Do you trust large companies with your personal information?

This article highlights the extent that personal information may be compromised.  When most people think about data breaches, they think of computer hackers gaining unauthorised access to systems through nefarious means.  However, data breaches not only occur through hacking attacks.

This article discusses the 5 biggest data breaches in history that have occurred unintentionally and have consequently made personal information publicly accessible on information technology systems.

Related article: Notifiable Data Breach Scheme Overview

5. Microsoft – 250 million data records

In January 2020, 250 million customer support records were left unsecured online. Bob Diachenko a security expert of Comparitech discovered the vulnerability. Comparitech reported that the data was exposed for approximately two days and was accessible to anyone with a web browser and did not require a password or any other authentication to gain access.

4. Unknown server – 275 million data records

In yet another discovery by Bob Diachenko, personal information of over 275 million Indian Citizens was found on an unsecured database in May 2019. It was unclear who was responsible for compiling the database, however, it was made available for all to see – if they could find it.

According to Beleepingcomputer.com the exposed data included information such as name, gender, birth dates, email addresses, mobile numbers, education and employment details and reported that the database was compiled as part of a massive scraping operation.

3. Twitter – 330 million data records exposed (internally)

The Verge reported that Twitter urged more than 330 million of its users to change their passwords after a bug exposed them in plain text on an internal file. While there was no clear evidence of a breach to the public (as it was an internal breach), Twitter took responsibility and informed its users of this glitch despite the very minor risk of any harm.

2. Facebook – 419 million users

in September 2019, a database exposed approximately 20% of total Facebook users’ phone numbers – a whopping 420 million records were exposed.  Forbes reported that Jake Moore, a cybersecurity specialist at ESET said: “it seems crazy that personal data of this magnitude could be on a server unprotected in 2019, but this just highlights how data gets forgotten about and mistakes can happen.”

1. Unknown server – 1.2 billion records

In November 2019 apparent data scrapes of LinkedIn, Facebook, and Twitter profiles were found on an insecure server by cybersecurity expert Vinny Troia. Wired Magazine reported that the data was found on one server containing four data sets that were ‘cobbled together’ and consisted of 50 million phone numbers and 622 million emails.