10Fold Reveals 10 Largest Breaches of 2016

Nearly Three Billion Personal Records Breached Around the World


SAN FRANCISCO, CA--(Marketwired - Jan 19, 2017) - 10Fold, a full-service B2B technology public relations agency with a specialization in cybersecurity, today announced that in 2016, more than 2.8 billion personal records were breached on social and file-sharing platforms, email providers and government databases around the world. In its second annual year-in-review, 10Fold analyzed the largest data breaches of 2016, then ranked the top 10 from greatest to least.

"If 2015 was the year of the healthcare data breach -- breaches impacted nearly 40 million people -- then 2016 was the year of the social media breach. Four of the top 10 breaches were social media related and impacted more than 640 million people," said Angela Griffo, vice president of the cybersecurity practice at 10Fold. "But the biggest surprise of the year was Yahoo revealing that the information of more than 1.5 billion people had been stolen by attackers. Regardless of an attacker's motive, any compromised information leaves users susceptible to identity theft and fraud."

News reports about the 10 largest data breaches discovered in 2016, which are listed below, indicated that each attack affected 49 million users or more. 10Fold selected these data breaches based on independent research collected throughout 2016 and cross-referenced the information with third-party resources, including ID Theft Resource Center and Information is beautiful.

10 Largest Data Breaches of 2016:

1. Yahoo: 1.5 Billion Users -- The Yahoo data breach is possibly the largest email provider data breach in history. When Yahoo first confirmed the breach in September 2016, the company revealed the breach impacted 500 million user accounts. The stolen account information included names, dates of birth, telephone numbers, passwords, and security questions and answers. In December, the company revealed an additional one billion users had been affected by the breach, bringing the grand total of affected users to 1.5 billion.

2. FriendFinder Network: 412 Million Users -- In October, a number of sites in the FriendFinder Network were hacked, resulting in a data breach that affected 412 million users. According to LeakedSource, the sites affected included Adult Friend Finder, Cams and Penthouse. The breached data encompassed 20 years of user information and included user names, emails, passwords, joining dates and the date last visited. A significant amount of the user information released was the stored data of users who had previously attempted to delete their accounts. Of the total records breached and released, 15 million came from deleted accounts.

3. Myspace: 360 Million Users -- In May, the prolific cyberhacker Peace sold the data of 360 million Myspace users. Released user information included names, passwords and secondary passwords. According to Time Inc., the information was from an older 2013 Myspace platform. Only those profiles that existed prior to the site's relaunch were affected. The new site now includes stronger user account security.

4. LinkedIn: 117 Million Users -- In May, it was announced that cyberhacker Peace had sold 117 million emails and encrypted passwords on the dark web for roughly $2,200. 

5. VK Russia: More than 100 Million Users -- In June 2016, it was reported that hacker Peace was selling the data of 100 million VK users for roughly $570. The information released contained usernames, emails, unencrypted passwords, locations and phone numbers. What's more, the original hack occurred between 2011 to 2013.

6. Dailymotion: 87.6 Million Users -- In October 2016, France-based video sharing site Dailymotion reports indicated that hackers released the usernames and emails of 87.6 million users. According to the Dailymotion blog post, the breach was due to an external security problem. While the company claimed the hack was limited -- roughly 18.3 million user accounts were associated with encrypted passwords -- all partners and users were still advised to reset their passwords for safekeeping. Dailymotion is the 113th most-visited website in the world.

7. Tumblr: 65 Million Users -- In May, 65 million Tumblr accounts were found for sale on the dark web. A cyberhacker using the alias Peace sold the data for $150. According to security researcher Troy Hunt, the data contained email and password information.

8. DropBox: More than 60 Million Users -- In August 2016, Dropbox announced that it had reset the passwords of more than 60 million users after the company discovered that an old set of Dropbox user credentials was taken. While the company suspects that the records were originally obtained in 2012, the breach was not discovered and users were not notified until 2016. The released information contained usernames and encrypted passwords. It has been reported that a senior Dropbox employee verified the released data is legitimate.

9. Philippines' Commission on Elections: 55 Million Voters -- On March 27, a hacker group posted the entire database of the Philippines' Commission on Elections (COMELEC) online. The attackers also shared three links where the information of 55 million registered voters in the Philippines could be downloaded. The distributed data included email addresses, passport numbers and expiration dates, and fingerprint records -- information that cannot be replaced or reset. Various reports suggest this breach is the biggest government-related data breach in history.

10. Turkish Citizenship Database: 49.6 Million Citizens -- In April 2016, the entire Turkish citizenship database was hacked. Attackers released the personal information of 49.6 million citizens. The information released included details that are found on a standard Turkey identification card, including national identifier, name, parents' names, gender, birthdate, city of birth and full address. According to reports, hackers validated the data by publishing details of Turkey's president and former prime minister Recep Tayyip Erdogan. It's suspected that the hack was politically motivated, based on the following statement found in the released database: "Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?"

Visit 10Fold at Security Never Sleeps During RSA
This year 10Fold is hosting its seventh annual Security Never Sleeps luncheon at RSA, which features a moderated panel discussion and audience Q&A with the cybersecurity industry's leading executives, media and analysts. The event takes place on Wednesday, February 15 from 11:30 a.m. to 1:30 p.m. PST.

About 10Fold
10Fold is a leading North American public relations firm with regional offices in San Francisco, Pleasanton and Capistrano Beach, California. As a privately owned company founded in 1995, 10Fold provides strategic communications and content expertise to B2B organizations that specialize in networking, IT security, cloud, storage, Big Data, enterprise software, AppDev solutions, wireless, and telecom. The award-winning, highly-specialized account teams consist of multi-year public relations veterans, broadcasters and former journalists. 10Fold is a full-service firm that is widely known for its media and analyst relations, original content development, corporate messaging, social media and video production capabilities (through its division ProMotion Studios). For more information, visit www.10fold.com or follow us on Twitter (@10FoldComms) and Facebook (www.facebook.com/10FoldComms).