Skip to main content

Do you trust large companies with your personal information?

This article highlights the extent that personal information may be compromised. When most people think about data breaches, they think of computer hackers gaining unauthorised access to systems through nefarious means. However, data breaches not only occur through hacking attacks.

This article discusses the 5 biggest data breaches in history that have occurred unintentionally and have consequently made personal information publicly accessible on information technology systems.

Related article: Notifiable Data Breach Scheme Overview

1. Microsoft – 250 million data records

In January 2020, Microsoft’s customer support left 250 million records unsecured online. Bob Diachenko, a security expert at Comparitech, discovered the vulnerability. Comparitech reported that the data was exposed for approximately two days and was accessible to anyone with a web browser, and did not require a password or any other authentication to gain access to the records.

2. Unknown server – 275 million data records

In yet another discovery by Bob Diachenko, the personal information of over 275 million Indian Citizens was found in an unsecured database in May 2019. It was unclear who was responsible for compiling the database. However, it was available for all to see – if they could find it.

According to the exposed data included information such as name, gender, birth dates, email addresses, mobile numbers, education and employment details and it reported that the database was compiled as part of a massive scraping operation.

Twitter – 330 million data records exposed (internally)

The Verge reported that Twitter urged more than 330 million users to change their passwords after a bug exposed them in plain text on an internal file. While there was no clear evidence of a breach to the public (as it was an internal breach), Twitter took responsibility and informed its users of this glitch despite the minor risk of any harm.

Facebook – 419 million users

In September 2019, a database exposed approximately 20% of total Facebook users’ phone numbers – a whopping 420 million records were left exposed. Forbes reported that Jake Moore, a cybersecurity specialist at ESET said: “it seems crazy that personal data of this magnitude could be on a server unprotected in 2019, but this just highlights how data gets forgotten about, and mistakes can happen.”

Unknown server – 1.2 billion records

In November 2019, cybersecurity expert Vinny Troia found apparent data scrapes of LinkedIn, Facebook, and Twitter profiles on an insecure server. Wired Magazine reported that the data was found on one server containing four data sets that were ‘cobbled together’ and consisted of 50 million phone numbers and 622 million emails.