The global tech sector is no stranger to data breaches
From Facebook to Adobe, we often hear about data breaches in the news. In today’s digital world, data breaches can affect hundreds of millions of users simultaneously.
By definition, a data breach means an incident in which secure or private data is released intentionally or unintentionally into an untrusted environment. The categories of data breaches are diverse–a breach could expose your personal information or the financial record of your company. Sometimes, the cost and size of a data breach are so impactful that many businesses end up losing customer’s trust and revenue at the same time.
According to a new study by IBM, data breach costs rose from US$3.86 million to US$4.24 million (nearly 10 percent) for surveyed companies in 2021, representing the highest average total cost in the 17-year history of this report. For breaches caused by remote working due to the pandemic, the average cost was US$1.07 million higher.
Read on to find out more about the most significant data breaches of all time committed by tech giants.
Facebook’s massive data leak
Facebook and controversies almost go hand in hand. In the past, the social media platform has been criticized for not doing much to protect users’ data. Back in 2019, a user on an online hacking forum reportedly exposed the phone numbers and personal data of hundreds of millions of Facebook users for free. The leaked data covered personal information from 533 million Facebook accounts in 106 countries.
According to Facebook, the data was acquired via scraping using the contact importer feature that no longer exists. The company had designed this feature to help its users find their friends using their contact lists. Facebook changed the feature in 2019 when it became aware of how malicious actors were misusing it.
Google+ data exposing bug
In December 2018, Google’s social media platform Google+ revealed that a bug had impacted approximately 52.5 million users’ data in connection with a Google+ Application programming interface (API).
According to Google, it all started in November 2018, when a bug in a Google+ API allowed apps to access user data, regardless of their privacy settings. The company stated that the bug was discovered and fixed promptly within a week. Thanks to its security flaws, users Google+ failed to gain trust among users. In April 2019, Google+ was shut down, stating “low usage” and “challenges involved in maintaining a successful product that meets consumers’ expectation” as the primary reasons.
Yahoo’s biggest data breach
There was a time when Yahoo was giving a tough fight to Google in the search engine segment. However, some strategic errors and missed opportunities added to the collapse of the internet giant. In 2013, Yahoo’s 3 billion user accounts were impacted by data theft, making it one of the largest online breaches in internet history.
The breach allowed attackers to steal user account information, including names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers. However, Yahoo claimed that the stolen data didn’t include passwords in clear text, payment card data or bank account information.
Adobe’s database leak
The U.S. tech giant Adobe was hit hard by a severe security breach that led to data exposure of Adobe Creative Cloud users. In October 2019, in association with cybersecurity firm Comparitech, security researcher Bob Diachenko discovered that nearly 7.5 million Adobe Creative Cloud accounts were exposed on Adobe’s Elasticsearch database. The server was easily accessible without any authentication.
According to Comparitech, Diachenko immediately alerted Adobe and the company secured the database on the same day. The exposed data could have been used against Adobe users for phishing emails and campaigns. The database contained customer information, including email addresses, but did not include passwords or financial information.
Alibaba’s data breach exposed 1.1 billion users
China’s tech firm Alibaba Group Holdings Ltd. was the recent victim of a massive data leak exposing its user information. In November 2019, Alibaba-owned shopping platform Taobao was attacked by a Chinese developer to obtain over 1.1 billion pieces of customer data illegally through a web scraping software. The breach included user information such as IDs, mobile phone numbers and user comments.
After noticing the data breach, Alibaba immediately reported it to the police. Although the court ruling didn’t hold Alibaba accountable for the leak, the company could face administrative penalties under China’s Cyber Security Law (CSL), which went into effect in 2017. The law requires network operators and businesses to store select data within China and allows Chinese authorities to conduct security checks on the network operations of a company.
These incidents indicate that the last decade has been rough on tech giants. But, are they fully prepared to face the worst?
Header image courtesy of Unsplash
