The amount of compromised data has been steadily growing in recent years . Almost every day, new articles about leaks and hacks appear in the news, and we write more and more about the need to use protection – now more than ever.
Today we will dive into history and remember the most high-profile and major data leaks. How much and what information was leaked, how users suffered and much more – in this material.
1. RockYou2024
In short: hackers collected data from old leaks and released the largest compilation of real user passwords – 10 billion records!
When the leak occurred: 2024.
Who was affected: Users without reliable protection around the world.
RockYou2024 is the king of leaks and the bane of all those who thought that hackers were not interested in it. In July 2024, cybercriminals posted a gigantic selection of passwords on a thematic forum: 9,948,575,739 unique entries. Even though RockYou2024 is a compilation based on the old leak RockYou2021, the result is still stunning.
Our expert Alexey Antonov analyzed this leak and found out that 83% of the passwords contained in the leak could have been selected by a smart algorithm in less than an hour , and only 4% of the leaked user passwords (328 million) can be considered strong – their selection would take more than a year using a smart algorithm. How the smart algorithm works – we wrote in the study of password strength , which, together with the analysis of the new leak, clearly proves that most users are still extremely frivolous about creating passwords.
When analyzing the new leak, the expert filtered out all irrelevant records and worked with the remaining array of 8.2 billion passwords that were stored in plaintext – this is, of course, not 10 billion, but still a lot.
2.CAM4
In short: the adult site CAM4 had its database storage servers with 11 billion customer records incorrectly configured, and sensitive information was exposed to the public.
When the leak occurred: 2020.
Who suffered: Users of the adult website CAM4.
This story is interesting for two reasons: what information was leaked and how. In addition to trivial data – first name, last name, email address, payment logs – much more intimate information was leaked: gender preferences and sexual orientation. Each user had to provide estonia whatsapp data data leaks this data when registering on the site – without it, you can’t enjoy the content of the adult streaming platform even in 2024.
The leak occurred due to the use of an unprotected Elasticsearch database
You can get a weighty book, in which the story data leaks of CAM4 will occupy a small but important chapter “How the largest data leak in history could have happened, but did not happen.” Fortunately, the database was disabled within half an hour after the error was discovered, and later moved to the internal local network. Personal data of users was deleted.
3. Yahoo
In short: The hacker attack affected all 3 billion users of the platform, but Yahoo admitted this only three years later.
When did the leak happen: 2012, 2013… Or maybe 2014 – Yahoo doesn’t know the exact date.
Who was affected: All Yahoo users.
More than a decade ago, Yahoo suffered a hack (it all started with a phishing email), which led to a series of news stories about data leaks. At first, they talked about a couple of hundred million hacked accounts, then about 500 million , and in 2017, on the eve of the deal with Verizon, it turned out that all 3 billion accounts were affected. Hackers gained access to names, email addresses, dates of birth, and phone numbers. But most importantly, for at least three years, the attackers had access to the accounts of users who had not changed their passwords for years. Now do you understand why it is so important to regularly change passwords and delete old profiles ?
This story is yet another confirmation
In the case of Yahoo, the attackers found a database of unencrypted security questions, and some accounts did not have two-factor authentication at all. So, when it comes to the security of your personal accounts, do not rely on social networks or online platforms. Create or generate strong passwords and store them in Kaspersky Password Manager . The application will regularly check them and report any data leaks from accounts linked to these emails.
The application will search for these numbers and addresses in the latest leak databases, and if detected, it will warn you and advise you on further actions (read more about how we help combat leaks of your personal data to the Internet or darknet).
4. UIDAI (Aadhaar)
In short: hackers have put up for sale the biometric data of almost all citizens and residents of India.
When the leak occurred: 2018.
Who was affected: 1.1 billion Indians.
The UIDAI (United India Resident Identification System) is the world’s largest bio-identification system, storing personal data, fingerprints and iris photographs of more than 1 billion Indians. The unique personal number assigned by the system is called Aadhaar.
While many countries around the world are only planning to introduce biometric identification, in India such a system has been in place for over ten years. UIDAI was created so that absolutely all residents of India could have an official single state identity card – Aadhaar.
In fact, it turned out that the data of almost all Indians was stolen by hackers as a result of numerous data leaks – in 2018. Cybercriminals sold access to the database for only 500 rupees (about $6 at the current exchange rate). There was also a large-scale data leak in 2023 – then 815 million Indians suffered .
Banks and law enforcement agencies still recommend that victims of leaks block the ability to manage money using biometrics. But this is no guarantee of security – cybercriminals may have passport numbers, names, surnames, photographs, fingerprints and other information.
5. Facebook*
In short: the company failed to notify users about the data leak, although it knew about it for two years.
When the leak occurred: 2019.
Who was affected: 533 million Facebook users*.
The words “Facebook*” and “leak” placed next to each other have long ceased to surprise anyone. The platform regularly falls victim to hacker attacks and internal leaks. Today we recall the largest leak in the history of Facebook* — the names, phone numbers data leaks and location data of 533 million users of the social network fell into the hands of cybercriminals. The hackers published this data on a specialized forum, and anyone could download it for free. In addition to the data of ordinary users, the account data of public figures. Such as the EU Commissioner for Justice Didier Reynders and the then Prime Minister and now Foreign Minister of Luxembourg Xavier Bettel, also leaked onto the Internet.
The leak included data relevant to 2018–2019, although information about it only appeared in 2021. How did this happen? The fact is that hackers exploited the vulnerability in 2019, and Facebook* patched it at the same time. But forgot to tell this story to their users — or simply did not want to. So Meta** once again received not only a barrage data leaks of criticism. Also a fine of €265 million (approximately $276 million in 2021).
What do all these leaks teach us?
The common thread running through all these stories is the idea. We ourselves are primarily responsible for the security of our data. Not Facebook*, Yahoo or even the government. It is important to protect your accounts yourself. Come up with or generate strong passwords. Store them in a secure password manager and treat your biometric data with special care.
Use different passwords . If you are a fan of the tactic and have been using the Internet data leaks for at least a few years. We have bad news for you…
If you use our protection , just specify a list of email addresses to check in the “Data Leak Detection” section. Kaspersky Premium users can also add phone numbers to check in the “Identity Theft Alert” section. The applications will check this data leaks for new leaks automatically. And in our password manager, just select “Password Check” in the menu or click on the taskbar (the key icon). Everyone else can use our free Password Checker service .
Use two-factor authentication (2 FA ) wherever possible.
Don’t store passwords in browsers . Use a password manager , generate unique cryptographically strong passwords for all your important accounts. You’ll only need to think up and remember one – the main – password. Which will become the key to all other passwords. It will protect and encrypt your password storage and other important data.