Top data breaches of 2020 – Security Affairs

Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020. Below a list of top incidents:

There were a number of major data breaches that took place in 2020, in many cases stolen records flooded the cybercrime underground and were used credential stuffing attacks.

Below the list of top data breaches that took place in the last 12 months:

May 2020 – CAM4 adult cam site leaked 11B database records including emails, private chats.

The popular adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users.

March 2020 – 538 Million Weibo users’ records being sold on Dark Web

Hackers offered for sale on the dark web data belonging to 538 million Weibo users, including 172 million phone numbers.

January 2020 – 250 Million Microsoft customer support records and PII exposed online

An expert discovered that over 250 million Microsoft customer support records might have been exposed along with some personally identifiable information.

February 2020 – 440M records found online in unprotected database belonging to Estée Lauder

A security expert discovered that the Cosmetic firm Estée Lauder exposed 440 million records online in a database that was left unsecured.

July 2020 – Wattpad – 270 million records – ShinyHunters leaked over 386 million user records from 18 companies

ShinyHunters, a trusted threat actor, is offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online. The dump included 270 million records for the user-generated stories website Wattpad.

April 2020 – 267 Million Facebook identities available for 500 euros on the dark web

Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords.

March 2020 – TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

A hacker has leaked the details of 15 million users registered on Tokopedia, an Indonesian technology company specializing in e-commerce. It was offering an archive containing 91 million records for $5,000.

October 2020 – Broadvoice – 350 million records leaked online

A huge data breach at US VoiP provider Broadvoice has exposed more than 350 million customer records, including names, phone numbers and even call transcripts. According to security researchers, a configuration error made it easy to access 10 databases belonging to the company.

June 2020 – Oracle’s BlueKai Spilled ‘Billions Of Records’ Of Web-Tracking Data

In June 2020, security researcher Anurag Sen found an unsecured BlueKai database accessible on the open Internet. The database contained billions of records containing names, home addresses, email addresses and other identifiable data in the database. The data also revealed sensitive users’ web browsing activity — from purchases to newsletter unsubscribes

March 2020 – Keepnet Labs – 5 billion records exposed online

In March 2020, Bob Diachenko found an unprotected Elasticsearch database exposed online. The archive was managed by the U.K.-based security company Keepnet Labs and contained a huge collection of previously reported security incidents spanning 2021-2019.

The archive was accidentally leaked by a new service provider used by the company during scheduled maintenance to migrate the ElasticSearch database.

July 2020 – NightLion hacker is selling details of 142 million MGM Resorts hotel guests

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breaches)

[adrotate banner=”5″]

[adrotate banner=”13″]