The biggest and worst breaches of 2019
February 3, 2020Last year, hackers didn’t just hack – they also collected billion-account databases from breaches and leaks that had occurred years ago, only to sell them for profit. However, eight breaches were really shocking and affected millions of people worldwide.
“With so many breaches and leaks in 2019, it’s possible that your email address or other details ended up in the wrong hands. You can check whether your email was in one of the databases by going to Have I Been Pwned,” says Daniel Markuson, a digital privacy expert at NordVPN. “You can also check whether your password has leaked and might be used in a credential stuffing attack by visiting NordPass and checking if your password is secure.”
American Medical Collection Agency (11.9 million + 7.7 million). This breach affected not one but two lab testing companies. First, Quest Diagnostics was notified that someone had unauthorized access to AMCA’s databases for eight months. The hack affected almost 12 million of their customers. Hackers got access to very personal information such as credit card numbers, bank account information, medical information, and Social Security numbers. Then there was LabCorp, another company whose customers were affected by this breach. Almost 8 million customers’ personal and financial data was compromised.
Suprema (27.8 million). This security loophole left 27.8 million people’s biometric data exposed. Suprema is a security company responsible for the web-based Biostar 2 biometrics lock system. The system is used by almost 6,000 organizations in 83 countries, including governments and banks. Biostar uses fingerprints and facial recognition to allow employees into restricted buildings and areas. Security researchers from VPNmentor found that the Biostar database was left unprotected and largely unencrypted. Worst of all, they got access to tons of sensitive information.
Houzz (48.9 million). Houzz, a home design website, started the year announcing a breach in which hackers got unauthorized access to its customers’ publicly available information, as well as usernames and encrypted passwords. The company noticed the breach at the end of 2018 and was pretty vague about it in their public statements. However, ITRC reported that the hack affected almost 49 million Houzz customers.
Capital One (106 million). In July, Capital One announced that they suffered a massive data breach affecting 100 million Americans and 6 million Canadians. The hacker accessed credit card applications made between 2005 and 2019. They contained personal data including names, home addresses, email addresses, dates of birth, etc. What makes this one of the worst breaches of 2019 is that some bank numbers and social security numbers also ended up in the hands of the hacker.
Zynga (218 million). If you’ve ever played online games such as “Words with Friends” or “Draw Something,” you should be worried because their creator, Zynga, was breached in 2019. The hack affected a whopping 218 million users. Bad actors accessed log-in credentials, usernames, email addresses, some Facebook IDs, some phone numbers, and Zynga account IDs.
Facebook (419 million). A security researcher at the GDI Foundation found an unprotected server with a database containing approximately 419 million phone numbers belonging to Facebook users. The database was available to anyone, and it also included Facebook IDs, which makes finding user’s names and personal details even easier. The owner of the server wasn’t found, but the database was taken down shortly after it was discovered.
Collection by Gnosticplayers (1 billion+). This isn’t a breach per se as much as it is a collection of breaches affecting more than 1 billion internet users. A hacker who calls himself Gnosticplayers collected databases from 45 companies and put them up for sale on the dark web. These batches contained data such as users’ full names, email addresses, passwords, location data, and social media account information. The companies whose data was released includes Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), Animoto (25 million), 500px (15 million), CoffeeMeetsBagel (6 million), and more.
Collections #1-5 (3 billion). Collections #1-5 were probably the biggest leaks of 2019. They contained usernames and passwords collected over many years of breaches. These batches appeared on hacking forums and were noticed by security researcher Troy Hunt, who identified the link between them all and informed the public. The first batch was released in January and contained the data of 770 million people. Then, a few weeks later, Collections #2-5 appeared on the internet. They contained 25 billion unique records and roughly 2.2 billion unique usernames and passwords, making this one of the most significant leaks to date.