The 20 worst data theft cases

Data theft affecting hundreds of millions or even billions of people are becoming a danger to our privacy without us knowing it. Most of them did not affect us directly. But there is a big chance that someone has already taken our personal information at some point. We just never knew about it!

Here is a list of the 20 most notorious digital crimes and data thefts

The information age has opened doors to many possibilities for governments, companies, and even some mysterious hackers. Ever since the birth of the internet, malware hackers and illegal schemes have been threatening people’s privacy and challenging data protection measures. In some way, about 4 billion people’s personal data had been stolen in this century alone. The smallest incident on this list involved the data of more than 68 million people.

NordVPN affiliate
Get secure and private access to the internet!

Although different cases had different severity, we have recorded the most number of accounts breached, stolen, or somehow affected by hackers or data thieves.



Data theft victims: 68,648,009

Yevgeniy Nikulin, a Russian hacker was accused of being responsible for hacking DropBox. On top of that, according to Darkreading, the 2012 LinkedIn attack that saw 117 million passwords stolen has been associated with him. He was extradited to the US after being detained in the Czech Republic, even though Russia’s government has expressed its displeasure with the decision.

According to a report on CNN, the Czech minister of justice made the decision after considering the US and Russia’s intensity to extradite and prosecute Nikulin.

JP Morgan Chase

JP Morgan Chase

Data theft victims: 76,000,000

Unlike other hacks where trivial personal information is brought to the surface, JPMorgan is one of the largest banks in the world. It has financial information in its computer systems that go beyond customers’ credit card details with more sensitive data. As the severity of the intrusion, which began in June 2014, became more clear by July. Several bank executives scrambled for the second time in three months to contain the fallout and to reassure customers that their money had not been taken. According to the New York Times, the original hackers appeared to have obtained a list of the applications and programs that run on JPMorgan’s computers. They were operating overseas and have gained access to the names, addresses, phone numbers, and emails of JPMorgan account holders.

Speculation among the law enforcement officials and security experts have expressed that the hackers may have been sponsored by elements of the Russian government.



Data theft victims: 92,000,000

AOL has had multiple hacks, but the worst one came in 2004. Surprisingly enough, this one came as an insider hack by one of the company’s software engineers from AOL’s subscriber list. According to CNN, Jason Smathers of Harpers Ferry, W. Va., used his inside knowledge of AOL’s computer system to steal a list of 92 million AOL customer account “screen names,” and sold them to the owner of an internet gambling company.



Number of credit card accounts and applications affected: 106,000,000

A 33-year-old hacker from Seattle was responsible for the March 22 and 23 2019 attacks on Capital One. and includes credit card applications as far back as 2005. The hack affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One in a CNN report.

Capital One stated that “no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised.”
A criminal complaint says that the hacker tried to share the information with others online. She had previously worked as a tech company software engineer for Amazon Web Services, the cloud hosting company that Capital One was using. She was able to gain access by exploiting a misconfigured web application firewall, according to a court filing.

Heartland Payment Systems Inc.


Number of cases impacted: 134 million

Heartland was a Fortune 1000 U.S.-based payment processing and technology provider, founded in 1997 before purchased by Global Payment. At the time of its hack in March 2008, Heartland was processing 100 million payment card transactions per month for 175,000 merchants. The impact affected 134 million credit cards of small to mid-sized retailers. The hack was discovered nearly a year later in January 2009 when suspicious transactions were discovered by Mastercard and Visa. The company paid an estimated $145 million in compensation for fraudulent payments and was not allowed to process payments of major credit card providers up until May 2009.

NordVPN affiliate
Get secure and private access to the internet!

The uniqueness of this story is that the authorities managed to catch the attackers. A federal grand jury indicted a Cuban American and two unnamed Russian accomplices. The Cuban American was alleged to have masterminded of the operation and was sentenced in March 2010 to 20 years in federal prison.



Data theft victims: 140,000,000

The Australian online design tool, Canva, was the latest to join the bandwagon of victims of cyber attacks on May 24th, 2019 after hackers stole data of nearly 140 million users, according to Cisomag. The attack exposed email addresses, usernames, names, cities of residence. Fortunately, the passwords remained encrypted, thereby being unreadable to external parties. This way the hackers could not steal, files with a credit card and payment data.

However, according to another article by Canva, approximately 4 million Canva accounts containing stolen user passwords were later decrypted and shared online.



Number of consumers impacted: 143,000,000

Hackers stole the financial data from a top credit-reporting company, potentially exposing the personal information of roughly half the US population. Roughly half of the US population got affected, when a hack was discovered by Equifax on the 29th of July in 2017. The company is one of the largest credit bureaus in the US, which is why this data hack is more distressful than earlier ones. Inadequate system segmentation made lateral movement easy for the attackers. Equifax was also blamed for being slow to report the hack.

The hack compromised the personal information of 143 million consumers, of which 209,000 consumers also had their credit card data exposed.



Data theft victims: 145 million

In May 2014, Online commerce giant eBay asked users to change their passwords after hackers breached encrypted passwords and other personal information. The online auction giant said hackers used the credentials of three corporate employees to access its network and had complete access for 229 days.

Under these circumstances, eBay was forced to ask its customers to change their passwords. Once again, financial information, such as credit card numbers, was fortunately stored separately. However, the company did not manage to escape criticism for a lack of communication with its users and poor implementation of the password-renewal process.

The company spent a couple of weeks investigating the incident before deciding to disclose it to the general public.

My Fitness Pal

myfitnesspalData theft victims: 150,000,000

In February 2018 the usernames, email addresses, IP addresses of around 150 million customers were stolen from people using a fitness app. MyFitnessPal was among the massive information dump of 16 compromised sites that saw some 617 million customers accounts leaked and offered for sale on Dream Market, just like Dubsmush.

However, they were exposed a year later when the data was put up for sale on the dark web.



Number of user records impacted: 153,000,000

Adobe endured a major security hack in early October 2013. The company reported that hackers had stolen nearly 3 million encrypted customer credit card records and log in. Later that month, this number was pushed to 38 million active users.

However other reports written in CSSOnline confirmed that a file posted just days earlier “appears to include more than 150 million more usernames and hashed password pairs taken from Adobe.” Weeks of research showed that the hack had also exposed customer names, IDs, passwords, and debit and credit card information.


Data theft victims: 162,000,000

New York-based video messaging service Dubsmash had 162 million email addresses, usernames, password hashes, and other personal data stolen. In December 2018, after the hack, all of these stolen data was then put up for sale on the Dream Market dark web market. The information was being sold since the beginning of February the next year, as part of a collected dump with other stolen data.

NordVPN affiliate
Get secure and private access to the internet!

Unfortunately for the clients, Dubsmash did not let users know if they’ve been hacked. This meant users were left on their own to discover if their information was part of the breach.

Eventually, the company acknowledged the hack, and the sale of information had occurred. However, it failed to say how the attackers got in.



Data theft victims: 165,000,000

LinkedIn has always been an attractive proposition for attackers looking to conduct social engineering attacks. However, it has also fallen victim to leaking user data in 2012 and 2016.

The first time, in 2012, the company announced that 6.5 million unassociated passwords were stolen. These were discovered on a Russian hacker forum. However, only 4 years later, in 2016, that the full extent of the incident was revealed. The same hacker was offering the email addresses and passwords of around 165 million LinkedIn users for just 5 bitcoins at the time.



Data theft victims: 218,000,000

Zynga is one of the biggest players in the mobile game industry with millions of active players from across the world. Once a Facebook gaming scene, it has outgrown the platform. Zynga confirmed in an online announcement around September 2019 that email addresses, passwords, phone numbers, and user IDs for Facebook and Zynga accounts were stolen.

The culprit was a Pakistani hacker who claimed to have hacked into Zynga’s database and gained access to the 218 million accounts registered there.



Data theft victims: 235,000,000

If you’re not familiar, NetEase a mailbox services provider. This case is under a lot of debate since NetEase has reportedly denied any hack and been called ‘unverified.” However, other reports claim that some 235 million accounts from NetEase customers were being sold by a dark web marketplace vendor known as DoubleFlag.

The same vendor was also selling information taken from other Chinese giants such as Tencent’s QQ.com, Sina Corporation, and Sohu, Inc. Therefore the case remains questionable or rather suspicious at best.

Adult Friend Finder

(We are not going to post a company logo this time for obvious reasons) ?

Number of accounts impacted: 412,200,00

This hack is probably the most sensitive topic for more than 412 million account holders. Why is that? If you are unfamiliar, the FriendFinder Network is a casual hookup and adult content website. It was breached in mid-October 2016, stealing the data spanning back to 20 years, (one year after the website launched.) The hackers had stolen sensitive data like names, email addresses, browser information, the IP address last used to log in, and if the user had paid for items.and passwords.

It is unknown to this day who carried out this hack.

Marriott International

Marriott-Int-black-logoData theft victims: 500,000,000

Marriott International is also a unique case here. It was officially announced in November 2018 that attackers had stolen data on approximately 500 million customers. But the hack initially occurred 4 years earlier, in 2014. The attackers remained undiscovered until September 2018. According to an article by the New York Times, the hack was attributed to a Chinese intelligence group seeking to gather data on US citizens.

Throughout this time the hackers have breached and stolen some combination of contact information, passport number, guest numbers, travel information, and other personal data. The credit card numbers and expiration dates of more than 100 million customers were believed to be stolen, but Marriott is uncertain whether the attackers were able to decrypt these.



Number of accounts impacted: 360,000,000 

Despite MySpace’s fading popularity, social media site MySpace did not manage to escape the attention of hackers. In 2016 it hit headlines that 360 million user accounts were leaked. The data taken prior to June 2013, was taken onto both LeakedSource, a searchable database of stolen accounts, and placed upon the dark web market for a price of 6 bitcoins.

Sina Weibo

Sina Weibo

Number of accounts impacted: 538,000,000 

This is sadly a more recent occurrence. This happened in March 2020 and is amongst the worst data hacks in the world. With over 500 million users, Sina Weibo is China’s match to Twitter. However, it was reported that the real names, site usernames, gender, location, and phone numbers had been posted for sale on dark web markets.

The case is still under investigation after it was reported to China’s Cyber Security Administration of the Ministry of Industry and Information Technology.



Number of accounts impacted: 540,000,000

Amongst multiple other hacks, Facebook has experienced one of the worst data hacks in its short history. There have been hundreds of millions of public Facebook records publicly exposed to Amazon’s cloud computing service in 2019. According to an article by CBSNews, a Mexico-based media company called Cultura Colectiva was responsible for one of the biggest leaks in history. It exposed 146 gigabytes of Facebook user data, including account names, IDs, and details about comments and reactions to posts.



Number of accounts impacted: 3,000,000,000
Yahoo has been named amongst the unluckiest company giants that have ever existed. The company has experienced multiple attacks starting from 2013, compromising 1 billion users. This happened again by another hacker in 2014 and in September 2016. The timing of this hack announcement was extremely bad. How come? Well at that time, Yahoo was in the process of being acquired by Verizon, which eventually paid $4.48 billion. The attackers, which the company believed we “state-sponsored actors,” compromised the real names, email addresses, dates of birth, and telephone numbers of 500 million users. Yahoo claimed that most of the compromised passwords were hashed.

This has been known as the worst data hack in history!

Protect your Data!

Getting secure and private internet access is very important these days.

With NordVPN security, nobody can see through or get their hands on your internet data. We’d recommend using a secure VPN to give you that peace of mind each time you use public Wi-Fi, to keep yourself protected. Also, try to take several measures to protect yourself from account breaches, especially if you are an online business owner.

Click on the link to get your VPN security to ensure your private access to the internet!

Related posts

Improve Your Office Space With These Tips

Contributed Post

Explore the Benefits of Owning a Franchise: Is It Right for You

Contributed Post

AI Deepfake Detection: How We Can Shield Against Digital Deception

Guest Poster

5 Commonly Overlooked Ways To Improve Your Business

Contributed Post

Effective Ways To Protect Your Small Business Against Fraud

Contributed Post

Top 5 Software Programs Businesses Should Invest In

Contributed Post

Leave a Comment