9. MySpace
Time: 2013Impact: 360 million individual profile
Though it got long ceased being the powerhouse so it was previously, social media marketing place MySpace smack the statements in 2016 after 360 million consumer reports had been leaked onto both LeakedSource and place on the block on dark colored internet markets genuine with a selling price of 6 bitcoin (around $3,000 during the time).
Based on the organization, missing data integrated email addresses, passwords and usernames for “a portion of records which were produced before Summer 
11, 2013, regarding the outdated Myspace program. So that you can secure our consumers, we’ve invalidated all consumer passwords for all the stricken account produced ahead of June 11, 2013, about outdated Myspace platform. These customers time for Myspace would be caused to authenticate their unique account and reset their own code by using guidance.”
It’s thought that the passwords happened to be stored as SHA-1 hashes of earliest 10 figures of password transformed into lowercase.
10. NetEase
Time: October 2015Impact: 235 million individual records
NetEase, a service provider of mailbox treatments through loves of 163 and 126, reportedly endured a breach in October 2015 when emails and plaintext passwords regarding 235 million accounts happened to be on the market by dark web market supplier DoubleFlag. NetEase provides kept that no information breach took place and this day HIBP says: “Whilst discover proof your information itself is genuine (multiple HIBP customers confirmed a password they use is within the facts), because of the trouble of emphatically verifying the Chinese violation this has been flagged as “unverified.”
11. Courtroom Projects (Experian)
Day: Oct 2013Impact: 200 million private registers
Experian subsidiary Court Ventures fell prey in 2013 whenever a Vietnamese guy tricked it into giving your accessibility a database that contain 200 million individual registers by posing as a private detective from Singapore. The details of Hieu Minh Ngo’s exploits merely concerned light after his arrest for offering personal information folks owners (like charge card numbers and personal protection rates) to cybercriminals around the globe, one thing he previously become performing since 2007. In March 2014, he pleaded guilty to several expense like character fraud in america section judge for your District of New Hampshire. The DoJ stated at the time that Ngo got produced a maximum of $2 million from attempting to sell individual facts.
12. LinkedIn
Go out: June 2012Impact: 165 million users
With its second look about number is relatedIn, this time in mention of a breach it experienced in 2012 whenever it established that 6.5 million unassociated passwords (unsalted SHA-1 hashes) was in fact taken by attackers and published onto a Russian hacker discussion board. But wasn’t until 2016 the full extent on the event was disclosed. Alike hacker attempting to sell MySpace’s data ended up being seen to be providing the email addresses and passwords of approximately 165 million LinkedIn people just for 5 bitcoins (around $2,000 at that time). LinkedIn acknowledged that it was produced alert to the violation, and stated it got reset the passwords of stricken profile.
13. Dubsmash
Time: December 2018Impact: 162 million individual records
In December 2018, brand new York-based video chatting solution Dubsmash had 162 million emails, usernames, PBKDF2 password hashes, along with other individual data such as for example times of delivery taken, all of which was then put up for sale throughout the Dream marketplace dark colored online markets the subsequent December. The data was being sold within a collected dump furthermore like the likes of MyFitnessPal (more about that below), MyHeritage (92 million), ShareThis, Armor Games, and matchmaking application CoffeeMeetsBagel.
14. Adobe
Time: Oct 2013Impact: 153 million individual documents
At the beginning of October 2013, Adobe stated that hackers got stolen almost three million encoded client credit card information and login facts for an undetermined range individual profile. Period later on, Adobe improved that estimate to add IDs and encrypted passwords for 38 million “active users.” Protection writer Brian Krebs subsequently stated that a file posted only times earlier “appears to feature over 150 million login name and hashed code sets obtained from Adobe.” Weeks of studies indicated that the tool had additionally revealed client brands, password, and debit and charge card details. An agreement in August 2015 called for Adobe to pay for $1.1 million in legal charges and an undisclosed total people to settle reports of breaking the client registers operate and unfair business methods. In November 2016, the total amount settled to consumers is reported to-be $1 million.
15. My Personal Physical Fitness Pal
Time: March 2018Impact: 150 million individual records
In March 2018, exercise and diet app MyFitnessPal (owned by subordinate Armour) subjected around 150 million distinctive emails, IP tackles and login recommendations including usernames and passwords retained as SHA-1 and bcrypt hashes. A year later, the information appeared on the market regarding dark colored web and a lot more generally. The business recognized the breach and stated they took action to tell users of the event. “Once we turned into mindful, we quickly got strategies to determine the character and extent from the problem. We’re dealing with trusted data safety companies to assist in our very own investigation. There is in addition informed and are usually coordinating with police force bodies,” it claimed.