5 Large Business Password Breaches & What We’ve Learned From Them

February 16, 2021

The past 30 years have seen a significant increase in cybercrime as computers and networks become more sophisticated, and hacking methods follow suit. There have been hundreds of large data breaches, some of them reaching hundreds of millions of users across the globe. Each new attack teaches us something new about the people hacking, the methods they use, and the vulnerabilities that put us at risk.

In this guide, we’ll cover five large business password breaches and what we’ve learned from them. 

1. Ebay Breach (2014)

Ebay was one of the world’s largest shopping platforms before Amazon came along and usurped the position. With millions of listings, secure payments via PayPal, and the potential to find even the oldest of collectibles and unique items, the site attracted millions of users. In 2014, the site became the victim of a data breach, which exposed millions of passwords (around 145 million, to be exact). At the time, that number accounted for its entire user base.

The hackers used the stolen credentials of three employees, gaining access to Ebay’s private database for a whopping 229 days. That was more than enough time, with complete access, for the hackers to steal information and learn sensitive information about Ebay’s inner workings. Luckily, credit card information was stored separately from user credentials, so the breach wasn’t as impactful as it could have been.

What Did We Learn?

If there’s anything the Ebay breach taught is, it’s that good password habits are crucial. The hackers got ahold of three employee passwords, and gained complete access to Ebay’s infrastructure. While we can speculate all day long about how the passwords were compromised, what we know about how the average person views passwords can grant some insight. In short, passwords should be unique, monitored and updated, and, if possible, stored in a company password manager.

2. Target Breach (2013)

Target is one of the nation’s largest retailers, and in 2013, fell victim to a huge data breach that exposed about 40 million users’ credentials, bank account numbers, and more. The “unauthorized access” attack was largely kept under wraps by the retailer, with few details on how it happened. We can speculate, however, that an outside attack can mean anything from hackers stealing passwords to taking advantage of system inconsistencies. Either way, that’s a lot of records compromised in one attack.

What Did We Learn?

The Target breach showed us that data breaches are incredibly damaging and expensive. Target has since paid around $18 million in damages to its customers, but that doesn’t account for the fees and other fines that the company was also responsible for. The bottom line? Invest in protection now, or pay massively later.

3. Capital One Breach (2019)

As one of the largest banks in the country and the world, Capital One services hundreds of millions of personal, vehicle, and home loans, along with credit cards, investments, and more. This makes the very nature of the company’s data highly sensitive, and a data breach even more destructive. In 2019, that data breach occurred; affecting about 106 million people across the US and Canada. About 140,000 social security numbers and 80,000 bank account numbers were stolen.

What Did We Learn?

Perhaps the most important lesson to take away from the Capital One breach is that even the largest and most secure businesses aren’t safe from hackers. As our cyber protections improve, so too do the hackers’ arsenals. It’s up to both users and the companies that store information to take the necessary steps to stay ahead of hackers and protect sensitive data.

4. Equifax Breach (2017)

Equifax is one of the three credit bureaus that creditors report to. Obviously, the company is responsible for millions of consumers’ data, and protecting it should be a top priority. However, in 2017, approximately 148 million people had their data exposed to hackers. The breach was made even more impactful because of the information Equifax stores on consumers, including names, addresses, social security numbers, and more. Around 200,000 consumers also had credit card data exposed, making this one of the largest data breaches in history.

What Did We Learn?

The Equifax breach taught us that vulnerabilities can appear anywhere in a system, and that the slower we are to respond, the worse the breach will be. Administrators need to respond to breaches as quickly as humanly possible, locking down systems and changing credentials ASAP. The quicker it’s addressed, the more the damage can be mitigated. A large company like Equifax should know better!

5. LinkedIn Breach (2012 & 2016)

LinkedIn is among the top social media sites on the web, taking a different approach by connecting professionals with other professionals, job opportunities, and more. The site boasts a user base of about 760 million, and, in 2012 (and 2016), around `165 million of those accounts were compromised by a data breach. It began in 2012, when around 6 million passwords were stolen and posted on a hacker forum. The company didn’t fully realize what was happening, or the extent of the damage, until around 2016.

What Did We Learn?

The LinkedIn data breach showed us that passwords are the first line of defense against hackers. A great password, with unique characters, a combination of upper and lowercase letters, numbers, and symbols, can take thousands of years for even the most advanced computers to crack. The point? Use strong passwords! Don’t use self-identifying information, don’t store passwords in Word Docs or sticky notes, and don’t share passwords with other workers. Around 81% of data breaches occur because of poor passwords. 

Leave a Reply

Your email address will not be published. Required fields are marked *