Massive data security breaches have once again made headlines in 2019. At the time of writing, more than 600 million records were stolen from 16 different websites. And, according to Information Age “data breach reports are up 75 percent over the last two years”. The Identity Theft Resource Center (ITRC)’s “2018 End-of-Year Data Breach Report” further confirms that “2018 saw a 126 percent uptick in the number of records breached containing personally identifiable information”.
In our previous post, we have detailed the Top 10 data security breaches in 2018. This post investigates the latest and biggest data security breaches containing personally identifiable information, which occurred in the first quarter of 2019.
Amount of records breached: 2.4 billion
When it happened: 2 January 2019
It didn’t take long for the first data breach to raise its ugly head in 2019. On 2 January 2019, Blur suffered a data breach after a file that contained 2.4 million usernames, email addresses, password hints, IP addresses and encrypted passwords were exposed as a result of an unsecured server.
Amount of records breached: 2.7 billion
When it happened: January 2019
Combinations of email addresses and passwords that are used to hijack accounts on other services (also known as credential stuffing lists) were being distributed on the dark web during early January 2019. The database contained over 773 million unique email addresses and 21 million unique passwords, resulting in more than 2.7 billion email/password pairs. This breach has already been dubbed “the largest breach to become public” second only to the Yahoo breach of 2017.
Amount of records breached:1 billion (approx.)
When it happened: February 2019
During February 2019, the email verification service, Verifications.io, suffered a major data breach exposing personal data, business information and social media (Facebook, LinkedIn and Instagram) details. The breached data included 982 864 97 leaked email addresses but also additional personal information such as names, contact numbers, IP addresses, mortgage data (such as interest rates and credit scores) dates of birth and genders. The leaked data also exposes Verifications.io’s internal data such as SMTP servers, email addresses, IP addresses to blacklist etc. The upside, if such a thing exist in a data breach, is that no passwords, credit card details or social security numbers were exposed. The Verifications.io website has been down since the breach.
Amount of records breached: Over 3 million
When it happened: March 2019
During March 2019, more than 3 million unique email addresses were found in an exposed Elasticsearch database with the corresponding passwords (in plain text). This was used to access the victims’ mailboxes and customize the spam that was sent out from these accounts. Hereafter a spam operation known as “Intelimost” transmitted millions of emails seemingly originating from people known to the recipients.
Despite the high incidence of data security breaches and the staggering number of exposed records that accompany these breaches, data security breaches can be prevented. In this regard, knowledge is power – arm yourself with knowledge of the current breach landscape and how to protect your critical assets.
For more information about recovering from and preventing a future data security breach, please get in touch.