10. Ticketfly — 27 million
How it happened: A hacker called “IsHaKdZ” compromised the site’s webmaster and “gained access to a database titled ‘backstage,’ which contains client information for all the venues, promoters, and festivals that utilize Ticketfly’s services.”
9. Chegg — 40 million
How it happened: According to Chegg’s SEC filing: “An unauthorized party gained access to a Company database that hosts user data for chegg.com and certain of the Company’s family of brands such as EasyBib.”
8. Google+ — 52.5 million
How it happened: Earlier this year, Google announced it would be shutting down Google+ after a Wall Street Journal report revealed that a software glitch caused Google to expose the personal profile data of 500,000 Google+ users. Then again in December, Google revealed it had experienced a second data breach that affected 52.5 million users. Google has now decided it will shut down Google+ for good in April 2019.
7. Cambridge Analytica — 87 million
How it happened: An personality prediction app called “this is your digital life,” developed by a University of Cambridge professor, improperly passed on user information to third parties that included Cambridge Analytica, a data analytics firm that assisted President Trump’s presidential campaign by creating targeted ads using millions of people’s voter data.
Only 270,000 Facebook users actually installed the app, but due to Facebook’s data sharing policies at the time, the app was able to gather data on millions of their friends.
6. MyHeritage — 92 million
How it happened: “A trove of email addresses and hashed passwords were sitting on a private server somewhere outside of the company.
5. Quora — 100 million
How it happened: A “malicious third party” accessed one of Quora’s systems
4. MyFitnessPal — 150 million
How it happened: An “unauthorized party” gained access to data from user accounts on MyFitnessPal, an Under Armour-owned fitness app.
3. Exactis — 340 million
What was affected: Detailed information compiled on millions of people and businesses including phone numbers, addresses, personal interests and characteristics, and more.
2. Mariott Starwood hotels — 500 million
How it happened: Hackers accessed the reservation database for Marriott’s Starwood hotels, and copied and stole guest information.
1. Aadhar — 1.1 billion
How it happened: India’s government ID database, which stores citizens’ identity and biometric info, experienced “a data leak on a system run by a state-owned utility company Indane.” Indane hadn’t secured their API, which is used to access the database, which gave anyone access to Aadhar information.