This year is nearly gone, so if you are afraid to have missed the most remarkable breaches of 2013, you’d better browse the following chart.
It collects the most devastating breaches in terms of number of records affected, and has been drawn based on the data collected by Hackmageddon.com during this endless infosec year. Do you still believe the massive breach targeting Adobe has been an isolated case?
And The Winner Is…
July 2: the video game developer warns 58 million users that an intruder gained illegal access to some of its online systems, illegally accessing data from the account database, including user names, email addresses and encrypted passwords.
December 16: Hurriyet News reports that Russian hackers were able to obtain 54 million Turkish citizens’ ID data. The Turkey’s Supreme Election Committee initially shared the data with Political Parties, who kept the information in insecure websites, where it was easily accessed.
March 2: Evernote’s Operations & Security team discovers suspicious activity that appears to have been a coordinated attempt to access secure areas of the Evernote Service. As a precaution a massive password reset is implemented for 50 million users.
April 26: LivingSocial suffers a massive cyber attack on its computer systems, resulting in “unauthorized access to some customer data from our servers”. The hack affects customer names, emails, birthdates and encrypted passwords and impacts 50 million customers.
November 20: Brian Krebs reveals that an intrusion at online dating service Cupid Media earlier this year exposed more than 42 million consumer records, including names, email addresses, unencrypted passwords and birthdays.
December 19: Target Corp. confirms an unauthorized access to payment card data that may have impacted customers making credit and debit card purchases in its U.S. stores. Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013.
October 3: Adobe announces a massive breach affecting customer IDs and encrypted passwords for 2.9 million customers (initially). The real extent of the breach is 38 million, and also affects the source code of ColdFusion and Acrobat family
May 18: Yahoo! Japan Corp. warns its 22 million users to change their passwords after the detection of an unauthorized attempt to access the administrative systems.
December 9: unknown hackers leak a database of an estimated 20 million hotel reservations on multiple websites and even on WeChat, the popular messaging service.
May 28: Groupon Taiwan reveals to have suffered a cyber attack compromising usernames and passwords of its 4.1 million registered users. Apparently, the intruders did not access credit cards and financial details
December 1: the Maricopa County Community College District notifies, after seven months, 2.4 million students and employees that their academic or personal data were compromised in an April security breach.
June 25: South Korean officials reveal that unknown hackers were able to hack and release publicly personal details of more than 2 million South Korean ruling party workers and 40,000 U.S. troops, including those stationed in South Korea.
September 12: personal details of more than 2 million customers of Vodafone Germany are stolen from an Internal Database. Data includes names, addresses, bank account numbers and birth dates.
July 20: E-mail addresses, user names, and password data for every registered user of the Ubuntu Forums, estimated to be 1.82 million accounts, are exposed in a security breach after a hacker managed to gain administrative access to the back-end servers.
April 3: the world’s largest document sharing site Scribd says it was hacked and believes up to 1% of its 100 million users’ passwords were compromised due to being stored with an outdated hashing algorithm.
May 9: the Washington State Administrative Office of the Courts (courts.wa.gov) was hacked sometime between September 2012 and February 2013, and up to 160,000 SSN and 1 million driver’s license numbers may have been accessed during the data breach.
May 29: passwords for almost 1 million accounts on the Drupal.org website are reset after hackers gained unauthorized access to sensitive user data exploiting vulnerability in an undisclosed third-party application.
November 15: vBulletin.com notifies the registered users to change their password as a consequence of a sophisticated cyber attack, allowing the attackers to access customer IDs and encrypted passwords of 860,000 individuals.