Have you been hacked? The biggest data leaks of the last year

More than half of us reuse our passwords for different online services, according to 2018 research by Virginia Tech.

That means it can be seriously bad news if data leaks online in a hack or data breach, as hackers can then potentially use that data to access other accounts.

You’ll often be forced to change your password for that particular site after a breach, but you’re still at risk if that password has been used elsewhere.

If you’re worried, the website HaveIBeenPwned lets you check your email address against data which has been stolen and leaked online in data breaches.

If you find your email data has been leaked, make sure your password hasn’t been reused, particularly on your email account (as this can be used to give access to social media and shopping accounts by resetting the password).

You can also use HaveIBeenPwned to see how many times the password you use has been leaked in data breaches (if it’s commonly used, it’s more at risk from ‘brute force’ attacks by hackers, where machines ‘guess’ every possible password).

Here are some of the biggest breaches of the last couple of years.

Facebook

More

Facebook admitted to multiple incidents where data was left exposed in the past year, either via Facebook’s own service or via app developers who had access to Facebook data.

In one attack, hackers gained access to data from 29 million accounts, including information such as location and relationship status.

Data from Facebook accounts, including passwords, was left unsecured and exposed, including 540 million records with data such as Likes, account names and comments, researchers found earlier this year.

Another app developer left passwords unsecured, researchers from Upguard found.

WhatsApp

This week, WhatsApp warned that a vulnerability in its service could have left its 1.5 billion users exposed to hackers.

Attackers could place malicious code on a user’s device simply by making a call, the company admitted.

It has since fixed the vulnerability but users need to update their app to be safe.

Microsoft Email Services (Hotmail, MSN, Outlook)

More

Microsoft admitted in April 2019 that hackers had been able to access data from MSN, Hotmail and Outlook accounts, via Microsoft’s customer support portal.

Microsoft said that a ‘limited’ number of users had been affected, but recommended that users change passwords.

T-Mobile

Hackers accessed T-Mobile’s servers and stole data including personal data and passwords for up to two million users.

British Airways

More

Data including credit card details leaked from British Airways’ online services in late 2018, with up to 500,000 customers affected.

British Airways warned customers who had bought or amended bookings in August and September 2018 that their data may have been stolen.

Quora

The online question-and-answer service Quora admitted that a ‘malicious’ actor had gained access to data from up to 100 million user accounts in November 2018.

Story continues

Google Plus

Google’s social network Plus was abruptly closed down after a huge data breach in October 2018, affecting up to 52.5 million people’s personal information.

The flaw could have allowed apps to harvest information including email addresses, occupations, gender and age.

Houzz

Popular interior design app Houzz saw data for 49 million users leak in a large scale data breach which happened in mid-2018.

Users were warned that data including email addresses, locations and encrypted passwords had leaked in February 2019.

500px

The popular photo service admitted in February 2019 that data from 14.8 million users had leaked with full names, email addresses, birth dates and locations.

MyFitnessPal

The popular fitness and diet service suffered a data breach in 2018 which leaked 144 million email addresses along with usernames, IP addresses and encrypted passwords.

Verifications.io

The email address verification service admitted that data for customers had been left online, unsecured without a password.

Up to 763 million email addresses were left exposed.

Comments are closed.