List of the biggest Startup Data Leaks

Simran Shahid Simran Shahid
Jan 25, 2021 5 min read
List of the biggest Startup Data Leaks

The costliest and fastest-growing outcome of cybercrime is the theft of information. Millions of people's personal and confidential data are stolen and a fast buck is substituted. To deter cybercriminals from building solutions against them, cybercriminals are continually evolving and discovering new ways to exploit online security. But hackers aren't the product of all data violations. 'loopholes' and unprotected servers most frequently provide wrong actors with access without even breaking-in. The pandemic has shaken the nation, leaving private and government entities with trouble conducting their daily operations. With the unforeseen COVID 19 circumstances, corporations and organizations, including layoffs, pay cuts, and more, are among the most affected industries. The pandemic has forced companies and organizations, by using remote operations, digital platforms, etc., to transition their working formats, accelerating adoption of the technology. Sources say that 94% of organizations are currently using a cloud service, and 83% of businesses' workloads will be in the cloud.

1. Big Basket user data for sale online

On October 2020 around 20 million users account information were leaked

In October 2020 around 20 million users' account information was leaked. According to the Atlanta-based cyber intelligence company Cyble, consumer data from the online grocery platform Big Basket is for sale in the online cybercrime market. With a price tag of 3 million rupees ($40,000), part of a database containing personal details of nearly 20 million users was available, Cyble said on November 7. The data included names, email IDs, hashes for passwords, PINs, mobile numbers, addresses, birth dates, locations, and IP addresses. Cyble said it discovered the data on October 30 and disclosed the apparent violation to Big Basket on November 1 after comparing it with the details of Big Basket users to confirm it.

2. Twitter Breach

130 Twitter accounts were targeted due to the twitter breach

The attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to their internal systems. Via a phone spear-phishing attack, the famous microblogging site came under cyberattack in July this year. 130 Twitter accounts were targeted, eventually Tweeting from45, accessing DM inbox 36, and downloading Twitter Data from 7. To access the internal systems and obtain knowledge about the processes, the attackers used special employee passwords. This information then allowed them to target additional staff who had access to the support resources for the Twitter account.

3.Whatsapp Breach

The new policy effectively takes away the discretion that users

The new policy effectively takes away the discretion that users had until now not to share their information with other apps owned by Facebook and third parties. While the revised privacy policy of Facebook-owned WhatsApp has stoked fears about privacy and data sharing with other apps, what is missing in the midst of the clamour is this: if India had a data protection law in place, WhatsApp would not have been able to go forward with this update in the first place. In reality, for two years now, India's data protection law has been languishing.

4. Zoom Credential-Based Breach

More than 500,000 Zoom accounts were hacked in April

More than 500,000 Zoom accounts were hacked in April and then sold for either free or less than a penny each on the dark web and hacker forums. The compromised credentials are gathered through password stuffing attacks, according to reports, where threat actors attempt to login to Zoom using accounts leaked from older data breaches. The efficient logins are then collected into lists that are marketed to other hackers.

5. Unacademy Data Breach

Over 20 million user accounts were exposed and sold to the Dark Web

Unacademy, one of the prominent online educational platforms based in Bengaluru, suffered a data breach in January this year. Over 20 million user accounts, including usernames, SHA-256 hashed passwords, date entered, last login date, email addresses, first and last names, and whether the account is active, a staff member, or a superuser, were exposed to the breach and sold on the Dark Web. The big data breach was revealed by the US-based cybersecurity company Cyble, according to reports. There are also several accounts using corporate emails in the exposed database, including those of Wipro, Infosys, Cognizant, Google, and Facebook.

6. Tetrad Data Breach

Market research company Tetrad experienced a data breach on February 3 that included data from Tetrad customers, and it differs by the form of business and their data collection methods. The data included a spreadsheet detailing over 4,000 current and expected locations related to IBM Tririga deployments, according to reports. Other critical data, such as the sum of 130 million rows of data on US households, were compromised in addition to the data collected by retail companies.

7. Sina Weibo Data Breach

In March, the Chinese Weibo social network suffered a major breach of data containing 538 million Weibo users' information. Personal details, such as real names, site usernames, gender, location, phone numbers, among others, were included in the data. The hacker was selling the Weibo data for just Β₯1,799($250), according to reports.

8. Easyjet Data Breach

EasyJet also reported that 2,208 traveler's credit card details were revealed

The British low-cost airline group EasyJet experienced a large-scale data breach on May 19 this year, compromising data from nine million customers. The data included email addresses, travel information, and, in certain cases, payment card information, according to reports. EasyJet also reported that 2,208 travelers' credit card details were revealed.

9. MGM Grand Data Breach

MGM announced a data breach in February for about 10.6 million customers who stayed at MGM resorts. The data, which included personal information ranging from home addresses and contact details to driver's licenses and passport numbers, appeared online.

10. Marriott Data Breach

In January this year, Marriott International faced a major data infringement. In January this year, Marriott International faced a major data infringement. Contact details such as name, mailing address, email address, and phone number were included in the information, as well as loyalty account information, and additional personal details such as business, gender, and birthday, day and month, relationships and affiliations, and so on.

11. Nintendo Data Breach

300,000 Nintendo Network ID accounts were compromised

Nintendo, the Japanese video gaming giant, reported in April this year that by using unauthorized logins, 300,000 Nintendo Network ID accounts were compromised. The additional Nintendo Network ID (NNID) accounts that were compromised had their passwords reset, according to reports and the related users were directly contacted.

Conclusion

While our hope is eternal, with the rise in data insecurity, from exposed databases to phishing attempts, from malware to data leaks from third parties, the odds do not look good. In the first quarter of2020, an increase of 273 percent over the previous year was reported. Data breaches aren’t going anywhere and we’re here to keep you up-to-date on the worst data breaches of the year putting you at risk of identity theft.

Great! Next, complete checkout for full access to StartupTalky.
Welcome back! You've successfully signed in.
You've successfully subscribed to StartupTalky.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.