2013 Top 20 Breaches

This year is nearly gone, so if you are afraid to have missed the most remarkable breaches of 2013, you’d better browse the following chart.

It collects the most devastating breaches in terms of number of records affected, and has been drawn based on the data collected by Hackmageddon.com during this endless infosec year. Do you still believe the massive breach targeting Adobe has been an isolated case?

2013 Top 20 Breaches png
Top 20 Breaches of 2013. The extension of the sphere is proportional to the number of affected records.

And The Winner Is…


Ubisoft

200px-UbisoftJuly 2: the video game developer warns 58 million users that an intruder gained illegal access to some of its online systems, illegally accessing data from the account database, including user names, email addresses and encrypted passwords.


Turkey

TurkeyDecember 16: Hurriyet News reports that Russian hackers were able to obtain 54 million Turkish citizens’ ID data. The Turkey’s Supreme Election Committee initially shared the data with Political Parties, who kept the information in insecure websites, where it was easily accessed.


Evernote

200px-Evernote_logo.svgMarch 2: Evernote’s Operations & Security team discovers suspicious activity that appears to have been a coordinated attempt to access secure areas of the Evernote Service. As a precaution a massive password reset is implemented for 50 million users.


Livingsocial

01150cc8-44ee-4bbe-9143-5ef85f27144e-q60-pngApril 26: LivingSocial suffers a massive cyber attack on its computer systems, resulting in “unauthorized access to some customer data from our servers”. The hack affects customer names, emails, birthdates and encrypted passwords and impacts 50 million customers.


Cupid Media

Cupid logo.gifNovember 20: Brian Krebs reveals that an intrusion at online dating service Cupid Media earlier this year exposed more than 42 million consumer records, including names, email addresses, unencrypted passwords and birthdays.


Target

150px-Target_logo.svgDecember 19: Target Corp. confirms an unauthorized access to payment card data that may have impacted customers making credit and debit card purchases in its U.S. stores. Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013.


Adobe

200px-Adobe_Systems_logo_and_wordmark.svgOctober 3: Adobe announces a massive breach affecting customer IDs and encrypted passwords for 2.9 million customers (initially). The real extent of the breach is 38 million, and also affects the source code of ColdFusion and Acrobat family


Yahoo! Japan

Yahoo_Japan_logoMay 18: Yahoo! Japan Corp. warns its 22 million users to change their passwords after the detection of an unauthorized attempt to access the administrative systems.


China

chinaDecember 9: unknown hackers leak a database of an estimated 20 million hotel reservations on multiple websites and even on WeChat, the popular messaging service.


Groupon Taiwan

230px-Groupon_logo.svgMay 28: Groupon Taiwan reveals to have suffered a cyber attack compromising usernames and passwords of its 4.1 million registered users. Apparently, the intruders did not access credit cards and financial details


Maricopa County Community College

MaricopaDecember 1: the Maricopa County Community College District notifies, after seven months, 2.4 million students and employees that their academic or personal data were compromised in an April security breach.


South Korea

South KoreaJune 25: South Korean officials reveal that unknown hackers were able to hack and release publicly personal details of more than 2 million South Korean ruling party workers and 40,000 U.S. troops, including those stationed in South Korea.


Vodafone Germany

200px-Vodafone_logo.svgSeptember 12: personal details of more than 2 million customers of Vodafone Germany are stolen from an Internal Database. Data includes names, addresses, bank account numbers and birth dates.


Ubuntuforums.org

200px-Ubuntu_logo.svgJuly 20: E-mail addresses, user names, and password data for every registered user of the Ubuntu Forums, estimated to be 1.82 million accounts, are exposed in a security breach after a hacker managed to gain administrative access to the back-end servers.


Scribd

200px-Scribd_logo.svgApril 3: the world’s largest document sharing site Scribd says it was hacked and believes up to 1% of its 100 million users’ passwords were compromised due to being stored with an outdated hashing algorithm.


Washington State Courts

Washington CourtsMay 9: the Washington State Administrative Office of the Courts (courts.wa.gov) was hacked sometime between September 2012 and February 2013, and up to 160,000 SSN and 1 million driver’s license numbers may have been accessed during the data breach.


Drupal

220px-Drupal-wordmark.svgMay 29: passwords for almost 1 million accounts on the Drupal.org website are reset after hackers gained unauthorized access to sensitive user data exploiting vulnerability in an undisclosed third-party application.


vBulletin

270px-VBulletin.svgNovember 15: vBulletin.com notifies the registered users to change their password as a consequence of a sophisticated cyber attack, allowing the attackers to access customer IDs and encrypted passwords of 860,000 individuals.


MacRumors

MacRumorslogoNovember 11: MacRumors notifies the forum users to change their password as a consequence of a cyber attack. The number of affected users is in theory 850,000.


Walla!

200px-Walla_logo.svgFebruary 14: The Anonymous hack Walla! (walla.co.il) an Israeli portal and dump 600.000 accounts on pastebin.


Leave a Reply

%d bloggers like this: