This year has been plagued not only by the coronavirus that affected around 64.4 million people and killed 1.5 million people worldwide, but also by various data breaches that affected millions of personal information. Here is a rundown of the biggest data breaches of 2020 according to HotSheet.com.
1. Cit0day
More than 50 gigabytes of data from 23,618 databases were hacked and shared in some hacking forums in November. These files included 13 billion which were archived in the Cit0day site that was shut down in September.
Meanwhile, experts estimated that around 226,883,414 unique email addresses with their respective passwords were cracked and saved in plain text versions that are downloadable from these forums. Also, these data have been established to contain legitimate, undisclosed breaches.
2. 123RF
Earlier this year, stock photo site 123RF also faced a data breach in March 2020 that affected 8,661,578 subscribers' accounts. The files included names, phone numbers, IP and physical addresses, email addresses, and passwords stored as MD5 hashes. These were allegedly sold online.
3. Home Chef
Home Chef, a food delivery service, also suffered a data breach early this year. Personal information of around 8,815,692 customers, which include names, IP addresses, post codes, passwords, and even the credit cards' last four digits were as bcrypt hashes and subsequently sold online.
4. Animal Jam
Animal Jam, an online game for kids, had a data breach in October. Personal data of 46 million users including more than 7,104,998 email addresses were shared in various online hacking communities in November. Aside from emails, breached data, which were stored as PBKDF2 hashes, also included IP addresses, dates of birth, physical addresses, usernames, parent names as well as passwords.
5. Minted
Back in May, independent artists' online marketplace Minted suffered a data breach exposing 4,418,183 unique customer records, which were later sold on dark web marketplace. Breached data included names, phone numbers, physical addresses, and passwords stored as bcrypt hashes.
6. Wongnai
Seventeen previously unpublicized data breaches surfaced for sale in October. These included Wongnai, a Thai restaurant, attraction, and hotel finder app. This exposed 3,924,454 customer records, including their names, phone numbers, and even links to their social media profiles. Breached data is stored as MD5 hashes.
7. LiveAuctioneers
LiveAuctioneers, an online antiques marketplace, suffered a data breach in June, in which nearly 3.385,862 files of names, addresses, phones numbers, IP addresses, email addresses, and passwords stored in unsalted MD5 hashes were sold online then redistributed to hacking forums.
8. WiziShop
WiziShop, a French e-commerce platform, also suffered data breach in July, which exposed 18 GB of data that included names, dates of birth, phone numbers, addresses, SHA-1 password hashes, IP addresses as well as 2,856,769 email addresses.
9. James
Fourteen undisclosed data breaches surfaced for sale in June. These included James, a Brazilian delivery service which compromised 1,541,284 unique email addresses when its system was hacked in March. Among the exposed files stored as bcrypt hashes, are customer's passwords as well as their locations, which were clearly specified in and latitude and longitude.
10. Lazada
News about Lazada RedMart data breach affecting 1,107,789 accounts records came out in October. It is sai that customers' email addresses, passwords, names, addresses, phone numbers, and partial credit card numbers were stored as SHA-1 hashes and sold in an online marketplace.
Related article: Cit0day Leak: Around 13 Billion User Files from 23,000 Hacked Databases Shared in Two Hacking Forums
This is owned by Tech Times
Written by CJ Robles