The 10 Biggest Data Breaches of 2018

10. Ticketfly — 27 million

11. Ticketfly — 27 million

What was affected: Personal information including names, addresses, email addresses, and phone numbers.When it happened: Late May 2018

How it happened: A hacker called “IsHaKdZ” compromised the site’s webmaster and “gained access to a database titled ‘backstage,’ which contains client information for all the venues, promoters, and festivals that utilize Ticketfly’s services.”

9. Chegg — 40 million

9. Chegg — 40 million

What was affected: Personal data including names, email addresses, shipping addresses, and account usernames and passwords.When it happened: April 29, 2018 — September 19, 2018

How it happened: According to Chegg’s SEC filing: “An unauthorized party gained access to a Company database that hosts user data for and certain of the Company’s family of brands such as EasyBib.”

8. Google+ — 52.5 million

8. Google+ — 52.5 million

What was affected: Private information on Google+ profiles, including name, employer and job title, email address, birth date, age, and relationship status.When it happened: 2015 — March 2018, November 7 — November 13

How it happened: Earlier this year, Google announced it would be shutting down Google+ after a Wall Street Journal report revealed that a software glitch caused Google to expose the personal profile data of 500,000 Google+ users. Then again in December, Google revealed it had experienced a second data breach that affected 52.5 million users. Google has now decided it will shut down Google+ for good in April 2019.

7. Cambridge Analytica — 87 million


What was affected: Facebook profiles and data identifying users’ preferences and interests.When it happened: 2015

How it happened: An personality prediction app called “this is your digital life,” developed by a University of Cambridge professor, improperly passed on user information to third parties that included Cambridge Analytica, a data analytics firm that assisted President Trump’s presidential campaign by creating targeted ads using millions of people’s voter data.

Only 270,000 Facebook users actually installed the app, but due to Facebook’s data sharing policies at the time, the app was able to gather data on millions of their friends.

6. MyHeritage — 92 million


What was affected: Email addresses and encrypted passwords of users who have signed up for the service.When it happened: October 26, 2017

How it happened: “A trove of email addresses and hashed passwords were sitting on a private server somewhere outside of the company.

5. Quora — 100 million

5. Quora — 100 million

What was affected: Account info including names, email addresses, encrypted passwords, data from user accounts linked to Quora, and users’ public questions and answers.When it happened: Discovered in November 2018

How it happened: A “malicious third party” accessed one of Quora’s systems

4. MyFitnessPal — 150 million

4. MyFitnessPal — 150 million

What was affected: Usernames, email addresses, and encrypted passwords.When it happened: February 2018

How it happened: An “unauthorized party” gained access to data from user accounts on MyFitnessPal, an Under Armour-owned fitness app.

3. Exactis — 340 million


What was affected: Detailed information compiled on millions of people and businesses including phone numbers, addresses, personal interests and characteristics, and more.

When it happened: June 2018How it happened: A security expert spotted a database “with pretty much every US citizen in it” left exposed “on a publicly accessible server,” although it’s unclear whether any hackers accessed the information

2. Mariott Starwood hotels — 500 million

2. Mariott Starwood hotels — 500 million

What was affected: Guest information including phone numbers, email addresses, passport numbers, reservation dates, and some payment card numbers and expiration dates.When it happened: 2014 — September 2018

How it happened: Hackers accessed the reservation database for Marriott’s Starwood hotels, and copied and stole guest information.

1. Aadhar — 1.1 billion


What was affected: Private information on India residents, including names, their 12-digit ID numbers, and information on connected services like bank accounts.When it happened: It’s unclear when the database was first breached, but it was discovered in March 2018.

How it happened: India’s government ID database, which stores citizens’ identity and biometric info, experienced “a data leak on a system run by a state-owned utility company Indane.” Indane hadn’t secured their API, which is used to access the database, which gave anyone access to Aadhar information.

Leave a Comment

Your email address will not be published. Required fields are marked *

five × one =