Factors such as increased connectivity and improved monitoring tools contribute to the record-breaking number of data breaches in 2018. However, the biggest contributor by far has to be the brazen ambition of hackers. That is, the counts aren’t getting bigger just because we’re getting better at counting breaches — the scope of cyberattacks has increased as well, with each major assault affecting hundreds of thousands to millions of users. Here are some of the biggest attacks that happened in 2018.
Facebook (29 million users affected)
When it occurred: July 2017 to September 2018
What happened: Hackers were able to take advantage of vulnerabilities in Facebook’s programming. These let them obtain “access tokens” — digital keys that granted them complete access to users’ accounts — and copied tons of user data.
What was compromised: Contact information, locations, relationship statuses, recent searches, and other highly sensitive data
Chegg (40 million users affected)
When it occurred: April 29, 2018 to September 19, 2018
What happened: An unauthorized party infiltrated a company database that contained user data for chegg.com, an educational technology company that helps students accomplish their homework, save on textbooks via rentals, and find internships.
What was compromised: Real names, account usernames and passwords, email addresses, shipping addresses
Google+ (52.5 million users affected)
When it occurred: November 7–13, 2018
What happened: Earlier in 2018, a software glitch exposed the personal profile data of half a million users. Another bug revealed sensitive information of over 50 million users last November, prompting the tech giant to shut down its social media platform earlier than initially announced — from August 2019 to April 2019.
What was compromised: Email addresses, names, ages, and occupations, among others
Quora (100 million users affected)
When it occurred: November 2018
What happened: According to the knowledge-sharing company, one of its systems was broken into by a “malicious third party” that may have compromised users’ account information.
What was compromised: Account information (e.g., names, email addresses, and encrypted passwords), users’ public questions and answers, and data from user accounts that are connected to Quora
MyFitnessPal (150 million users affected)
When it occurred: February 2018
What happened: An infiltrator accessed user account data on the MyFitnessPal app.
What was compromised: Account credentials, namely usernames, email addresses, and passwords
Exactis (340 million users affected)
When it occurred: June 2018
What happened: A cybersecurity expert found a database with minute details about nearly every US citizen in it on a publicly accessible server owned by marketing and data aggregation firm Exactis. It is not known if hackers were able to access the database, though according to the expert, it was likely to have happened.
What was compromised: Personally identifiable information ranging from contact details to personal interests and habits
Marriott Starwood Hotels (500 million users affected)
When it occurred: 2014 to September 2018
What happened: Cybercriminals hacked into the reservation database of the hotels and stole guest information.
What was compromised: Guest information such as reservation dates, payment card numbers (along with their expiration dates), passport numbers, and contact information
Aadhar (1.1 billion users affected)
When it was discovered: March 2018
What happened: Aadhar — India’s national ID database — suffered a data leak. A state-owned utility company called Indane did not secure their database-accessing API, thereby allowing anyone access to information held by Aadhar.
What was compromised: Identity and biometric information used by Aadhar members to open bank accounts, access basic government services (such as utilities), and receive financial assistance or aid from the state they live in
Cybersecurity is no laughing matter, especially when hackers pilfer your funds or ruin the reputation of your business. Arm your business with the best defense — contact our experts at USWired today.