Massive hacks and leaks are the most important cyberscurity problem. During the last years there has been plenty of them, and today in this post we show you the list of the TOP10 breaches of all time. The source for this information is the site Have I been pwned?, a very interesting tool that reveals if your email accounts has been hacked in one of these massive leaks.
1. MySpace (359.420.698 accounts)
The social network MySpace suffered this breach, the largest of all time, in 2008, but it wasn't until 2016 all the data stolen was offered up for sale on a dark market website. The data included email adresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt.
2. NetEase (234.842.089 accounts)
This Chinese site suffered the massive attack on October 2015. The data breach contains email adresses and passwords. The singularity of this case is that being from China it's been very difficult to verify due to the chinese government restrictions.
3. Linkedin (164.611.595 accounts)
This case is similar to the MySpace one. The original hack was in 2012 but it wasn't until 2016 when the data was leaked and was also offered up for sale on the deep internet. The passwords stolen were stored as SHA1 hashes without salt, but the majority of them were quickly cracked in the days following the release of the data.
4. Adobe (152.445.165 accounts)
More than 150 millions Adobe's accounts were breached in October 2013, containing all of them an internal ID, email, username, encrypted password and a password hint in plain text. All these passwords were easily cracked days after the breach, which compromise the Adobe's users privacy.
5. Badoo (112.005.531 accounts)
The legitimacy of this hack could not be emphatically proven, so for the moment this breach is categorised as unverified despite many indicators suggest Baddo did suffer it. The data, stolen several years before it was leaked, contained 112 million email adress with personal data including names, birthdates and passwords.
6. VK (93.338.602 accounts)
This Russian social media was also hacked in 2012, but it wasn't until 2016 when almost 100 million of its accounts were exposed. Names, phone numbers, emails, adresses and passwords were sold in the dark market.
7. Rambler (91.436.280 accounts)
Rambler is another Russian website, in this case similar to Yahoo. Data of 90 million accounts was discovered being traded online (including usernames, emails and passwords), supposed to be from 2014.
8. Dropbox (68.648.009 accounts)
Another attack suffered by one of the Internet's giants. It happened in 2012, when a data breach exposed tens of millions of their costumers. All this data was traded online, and it included emails and passwords. It's fair to say that in August 2016, Dropbox forced password resets for customers they believed may be at risk.
9. Tumblr (65.469.298 accounts)
In this case the attack occured in 2013, but the modus operandi was the same: the data breach exposed 65 million Tumblr accounts and its data was put up for sale on a dark market webiste, including email adresses and passwords.
10. Modern Bussiness Solutions (58.843.488 accounts)
This one is a very recent breach. In October 2016, a large file containing tens of millions of accounts (now removed) was shared publicly on Twitter. This database contained over 60 million unique email adresses along with IP adresses, names, home adresseses, genders, job titles, dates of birth and phone numbers. Scary. All this data is attributed to Modern Bussiness Solutions, a company that provides data storage and database hosting solutions and hasn't explained yet how they came to be in possession of the data leaked. Even scarier.