TECHNOFILE
The world ’ s biggest data breaches – have you ’ ve been targeted ?
As users of everyday online technology , we put our faith in various services that hold plenty of personal information and passwords . Tim Stackpool describes some of the biggest data breaches so far this century – and explains how to check if your details have been compromised
THE EXPERT
Tech expert Tim is the technology writer for Executive PA Media . He can be heard on talk radio in Australia and is a tech presenter who speaks at conferences and trade shows about technology ’ s impact on work and lifestyle .
Yahoo , August 2013 The company first publicly announced the incident ( which actually happened in 2013 ) in December 2016 . At the time , it estimated that the account information of more than a billion of its customers had been accessed by hackers . But a year later , Yahoo announced that the real figure was three billion . After investigation , it was discovered that the attackers only accessed account information like security questions and answers . Passwords , credit cards and bank data were not stolen .
Alibaba , November 2019 Over nearly a year , one developer working for an affiliate marketer ‘ scraped ’ customer data , including usernames and mobile numbers , from the Alibaba shopping website , Taobao . He used ‘ crawler ’ software that he created himself .
‘ Scraping ’ is a method of collecting data scattered across various parts of a service , rather than hacking an all-in-one goldmine file . Although the developer and his ‘ client ’ collected the information for their own use and did not sell it , both were sentenced to three years in prison by the Chinese authorities .
LinkedIn , June 2021 Networking giant LinkedIn saw data related to 700 million of its users posted on the dark web in June 2021 , impacting more than 90 % of its users . The hacker first published information from around 500 million customers and followed up by indicating they were selling the entire 700 million customer database .
LinkedIn argued that as no serious private personal data was exposed , the incident was more of a violation of its terms of service than an actual data breach . Note , however , that the ‘ hack ’ still contained information such as email addresses , phone numbers and genders that dark forces could use elsewhere .
Sina Weibo , March 2020 Sina Weibo is one of China ’ s largest social media platforms . In March 2020 , it announced that an attacker obtained a portion of its database , impacting 538 million users and their details including real names , site usernames , gender , location , and phone numbers . The attacker is reported to have then sold the database on the dark web for a measly $ 250 .
As with LinkedIn , the exposed data could be used to associate accounts to passwords if passwords are reused on other accounts . The company subsequently strengthened its security strategy .
Facebook , April 2019 In April 2019 , it was revealed that data from Facebook apps had been exposed to the public internet . The information related to more than 530 million Facebook users and included phone numbers , account names , employers and Facebook IDs . Two years later the information was openly published on the dark web .
Given the sheer number of phone numbers impacted as a result of the incident , security researcher Troy Hunt added functionality to his HaveIBeenPwned website that permits users to verify whether their phone number has been included in the exposed information .
Have you been compromised ? The quick way to check if your email , password or phone number has been revealed in any of these breaches is to visit haveibeenpwned . com .
The name is odd , and has a history of its own ( a story for another time ) but using the exhaustive lists of personal data that has been exposed online , that site allows you to quickly check whether your credentials are at risk . You can also explore where and how they may have been compromised , and what steps you should take to quickly secure your information online . S
30 Executive PA | Winter Issue 2022