IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The worst hacks of all time

Yahoo, LinkedIn, Facebook, here is a quick guide to some of the biggest data breaches in history

Yahoo! sign on top of a gray building

Data breaches have become all too common. Not a week goes by without news of some company or organization learning they cyber criminals have hacked them. 

The breaches often compromise people's Social Security numbers, bank account numbers, email and physical addresses, credit cards, and other data. Such data theft leaves people open to issues such as identity theft.

Here are some of the worst hacks of all time.

1. Yahoo

Number of people affected: 3 billion

By far the worst hack of all time happened to Yahoo in 2013 when hackers compromised around 3 billion people’s data. 

At the time, the figure was reported as just 500 million, still enough to make it the biggest hack in history. However, it would be another four years before Yahoo admitted the figure was closer to 3 billion. 

The hacked data included names, email addresses, phone numbers, dates of birth, encrypted passwords, and unencrypted security questions. 

The person responsible for the hack was Karim Baratov. He was later given five years in prison and had to pay the victims restitution and $2.25 million in fines. For its part, Yahoo had to pay out $50 million in damages and offer free credit monitoring services to millions of its users.

2. Marriott

Number of people affected: 383 million

The Starwood group of hotels, which includes Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft, and St. Regis, had been compromised sometime in 2014. This was before the Marriott Hotel group acquired it in 2016. It wasn’t until 2018 that Marriot found evidence of a breach through an internal investigation. 

This meant for four years, the company had been the victim of a hacking campaign on Starwood’s reservation system. Cyber criminals exploited an unpatched vulnerability to hack the system.

While it was initially thought the hack affected 500 million people, this final number was 383 million. The hackers stole names, addresses, phone numbers, credit card information, email addresses, and unencrypted passport numbers.

The UK’s Information Commissioner’s Office (ICO) fined the Marriott chain £99 million ($135.95 million). The ICO said that Marriott  ``failed to undertake sufficient due diligence" during the acquisition and missed the vulnerability as a result. 

3. Facebook

Number of people affected: 533 million

Related Resource

HP Wolf Security: Threat insights report

Equipping security teams with the knowledge to combat emerging threats

Skyscrapers from belowFree download

In April 2021, a hacker published 533 million users’ details on a low-level hacking forum. The data contained phone numbers, Facebook IDs, full names, previous locations, birth dates, relationship status, and biographies. It also includes some of their email addresses.

Facebook said the issue stemmed from a vulnerability it patched in 2019, so technically, the data was scraped from the website. 

Alon Gal, chief technology officer of cyber crime intelligence company Hudson Rock, said in a tweet the data would still be of interest to cyber criminals. 

4. LinkedIn

Number of people affected:  500 million

The scraped data of over 500 million LinkedIn profiles was put up for sale on a popular hacker forum in April 2021. The The hacker had already leaked two million records as proof of the existence of the much larger data treasure trove, according to reports by Cybernews

The data included  LinkedIn IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, and professional titles.

A spokesperson for LinkedIn said the posted data appeared to “include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies.”

5. Equifax

Number of people affected: 143 million

In 2017, Equifax disclosed personal information of more than 145 million people was compromised. While the breach was big, what stood out was the quality of the data hackers harvested.

In addition to full names, dates of birth, and addresses, some victims also had drivers' license numbers, credit card information, and Social Security numbers stolen.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Recommended

SOC modernisation and and the role of XDR
Whitepaper

SOC modernisation and and the role of XDR

16 Mar 2023
Analysing the economic benefits of Trend Micro Vision One
Whitepaper

Analysing the economic benefits of Trend Micro Vision One

16 Mar 2023
More than a number: Your risk score explained
Whitepaper

More than a number: Your risk score explained

16 Mar 2023
The IT manager's guide to getting home in time for dinner
Whitepaper

The IT manager's guide to getting home in time for dinner

15 Mar 2023

Most Popular

The big PSTN switch off: What’s happening between now and 2025?
Sponsored

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
HMRC lost nearly 50% more devices in 2022
Hardware

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
Why – and how – IP can be the hero in your digital transformation success story
Sponsored

Why – and how – IP can be the hero in your digital transformation success story

6 Mar 2023