There were a number of major data breaches that took place in 2020, in many cases stolen records flooded the cybercrime underground and were used credential stuffing attacks.
Below the list of top data breaches that took place in the last 12 months:
The popular adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users.
Hackers offered for sale on the dark web data belonging to 538 million Weibo users, including 172 million phone numbers.
An expert discovered that over 250 million Microsoft customer support records might have been exposed along with some personally identifiable information.
A security expert discovered that the Cosmetic firm Estée Lauder exposed 440 million records online in a database that was left unsecured.
ShinyHunters, a trusted threat actor, is offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online. The dump included 270 million records for the user-generated stories website Wattpad.
Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords.
A hacker has leaked the details of 15 million users registered on Tokopedia, an Indonesian technology company specializing in e-commerce. It was offering an archive containing 91 million records for $5,000.
A huge data breach at US VoiP provider Broadvoice has exposed more than 350 million customer records, including names, phone numbers and even call transcripts. According to security researchers, a configuration error made it easy to access 10 databases belonging to the company.
In June 2020, security researcher Anurag Sen found an unsecured BlueKai database accessible on the open Internet. The database contained billions of records containing names, home addresses, email addresses and other identifiable data in the database. The data also revealed sensitive users’ web browsing activity — from purchases to newsletter unsubscribes
In March 2020, Bob Diachenko found an unprotected Elasticsearch database exposed online. The archive was managed by the U.K.-based security company Keepnet Labs and contained a huge collection of previously reported security incidents spanning 2021-2019.
The archive was accidentally leaked by a new service provider used by the company during scheduled maintenance to migrate the ElasticSearch database.
The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, data breaches)