Replug 2018 : Ten Costliest Data Breaches That Shook Cyber Security Experts

Replug 2018 : Ten Costliest Data Breaches That Shook Cyber Security Experts

Data Breach. How many times have we heard this ginormous term in the past? Every organization from big tech corporation to big government lives on data. Consequently, data is valuable to cybercriminals, hackers, and even rival governments just like it is of immense value to cyber security experts. Mobile users alone deal in unsurmountable amounts of data, thanks to all the new apps that are going to the app store and play store every week.

Sensitive data includes people’s name, financial information, card details, contact details and a lot more. The value of the information that is being lost is also the challenge. The fact is that we do not really show such data the discretion that is required. Sample this: third-party applications have access to phone records, locations and even credit card details. Not just that, some of us also download apps from unverified sources across the web.

As a result of all this, 2018 was full of data breaches with malware and ransomware attacks. Some of these were so serious they flung the best of cyber security frameworks straight out of the window. But they’ve taught us all a very vital lesson. Here are the top ten data breaches of 2018.


Perhaps the biggest data breach of 2018 that affected a major social media platform was the Twitter data leak. It affected no less than 330 million users. In the initial months of 2018, Twitter teams found a bug that was unmasking and storing user information. All the data was stored in an internal file that made the information rather vulnerable to attacks.

Unfortunately, Twitter never released an official statement on the attack. But it was definitely talked about by everyone other than the organization. The public got to know of the news on May 3. Twitter received heavy criticism from general users as well as cybersecurity companies.


September 2018 did not bring pleasant news for Marriott. An internal security tool highlighted an attempt to breach the Starwood Guest Reservation database. Following investigations revealed that similar attempts were being made since the start of 2014.

As additional details surfaced, it was revealed that parties without proper authorization did not just access and copy, but even managed to encrypt some of the information. Worse still, a chunk of such information was also deleted. Close to 500 million records are estimated to have been lost through the lifetime of Marriott breaches.


Millions around the world use Ticketfly to look for events and buy tickets around the world. To make payments easier and quicker, people often saved their card data on the platform. Unfortunately, some 27 million people were affected in a 2018 data breach that hit Ticketfly servers.

On May 31 last year, hackers shut down the website for nearly a week. That happened after Ticketfly did not pay them the ransom. The hackers erased the home page and accessed employee and consumer information. Ticketfly shared the information publicly on June 7.


One of the most encompassing breaches of 2018, the Quora data breach affected no less than 100 million users. The breach was discovered on December 3 and almost every Quora user was targeted.

The magnitude of the Quora information breach is still unclear to the general public. All we know is that a third-party had gained access to usernames, contact details, email addresses and other information of users on Quora. Nevertheless, the breach could not have been possible unless the hacker gained access to Quora’s systems.


Ever since Cambridge Analytica blew up in our faces, Facebook has been at the center of everything data related. What happened in the third quarter of 2018 was only worse. Hackers exploited the “view as” feature of Facebook to steal access profile tokens. And Bam! Personal details of 29 million users across the globe went up in smoke.

The breach compromised extremely sensitive user information like phone numbers, email addresses and other personal details of as many as 29 million global users. The company officially told users told about the breach to users in September 2019.


Google+ was first affected by a cyber-attack on October 8. But details on the breach were released later to the public only later in the year. Most observers believe that Google feared they would attract major regulatory scrutiny from the authorities if they revealed earlier.

In the last month of 2018, Google shared information about another attack that they suffered the same year. The number of users affected by the attack was close to $52.5 million. These weren’t the only two occasions when the data security of Google was threatened. We could imagine how some of these breaches might have influenced the imminent Google+ shutdown in 2019.


In 2018, Vinny Troia informed Exactis of a number of data leaks. Exactis was quick to acknowledge the threat and disclosed it to the public in June itself. Personal information ranging from phone numbers, email addresses, age, genders, hobbies, habits and information on family.

Morgan & Morgan slammed a class action lawsuit in the wake of the breach. Close to 340 million users had their privacy in danger.


Cybercrime experts were up to a shock when the American education company came under a shrill cybersecurity attack. The Chegg databases were accessed by some “unauthorized party.” The company had received severe criticism for lack of transparency on the attack. In fact, Chegg did not release any official numbers for a long time after the attack. However, they did apprise the SEC of the figure.

While the Chegg data breach did not receive the kind of attention that Facebook did, the stakes were far higher. When they did notify users of the breach, close to 40 million Chegg users were notified.


In the world of predictive social media, MyHeritage trended for a while among users looking to build their family tree. The service seemed quite secure with two-factor authentication. However, there was still a potential data breach that took the MyHeritage user base by storm.

The case came to light when a security researcher found a critical file with vital user information. The blaring concern was the location of the file which was outside the MyHeritage database. The timely check prevented a huge potential breach. It is estimated that the data belonging to close to 92 million users could have been compromised because of the breach.

MyFitness Pal

An undertaking of Under Armor, MyFitnessPal was quite popular for the length of 2018. At the moment, they are battling lawsuits from a number of customers. It all started in February 2108, when some “unauthorized party” gained access to the user accounts.

The data breach was released to the public on March 29. The breach immediately had threat looming upon the personal information of close to 150 million users.

Futran Solutions specializes in delivering composite cyber security experts through tailored solutions and resources. As data threats are evolving in nature and magnitude, so are the experts and resources that shoulder the responsibility for securing data across different industries. Speak to a Futran cyber security specialist today to find out how we help you achieve your business and marketing objectives.