9. MySpace
Day: 2013Impact: 360 million individual profile
Though it have very long quit being the powerhouse that it was previously, social media marketing website MySpace smack the headlines in 2016 after 360 million user records happened to be released onto both LeakedSource and place on the market on dark web marketplace the real thing with a price tag of 6 bitcoin (around $3,000 during the time).
Based on the business, forgotten facts integrated emails, passwords and usernames for aˆ?a part of account that were produced ahead of June 11, 2013, in the older Myspace platform. So that you can protect all of our users, we now have invalidated all user passwords for the stricken accounts produced before Summer 11, 2013, regarding old Myspace platform. These consumers going back to Myspace is going to be prompted to authenticate their accounts in order to reset their own code by using instructions.aˆ?
Itaˆ™s thought that the passwords were accumulated as SHA-1 hashes from the earliest 10 figures of the password transformed into lowercase.
10. NetEase
Date: Oct 2015Impact: 235 million user reports
NetEase, a service provider of mailbox service through likes of 163 and 126, reportedly experienced a breach in Oct 2015 when emails and plaintext passwords relating to 235 million records were being sold by dark online industry supplier DoubleFlag. NetEase has actually kept that no data breach taken place in order to this very day HIBP reports: aˆ?Whilst there can be proof that the facts itself is genuine (multiple HIBP clients verified a password they normally use is within the facts), due to the trouble of emphatically verifying the Chinese breach it has been flagged as aˆ?unverified.aˆ?
11. Courtroom Projects (Experian)
Go out: Oct 2013Impact: 200 million individual reports
Experian part judge endeavors dropped victim in 2013 when a Vietnamese man tricked it into offering your usage of a databases that contain 200 million private reports by posing as a personal investigator from Singapore. The details of Hieu Minh Ngoaˆ™s exploits merely stumbled on light after his arrest for selling private information folks owners (including charge card data and Social Security rates) to cybercriminals across the world, anything he previously come creating since 2007. In March 2014, the guy pleaded bad to multiple expenses such as identity fraud in the usa area judge for any area of brand new Hampshire. The DoJ mentioned at that time that Ngo had generated a total of $2 million from promoting individual facts.
12. LinkedIn
Big date: Summer 2012Impact: 165 million consumers
Along with its next looks with this list is relatedIn, this time around in reference to a violation they experienced in 2012 when it announced that 6.5 million unassociated passwords (unsalted SHA-1 hashes) were stolen by attackers and uploaded onto a Russian hacker discussion board. However, it wasnaˆ™t until 2016 that complete level from the experience was revealed. Similar hacker selling MySpaceaˆ™s data is seen to be offering the emails and passwords of approximately 165 million LinkedIn customers just for 5 bitcoins (around $2,000 at that time). LinkedIn recognized which was in fact produced alert to the breach, and mentioned it had reset the passwords of stricken records.
13. Dubsmash
Go out: December 2018Impact: 162 million consumer records
In December 2018, brand new York-based video clip chatting solution Dubsmash have 162 million email addresses, usernames, PBKDF2 code hashes, and other individual information such as for example times of delivery taken, all of these was then set up available throughout the fantasy markets dark colored web market the next December. The content had been offered as part of a collected dump additionally including the wants of MyFitnessPal (much more about that below), MyHeritage (92 million), ShareThis, Armor Games, and matchmaking app CoffeeMeetsBagel.
Dubsmash known the violation and sale of real information have 
occurred and supplied information around password changing. However, it neglected to express how the assailants have in or confirm the amount of customers had been suffering.
14. Adobe
Time: Oct 2013Impact: 153 million user data
At the beginning of October 2013, Adobe reported that hackers had taken nearly three million encrypted buyer credit card records and login data for an undetermined quantity of consumer accounts. Weeks after, Adobe enhanced that estimate to feature IDs and encoded passwords for 38 million aˆ?active people.aˆ? Security blogger Brian Krebs subsequently reported that a file submitted only era early in the day aˆ?appears to incorporate significantly more than 150 million login name and hashed password pairs extracted from Adobe.aˆ? Days of study indicated that the hack have in addition exposed visitors labels, code, and debit and credit card records. A contract in August 2015 called for Adobe to pay for $1.1 million in legal costs and an undisclosed amount to consumers to be in states of breaking the consumer registers work and unfair companies techniques. In November 2016, the total amount paid to clients had been reported as $1 million.
15. My Personal Physical Fitness Mate
Big date: February 2018Impact: 150 million individual records
In February 2018, diet and exercise application MyFitnessPal (owned by subordinate Armour) subjected around 150 million distinctive email addresses, IP details and login recommendations instance usernames and passwords put as SHA-1 and bcrypt hashes. A year later, the info came out on the market on dark online and much more broadly. The organization known the violation and mentioned it took actions to notify consumers of this event. aˆ?Once we turned mindful, we rapidly took measures to ascertain the characteristics and range of issue. Our company is using the services of respected facts safety firms to help with the research. We also notified and generally are managing with police force government,aˆ? they mentioned.
