When security is compromised, the ramifications for the business involved can be significant. As a result, it pays to learn lessons from the past mistakes of others and try not to repeat them.
With that in mind, here are some of the most serious and highly publicised breaches in the history of the web, each of which has had a major impact on data security strategies.
Yahoo
In terms of the sheer number of users impacted, first place in this list goes to Yahoo by a significant margin. Two breaches in 2013 and 2014 saw the details of three billion people exposed.
The true scope of this debacle was not revealed until late 2017, although Yahoo had initially admitted to being successfully targeted by cybercriminals a year earlier.
It is not just the scope of this incident which is problematic, but the type of data that was stolen. Names, phone numbers, dates of birth and other sensitive details ended up on the black market.
The growth of penetration testing service companies like Fidus Information Security reflects the ever-increasing issue and isn’t a surprise with such mammoth breaches happening every day. Unfortunately it has not stemmed the rise of cyber attacks, which impact every industry from finance to manufacturing.
FriendFinder Network
Although the 412 million accounts that were compromised in the attack on the FriendFinder Network in 2016 may seem small in comparison with Yahoo’s three billion, it is enough to rank it as the second biggest breach of the internet age.
Email addresses and passwords were pilfered across a number of the sites own by the company, with data from more than two decades of its operations included in the haul.
Experts were critical of the lax security measures that were in place, which meant that breaking the basic encryption on the login details was straightforward. And given that the various FriendFinder sites had a reputation built on discretion and trust, it was a major blow to the brand.
MySpace
This case is a little less clear cut than the others, but in 2016 a data dump of historic information stolen from outdated social media site MySpace appeared online.
Experts determined that around 360 million accounts were impacted, with the usernames and passwords littered with nods to mid-2000s pop culture.
The implication was that the attack itself had taken place more than a decade earlier, but had remained unreported and perhaps even undetected for many years.
The fact that MySpace has faded into irrelevance in the intervening period is perhaps the only reason that this breach did not get wider attention, or stir up more criticism.
An embarrassing data breach for LinkedIn which occurred in 2012 was initially claimed to involve around 6.5 million accounts. This was later revised upwards to the much higher figure of 165 million, of which around 117 million included passwords.
As with many of the other organisations on this list, LinkedIn faced complaints because it did not admit to the true size of the breach for several years.
The knock-on effect of this attack was felt in other parts of the internet, with sites and service providers calling on customers to change their passwords to avoid hackers using them to log in and behave maliciously.
Equifax
One of the most recent of the high profile breaches to have been suffered by a website occurred in 2017. Equifax lost info on 145 million people, with everything from domestic addresses to driver’s license data being harvested by attackers.
With all of this information it is entirely possible to steal someone’s identity and do almost anything, up to and including applying for a mortgage. It took the company almost a month and a half to admit to the hack, which is faster than some of its contemporaries but still slow enough to raise concerns amongst commentators and customers.
eBay
Auction site eBay unintentionally allowed 145 million user accounts to be compromised in 2014. And the means by which cybercriminals gained access was particularly embarrassing, as they used employee logins without detection for more than seven months.
No financial information was taken, but customers did have to change their passwords. So compared with the Equifax breach, this is less serious but no less damaging to eBay’s reputation. Hopefully these incidents will force other businesses to invest more heavily in security going forwards.
