This Corporate Data Breach Lasted 3 Years and Exposed 3 Billion Accounts

While every business hopes to protect and secure its data networks, sometimes, the worst-case scenario occurs, and a data breach takes place. Over the computer age, computer breaches have ranged in size and expense, ranging from just a few hundred leaks to tens of millions, if not hundreds of millions, of users affected. 

As awful as these data breaches are for those impacted, they’re also a public relations nightmare for companies that must focus on rebuilding customer trust. With the world moving toward everything digital, the likelihood of more breaches has unfortunately increased, not decreased, which makes the largest corporate data breaches in history a giant warning for the future. 

10. MySpace

• Date of breach: June 2013
• Number of customers impacted: 360 million accounts
• Type of breach: Unauthorized access
• What was stolen: Usernames, email addresses, dates of birth

More Than Just Tom’s Data

Having pivoted to a music-friendly site long ago, MySpace’s data breach was still among US history’s most significant and most concerning. Over 360 million user accounts were compromised and posted for sale on the dark web in 2016. The company confirmed that the stolen data was from before 2013, so it had already taken steps to update its security measures and notified all affected users to change their passwords. MySpace was not fined, and little legal action was taken. 

9. Friend Finder Networks

• Date of breach: November 2016
• Number of customers impacted: 412 million
• Type of breach: Unauthorized access
• What was stolen: 20 years worth of data 

The Adult Website Breach

Often going under the radar because of the nature of the business, Friend Finder Networks suffered one of the worst corporate data breaches in history. Over 412 million customers, including usernames, email addresses, membership details, and user activity, were affected. The company implemented stronger security measures and notified users to change their passwords. Ironically, the company was not fined, and its websites still report around 50 million monthly users. 

8. Marriott International

• Date of breach: September 2018
• Number of customers impacted: 500 million customers
• Type of breach: Database breach (guest reservation database) 
• What was stolen: Names, mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, credit card numbers

Worst Hotel Breach

Following an attack on its systems in September 2018, Marriott International (Starwood) indicated that they had been alerted that a database had received unauthorized access as far back as 2014. In 2018, the company decrypted the information and acknowledged it was a guest reservation database that had been affected. As a result, the company had to pay a $52 million fine through the FTC to 49 states and fines across the UK while promising to enhance security measures. 

7. Facebook

• Date of breach: April 2010
• Number of customers impacted: 533 million
• Type of breach: Unauthorized access, data scraping
• What was stolen: Facebook IDs, locations, profile details

Mega Meta Leak

This April 2019 breach accessed the data of more than 533 million Facebook customers and revealed information on over 530 million Facebook users. This data included phone numbers, Facebook IDs, and account names, all posted online for free in April 2021. Facebook was widely criticized for not publicizing the breach earlier, but little action was taken. Meta has committed to stronger security practices since the breach first became public. 

6. Sina Weibo

• Date of breach: March 2020
• Number of customers impacted: 538 million accounts
• Type of breach: Database hack
• What was stolen: Personal details including names, gender, location, phone numbers

Biggest Chinese Data Breach

China’s largest social media network, Sina Weibo, exposed data from more than 538 million users, with almost 90% of its users’ posts exposed online. China’s Ministry of Industry and Information Technology ordered Weibo to enhance its security measures, and the company indicated it strengthened security measures and was working with the appropriate Chinese authorities. 

5. LinkedIn

• Date of breach: April 2021
• Number of customers impacted: 700 million users
• Type of breach: Data scraping
• What was stolen: Names, phone numbers, geolocation records, details around linked social media accounts

“God User” Attack 

Known by the hacker handle “God User,” the April 2021 data breach was among the largest in corporate America, specifically for social media companies. Initially claiming to have data of around 500 million users, God User later claimed to expose more than 700 million users when the data was posted to the dark web in June 2021. LinkedIn was hit with a $335 million fine by the European Union for the breach. Still, only $1.25 million was paid to victims in the U.S., or $50 per user, while enhancing security measures was a commitment LinkedIn had to make good on. 

4. First American Financial Corporation 

• Date of breach: May 2019
• Number of customers impacted: 885 million records
• Type of breach: Unauthorized access
• What was stolen: Bank account details, bank statements, mortgage payments, Social Security numbers

Giant Real Estate Mess

Taking place in May 2019, First American Financial Corporation, a well-known real estate title insurance company, suffered a significant data leak. This resulted from poor website design and security measures. Still, it didn’t involve hacking but did allow access to bank account information, including statements, mortgage documents, Social Security numbers, and driver’s licenses. The company was fined $1 million for violating cybersecurity laws, ignoring potential red flags, and individual lawsuits. 

3. Alibaba 

• Date of breach: November 2019
• Number of customers impacted: 1.1 billion
• Type of breach: Data scraping
• What was stolen: Usernames, phone numbers, general customer data

Biggest Chinese Breach

Impacting the lives of over 1.1 billion users over 8 months, Alibaba suffered a significant data breach affecting its Chinese shopping website Taobao. A developer and his manager working for an affiliate marketer were found to have scraped customer data, including usernames and phone numbers, on behalf of his employer. The individual and his manager were sentenced to three years in prison, with no other apparent penalties or fines. 

2. Real Estate Wealth Network

• Date of breach: December 2023
• Number of customers impacted: 1.5 billion records leaked
• Type of breach: Database leak
• What was stolen: Property history, names, addresses, mortgage information, tax IDS

Concerning Social Engineering Leak

One of the most significant corporate data leaks in US history, the New York-based online real estate platform Real Estate Wealth Network, had more than 1.5 billion records leaked. Over 1.16 TB of data contained information about celebrities like Floyd Mayweather, Nancy Pelosi, and Britney Spears. Hackers could easily conduct social engineering attacks with this data, but legal action remains unclear as of January 2025. 

1. Yahoo

• Date of breach: August 2013 – December 2016
• Number of customers impacted: 3 billion accounts
• Type of breach: Unauthorized access
• What was stolen: User information like names, email, addresses, phone numbers

The Largest Breach Ever

Yahoo has the honor of being the target of the most significant corporate data breach in history. In 2016, the company disclosed that more than 3 billion user accounts were compromised due to Russian hacking. Using a backdoor, the hackers stole all types of customer information. A lawsuit determined that Yahoo failed to notify its users of the hack, which led to 41 class action lawsuits and a 35 million dollar fine. It also caused the company’s valuation to drop when sold to Verizon.