Skip to content

12 biggest hacks of 2018

  • by
  • 7 min read

The previous year has been a year full of massively scaled data leaks, which included big names such as Facebook, Cathay Pacific, Quora, Reddit, and many more. It did cause a major uproar among the respective users.

In this article, we list down some of the biggest hacks, leaks and security breaches of 2018.

Facebook hack – 50 million users

In September 2018, Facebook was targeted and affected by one of the biggest data hacks in history. Well over 50 million accounts from the social media giants’ website were affected by a security vulnerability. This allowed the hackers to steal and gain control over users’ accounts.

Digital keys or access tokens were stolen, which in turn helped the hackers to access and gain control over accounts. Since then, Facebook has taken better measures to ensure that users’ data isn’t compromised.

Read the complete story here

Messenger hack – 81,000 users’ messages

Facebook Messenger gets a simpler refreshed look

The Messenger app by Facebook was developed as a stand-alone app used to receive and send messages to your Facebook friends and recently even used to replace your default SMS app. This breach was reported back in November 2018.

There was a bug in the companies HTML code for the website where if you were already logged into Facebook and then visited a malicious website, the hackers quickly gained access to messages from several thousand profiles through the iframes in the HTML code.

Messages of over 81,000 users were compromised but were soon rectified by Facebook, and the bug was patched.

Also read: What is IoT Botnet? How does it affect the Internet of Things?

Facebook photo bug – 6.8 million users

Facebook has been at the centre of all major leaks and hacks of 2018, and this one again is no exception. This one was huge. Facebook admitted that about 6.8 million users’ may have risked sharing their private photos to third-party apps.

Only the apps approved by Facebook which used their photos API were vulnerable to the private photos hack. The company received a lot of backlash after this breach and failure in protecting their users’ privacy.

Read the complete story here

Cathay Pacific hack – 9 million passengers

Cathay Pacific hacked: Data of 9 million passengers might be stolen

The Hong Kong airline company in October 2018 were hit with a significant data breach in which data like passengers’ names, DOBs, phone numbers, email addresses, and passport numbers were leaked. This was a big leak for personal information.

The hackers also gained access to a few active and expired credit card details. They did deny any misuse of data by hackers. They were ranked as the six best airlines in the world last year.

Read the complete story here

Quora data breach – 100 million users

The Quora data breach was one of the biggest ever. Personal information of over 100 million users was leaked in the process. The company discovered the breach on November 30, 2018.. Quora apologised to all its users for the inconvenience caused and even advised to delete accounts if they didn’t feel safe enough.

There was no financial data stolen and even the other data stolen was all scattered. Anonymous content on the website was not affected.

Read the complete story here

Lazarus $571 million cryptojack

$571 million cryptojacked by North Korean hacker group Lazarus

During the cryptocurrency hype, a lot of small and big companies were a target of some cryptocurrency hack or cryptojacking. Since the value of these cryptocurrencies was booming, hackers took advantage of various vulnerabilities.

A famous North Korean hacker group called Lazarus was responsible for a cryptojacking hack of an estimated worth of $571 million.

This hack was carried out with the help of spear phishing, social engineering, and malware.

Read the complete story here

Google+ data hack – 52.5 million users

The Google+ data breach was also one of the biggest data breaches of 2018. A bug in the company’s code has exposed the data of over 500,000 users for over three years. An internal bug detected in November 2018 resulted in an expose of 52.5 million users accounts. This bug was pushed out in a Google+ API update rolled out on November 7, 2018.

Google denies any evidence regarding the misuse of the data that was leaked. Large amounts of data like profile information and email addresses were exposed. Google says no passwords or financial data was leaked.

After this, Google decided to shut down Google+ in August 2019.

Also read: Top 8 Google+ alternatives

Marriott data breach – 500 million guests

Marriott faces class-action lawsuit worth $12.5 billion following the hack

Having affected over 500 million people, the Marriott was the biggest leak of 2018. Initial reports suggested that data of over 500 million customers was compromised but later turned out to be something different.

User data of 5.25 million guests was unencrypted which included passport numbers and 20.3 million encrypted passport numbers along with 8.6 million encrypted credit and debit card numbers were also exposed. But since all the data was encrypted, it’s suggested that the hackers might not have gotten much out of the hack.

Many experts believe this was the doing of a Chinese intelligence-gathering effort. Marriott has been investigating the hack and is yet to come with an explanation.

Read the complete story here

Exactis marketing data breach – 340 million users

Exactis is one of the biggest marketing and data aggregation firms in the USA. In June 2018, the database of over two terabytes was discovered by a data scientist. It included personal information of over 340 million adults belonging to the USA and also personal information of big companies were compromised.

The leak did not contain any financial information or Social Security Numbers but went into details of personal information regarding each affected user. The affected user’s phone number, home address, email address, and other personal information was leaked. It was one of the most comprehensive collections of data to be ever leaked.

Reddit data breach

Reddit Hacked: User data leaked; How to safeguard your data

The Reddit data breach was a rather small scale but did affect a few employees’ accounts. The data that was hacked included current email addresses and a 2007 database backup containing old hashed passwords.

The hack took place in June of last year via a two-factor authentication SMS intercept. The hacker could only gain access to the read-only systems of the company. Since then, Reddit has taken additional security measures to protect its user data.

Read the complete story here

MyFitnessPal data breach – 150 million users

MyFitnessPal by Under Armour is one of the most prominent fitness assistants available on the market right now. In March 2019, personal information including email addresses, usernames and hashed passwords of over 150 million users was leaked. Easy to guess passwords like- “qwerty” or “12345678abc” could be easily misused even after being hashed as they are easy to decrypt.

Since the company doesn’t collect any government-issued documents or data, the damage by this data breach was not as severe.

T-mobile data breach – 2 million customers

In August 2018 of last year, T-mobile announced an event where the company’s database was hacked, and the hackers were able to gain access to personal information of about 2 million customers, The leak included, names, billing zip code, phone numbers, email addresses, and T-mobile linked data.

No sensitive information such as credit card numbers or SSNs was leaked in the data breach. All affected users were notified with a text message sent by the company.

Also read: Should you also be taping your webcam?

Rajiv Kulkarni

Rajiv Kulkarni