Wed. Sep 22nd, 2021

Data breaches are dangerous not just because of their effect on user privacy, but also because they may end up being the difference between the life and death of a company. The substantial financial, as well as image loss caused by a data breach, is a chasm not many companies can cross successfully.

Today, let’s take a look at the worst data breaches in history and their implications.

1. 2018 Marriott International: Compromised Servers

The hack behind this data breach—one of the more insidious ones in this list—started all the way back in 2014, when the servers of Marriot’s current Starwood brand were compromised. While Starwood was an independent entity back then, it was acquired by Marriot in 2016 along with its yet undiscovered compromised record servers.

This hack was especially troubling due to the nature of the data that was stolen. The leaked personal information of nearly 500 million customers included names, addresses, credit card numbers, phone numbers, and also rarer prizes for hackers such as passport numbers, travel locations, and personal travel dates of customers.

Amazon and Marriott Hotels data breaches, vulnerable SSDs, Apple Pay and more: it’s November’s security news round up.

Marriott International ended up facing a class-action lawsuit and saw an instant 5.6 percent drop in its net worth as a result of the breach. By early-2020, it had paid nearly $350 million in compensation to users whose data was exposed.

2. 2019 Facebook: Loose Ends in Security Protocols

In 2019, Facebook suffered from a couple of ludicrous security incidents that collectively exposed the vulnerability of the world’s largest social network.

The first part involved a leak of nearly 50 million Instagram user credentials online. The user data, stored in a plaintext file on a web server accessible by web tokens, was nothing but easy pickings for the sophisticated hacker groups that Facebook is usually targeted by.

The next data breach—a more intricate one—saw more than 540 million records of Facebook users publicly exposed on Amazon’s cloud computing service. Two third-party sites (‘At the Pool’ and ‘Cultura Colectiva’) stored user information linked to their Facebook accounts in unprotected databases on Amazon’s web servers.

This meant that someone trying to access At the Pool or Cultura’s database would inadvertently gain access to Facebook data through a security loophole. The exposed databases contained personal phone numbers, Facebook IDs, and passwords, as well as sensitive demographic information such as gender and sexual orientation.

Along with a slight dip in Facebook’s stock market performance, the news of 2019’s data breach debacles worsened public opinion of Facebook and fuelled government investigations into how the company handles its user data.

3. 2019 First American Financial Corporation: Data Up for Grabs

In this data breach that was caused by an authentication loophole, nearly 885 million financial records were leaked in total.

Put simply, First American stored its users’ sensitive records by using unique and hard-to-guess weblinks. There was no password protection or encryption of data whatsoever. If you had the time and resources to guess a web link, you could gain instant access to a record on the company’s servers. Hackers, by automating the process of generating these weblinks—which followed a certain pattern—managed to gain access to nearly all of First American’s customer information.

This data breach is especially infamous for the sensitivity of the data that it leaked. In the breach, hackers gained access to bank statements, mortgage and tax records, social security numbers, and driver’s license images.

As a result of the data breach, the company not only lost a good amount of its consumer base but was also on the receiving end of a class-action lawsuit. Currently, it is also being investigated by regulators for violations of laws that require banks and other financial services companies to implement and maintain cybersecurity protocols.

Leave a Reply

Your email address will not be published. Required fields are marked *