You are currently viewing Top 10 Biggest Data Breaches of all Time

Top 10 Biggest Data Breaches of all Time

We are in the era of science and technology where all the things are done through technology either it’s big or small. We used different technology equipment in our daily life like mobile, computer, laptop, smartwatches many more where our important things personal data has been stored.

Nowadays data is considered one of the most valuable assets in the modern world. A giant company like Google, Facebook, and more comes to this position due to the data they have.

Data is sensitive information so before we give our personal information we need to be aware of the misuse of our data we only need to give our data to only trusted sites.

Every day we log in to the website or smartphone app where we put our user name and password to access our account. If we just randomly putting our data to many sites that are not trustable the data breach happens. So anyone out there must have known about the biggest data breaches of all time.

If not look here:

A data breach is an information security incident in which personal information is publicly exposed or accessed without authorization.

So we don’t want to be shown our data without permission to prevents data breaches we have to follow all the safety measures. Many hackers are waiting for your mistake or the company mistake to gain access and sell your data to make money.

Here we make the list of the Top 10 biggest data breaches of all time after collecting the different news portal published data breaches report and analyzing it.

Here is the list of the top 10 biggest data breaches of all time:

10. Capital One

Capital One

Capital One is an American bank holding company specializing in auto loans, banking, credit card and saving accounts which was founded in 1994 by Richard Fairbank, Nigel Morris.

Capital One goes through the biggest data breach many times in 2013 and recently 2019 where confidential information is exposed by hackers.

In March and April 2019 106 million consumer data has exposed the database included social security numbers, bank accounts numbers, payment histories, credit scores, and more. 

The investigation of the breach shows that the security is vulnerable in the open-source Web Application Firewall where attackers are able to hack the system and expose the information.

The leaked data was being stored out in the open on the software development platform Github profile name “Netcrave” later on investigation found that he was the Amazon employee where the company domain was hosted and arrested the former Amazon employee.

Later on, the bank solved the issues and made sure that all the data has been saved now however the data breach happens so the company goes through a lot of criticism.

9. Heartland Payment System


Heartland Payment System was a Fortune 1000 US-based payment processing and technology provider which was founded on 15 July 1997 by Bob Carr.

In March 2008 the company had been the victim of a security breach within its processing system which affected 134 million users. In this breach, hackers exposed information on users’ credit cards, payment transactions and much more sensitive information. 

The breach was noticed in January 2009 when Visa and MasterCard notified Heartland of suspicious transactions from the accounts.

In the involvement of the breach Albert Gonzalez and two Russians have been arrested and sentenced to 20 years in federal prison. Albert Gonzalez used SQL injection to gain access to the heartland private corporate network then he used a proxy to hide IPs and bypassing anti-virus packages he installed sniffer software which helped him to monitor and record data traffic on a network.

In response the breached Heartland Payment system launches end-to-end encryption technology and smart chips which help to save from future data breaches.

8. eBay


eBay is an American multinational e-commerce corporation that was founded by Pierre Omidyar in 1995 September.

eBay is an e-commerce site so there is so critical information on this site due to security vulnerability in May 2014 eBay site has been attacked by a hacker and stolen information like name, addresses, date of birth, and encrypted password of the 145 million users.  

The breach is less serious in the way that the hacker wasn’t able to steal the financial information, including credit card numbers and PayPal information because they are encrypted and stored on a different network.

The breach went unnoticed for about a month, the company says when they noticed they quickly made a public announcement where they asked users to change their passwords.

The hacker used credentials for three corporate employees of the online auction site from where they were able to access usernames and encrypted passwords belonging to users. Due to this breach the company was criticized at the time for lack of communication with its users.

7. Equifax


Equifax is an American multinational consumer credit reporting agency which was founded in 1899 by Cator Woolford and Guy Woolford.

On 29 July 2017 hackers hacked the confidential information of the 147.9 million users including social security number, birth dates, addresses, and in some cases driver license numbers of 143 million. 

The company said that on September 7, 2017, an application vulnerability in one of their websites led to a data breach. The company later said on the detail of the cause due to the Apache Struts CVE-2017-5638 popular framework for the java web application vulnerability.

In the response to the data breach created a separate domain for consumers to find out if their information was compromised in the breach. On 31 July 2017 Equifax’s chief information officer notified CEO Richard Smith of the involvement in this activity.

In this breach also credit card information of approximately 209,000 consumers was also exposed. All this sensitive information of the consumer is exposed due to the simple vulnerability it leads to in the list of Top 10 biggest data breaches of all time.

6. Myspace


Myspace is an American social networking service that was founded on August 1, 2003, by Chris DeWolfe, Tom Anderson, and Jon Hart.

In 2013 the company went through the biggest data breach where 360 million user accounts were affected by this data breach. Leaked data are leaked onto the both leaked source and also put up for sale on the dark web market asking price of 6 bitcoin. 

The leaked data included passwords, email addresses, and usernames where the amazing fact is that the company didn’t know it had been breached until passwords for the site turned up for sale on the dark web in 2016. Myspace says that this data breach was done by the Russain cyberhacker called ‘peace’ where this group is also responsible for the Linkedin and Tumblr data breaches also.

The algorithm of myspace password was hashed using SHA-1 which makes it easy to crack to the hacker and steals the passwords of the user easily. The company later changed the algorithm to the stronger one as the response of the data breach due to this data breach Myspace put it in the list of 7 no in the list of Top 10 biggest data breaches of all time.

5. Friend Finder Network

Friend Finder Network

Friend Finder Network is an American internet company dealing with adult entertainment, online dating, and social networking services which was founded in 1996 by Andrew Conru.

This company went through the biggest data breach in October 2016 where 412.2 million accounts were affected by this data breach. Where hackers collected 20 years of data including email addresses, names, and passwords of the FriendFinder Network.

The FriendFinder Network includes websites like, adult friend finder,, and where all website data has been leaked and 15 million supposedly been deleted. The passwords which were stored by the company database in plain text or hashed using the notoriously weak SHA1 algorithm which makes it easy for the hacker to hack at the password section.

The hacker hacked the FriendFinder network through a local file inclusion exploit which enabled them to access all of the network’s sites after investigation friend finder proved it.

4. Marriott International

Marriott International

Marriott International is an American multinational diversified hospitality company that was founded by J. Willard Marriott and Alice Marriott in 1927.

In November 2018 announced that attackers had stolen data on approximately 500 million guest records where hackers exposed including contact information, passport number, Starwood Preferred Guest number, travel information, names, and other personal information.

Marriott International believes that financial information such as debit card numbers, credit card, and expiration dates of the more than 100 million customers were stolen but the company is uncertain whether hackers were able to decrypt the credit card number. 

Marriott International says that the breach was eventually attributed to a Chinese intelligence group, seeking to gather data on US citizens and the ministry of state security which makes it one of the biggest personal data breaches by a national-state.

The big breaches like this come in the form of phishing scam emails asking the user to reset your password by the Chinese hacker by the investigation it proves that. All these security vulnerability hackers are able to hack on Marriott International and make it at the top 5 in the list of Top 10 biggest data breaches of all time.

3. Facebook


Facebook is an American online social networking service and social media which was founded by Mark Zuckerberg in 2004. Facebook has been going through a lot of issues and many data breaches small and big.

In 2016 Facebook goes through a scandal of helping Donald Trump to win the election and later on Facebook apology for it. 

Data breaches happened in 2019 where it was found that third-party apps had exposed 540 million accounts publicly on Amazon’s cloud computing service where location data, likes, comments, likes, rection, FB IDs, account names, and more were also exposed.

Facebook-integrated app titled “At the Pool” contained columns for fk_user_id, fb_use,fb_likes, fb_reaction and more is the backup system where hackers got into and exposed the user data in the public internet via an Amazon S3 bucket. In response to the data breach amazon web services look into further potential ways to handle the situation on that day and fix the issues.

This data breach is the third-party data breaches that didn’t affect the user who didn’t use that third party to log in so all the Facebook accounts have been safe in this data breach.

2. First American corporation

First American

First American Corporation is a United States financial service company that was founded in 1889 and currently Dennis J. Gilmore is the CEO.

In May 2019 First American corporation went through a massive breach which exposed 885 million users’ sensitive records including bank account records, wire transactions, social security numbers, tax records, and driver license images. 

In the later investigation by the U.S. Securities and Exchange Commission (SEC) found that there is a design defect on the websites that allow attackers to access 484 files which contained non-public personal information without authentication and were able to hack the system.

In this breach, the company was accused of violating six sections of the rule and found guilty where the company paid a fine accordingly. All the security vulnerability helps hackers to easily access the system but in this case not only hackers anyone can get information without permission due to this company having to pay a penalty.

It is considered as the biggest data breach due to a large number of impacts to the user so it has been in second place in our list of Top 10 biggest data breaches of all time.

1. Yahoo


Yahoo is an American web services provider that was founded in January 1994 by Jerry Yang and David Filo. Yahoo had gone through many data breaches in the year 2014 and 2013 which is considered as the biggest data breach of all times. Many sensitive information of the user like names, birth dates, phone numbers, and passwords is revealed through this attack. 

In August 2013 data breach 3 billion of yahoo’s user accounts were affected due to this data breach. This data breach was conducted by an “unauthorized third party” later on investigation they found that cookies could have been used to access these accounts also there is seen of a phishing attack.

After tracking down the source of peace’s data they discovered evidence of this breach from a dark web seller offering one billion yahoo accounts for about $300,000 in August 2015.

In this data breach investigation found that users passwords in clear text, payment card data and bank information were not stolen. Later on, yahoo forced all the affected users to change passwords and to reenter any unencrypted security questions and answers to make them encrypted in the future.

This data breach is one of the unforgotten data breaches which affected 3 billion users, one of the highest affected user data breaches so this is at the top of the list of Top 10 biggest data breaches of all time.

Final Word

Thanks for reading this article. The above data are collected from the different news portals and different sites which are doing a survey on this topic. By analyzing all the information we made our list and a lot of effort we do to give you true information.

Please remember that many hackers have been waiting for the one mistake you have made which helps them to easily hack your personal information easily and unknowingly. If you guys were affected through this above data breach please share your experience in the below comment section.

Also please help us to improve our article by sharing your experience in the comment section and if you have any complaints please write your complaint in the contact us section.

Please like and share:

Leave a Reply