Website data breaches are a very bad thing, and we’re not talking about the companies involved here. No, they’re a bad thing for you and me. That’s because even if hackers don’t get their hands on your account passwords, they can usually use the details gleaned from your profile to extrapolate your security questions and answers.
This year has been particularly bad. Just last week, photo-sharing website Imgur was hacked, exposing 1.7 million user accounts. And the company only just found out about this hack, which seems to have taken place back in 2014. So we’ve put together a list of some of the worst data breaches that went down in 2017, and you’d better hope you’re account is not on any of those items.
ALSO READ: Better Safe Than Sorry: 13 Common Ways To Secure Your Phone, PC & Yourself To Stay Safe Online
1. Aadhaar
Earlier in November 2017, an RTI revealed that private and personal details of several Aadhaar users were publicly available for anyone to see on over 210 central and state government websites, according to a PTI report. The leaked Aadhaar database displayed “the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public”, UIDAI said. The breach has since been plugged, thanks to security audits conducted by UIDAI. But this is another alarm bell ringing off in the face of Aadhaar, questioning the security credentials of its database.
REUTERS
2. Yahoo
In December 2016, Yahoo reported more than 1 billion user account details were stolen in a breach dating back to 2013. However, the problem was seriously underestimated. Just a few months after Verizon acquired the company, it came to light that every single one of Yahoo’s users were actually at risk from the breach — all three billion of them. Yet, investigations have still been unable to determine which group was behind the attack.
3. E-Sports Entertainment Association (ESEA)
ESEA, one of the biggest video game communities was breached in December last year, though they didn’t know what was stolen at the time. It was only later in January this year that details were uncovered. Over 1.5 million ESEA records were leaked in the incident, including private information like players’ real names, addresses, email accounts, birthdays, and phone numbers, as well as the IDs for their linked Steam, Xbox, and Playstation Network accounts.
4. IRS (Internal Revenue Service)
In March this year, the United States IRS revealed that the personal information of at least 100,000 taxpayers was stolen through their own data retrieval tool. Not only did the thieves get enough personal information to make it possible to steal more data in future, the agency also suspects that about 8,000 fraudulent returns were filed, processed, and returns issued, losing the United States $30 million.
5. Gmail
In May this year, Gmail users were had their accounts breached by a phishing scam using a third-party app. The malware would send an email made to look like a trusted contact wanted to share a Google Doc. Once clicked on, the user would be prompted to let the document manage their email account, using the real Google security page. An estimated 1 million users were affected in the single hour it took Google to take down the phishing scam.
DON’T MISS: 7 Simple Ways To Spot A Fake Website From A Real One And Stay Safe Online
6. Equifax
Equifax, one of the three largest credit agencies in the US, was breached in September this year, affecting at least 143 million customers. It’s considered one of the worst data thefts ever committed, because the attackers were able to get their hands on people’s driver’s license numbers and Social Security numbers. Neither of those is something a person can change, so they victims may be attempting to fend off scamsters for the rest of their lives.
7. Uber
Just earlier this month, ride-sharing service U6ber announced it had been breached last year. They said that 57 million Uber users and drivers were potentially affected by the data theft. However, instead of contacting authorities at the time, it appears the company instead paid off the hackers with a sum of $100,000, in order to keep the breach secret.