       CD Projekt RED – March 2016

Polish Game developer CD Projekt RED (known for The Witcher Series and Cyber Punk 2077) suffered a breach in March of 2016. The breach was against the data for their forum and included information like usernames, emails and salted SHA1 passwords for just shy of 1.9 million accounts.

8.       Dubsmash – Dec 2018

Video Messaging service Dubsmash suffered a data breach in December 2018. 162 million unique emails, usernames and PBKDF2 password hashes and more details were exposed and the data surfacing for sale in early 2019. This data surfaced for sales at the same times as MyFitnesspal.

9.       Kickstarter  - Feb 2014

Kickstarter announced in 2014 that it had suffered a data breach with almost 5.2 million emails, usernames and salted SHA1 hashes for passwords exposed. This data breach surfaced alongside the Bitly information and a few other companies.

10.   Equifax - Sep 2017

Possibly the most reported on data breach in the last few years, the Equifax data breach resulted in potentially 143 million US consumers having their personal data exposed. The data was collected over 76 days with many human errors to blame. Unpatched systems and lapsed security certificates were among the many problems identified when Equifax started digging deeper into their systems.