In December 2018, New York-based video messaging service Dubsmash experienced a massive data breach with 162 million email addresses, usernames, PBKDF2 password hashes, and other personal data stolen. This stolen information was then put up for sale on the Dream Market dark web market in the following December. The compromised data was part of a larger dump that also included companies like MyFitnessPal, MyHeritage, ShareThis, Armor Games, and dating app CoffeeMeetsBagel.
Dubsmash acknowledged the breach and advised users to change their passwords as a precaution. However, the company did not disclose how the attackers gained access to their systems, nor did they confirm the exact number of users affected by the breach.
One of the most significant data breaches in recent years involved Adobe in October 2013, where 153 million user records were compromised. Initially, Adobe reported that hackers had stolen almost three million encrypted customer credit card records and login data. Eventually, it was revealed that more than 150 million username and hashed password pairs were taken from Adobe in this breach. The hack exposed customer names, passwords, and financial information, leading to a settlement in 2015 where Adobe paid $1.1 million in legal fees and an undisclosed amount to users affected by the breach.
Another major data breach occurred in December 2023, involving background checking firm National Public Data. This breach exposed the personal information of 270 million people, including social security numbers, names, addresses, emails, and phone numbers. The stolen data was made available on the dark web by a hacking group in April 2024 and later leaked onto a cybercrime forum in July 2024. The breach only became public knowledge after a class action was filed in August 2024, prompting National Public Data to advise customers to monitor their financial accounts closely for any unauthorized activity.
Equifax, a prominent credit reference agency, suffered a data breach in 2017 affecting 159 million records. Attackers exploited a web security vulnerability in Equifax’s systems, compromising the personal information of millions of US and UK citizens. The breach exposed names, social security numbers, birth dates, addresses, driver’s licenses, and credit card data. Equifax faced numerous lawsuits and government investigations following the breach, costing the company an estimated $1.7 billion in damages.
In 2014, online marketplace eBay experienced a breach that affected 145 million user accounts. Cybercriminals gained access to eBay’s systems by compromising employee login credentials, exposing sensitive personal information such as encrypted passwords, email addresses, mailing addresses, phone numbers, and dates of birth. eBay responded to the breach by implementing a forced password reset for all users.
These high-profile data breaches highlight the ongoing challenges faced by companies in protecting their users’ personal information and the importance of implementing robust security measures to prevent such incidents in the future.