As a leading Managed Service Provider (MSP), IT Partners is committed to keeping you informed and prepared in the face of ever-evolving cyber threats. It’s not just about reactive measures—understanding the landscape of data breaches is a crucial part of proactive cybersecurity.
We present the top five biggest data breaches, collected from the I Been Pwned database, a leading source for data breach information.
Top 5 Data Breaches
Last updated: May 3, 2024
Collection #1
Description: In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.
Accounts breached: 772,904,991
Verifications.io
Description: In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.
Accounts breached: 763,117,241
Onliner Spambot
Description: In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.
Accounts breached: 711,477,622
Data Enrichment Exposure From PDL Customer
Description: In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
Accounts breached: 622,161,052
Exploit.In
Description: In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.
Accounts breached: 593,427,119
Collected from the I Been Pwned database, a leading source for data breach information.
Why Should You Care About These Breaches?
At IT Partners, we emphasize the importance of these breaches to heighten your awareness of the risks faced by businesses like yours. By comprehending the impact of data breaches, you can proactively implement robust security measures and protect your organization’s sensitive information.
If you seek further insights on data breaches and valuable guidance on safeguarding your business, we invite you to explore our comprehensive guide on data breaches.
To assess the strength of your email security, utilize the free email checker tool.
For personalized solutions and services tailored to your specific requirements, feel free to contact us today. Together, let’s fortify your cybersecurity defences and secure your business in the digital landscape.
Share This Post