Friday, May 2, 2025
HomeCyber Security NewsThe 10 Biggest Data Breaches of 2018

The 10 Biggest Data Breaches of 2018

Published on

SIEM as a Service

Follow Us on Google News

Hackers have become more sophisticated, dangerous and with the built in advanced automated tools they carry out a wide variety of processes to breach data.

Here is the lookback of Top 10 Biggest Data Breaches and leaks reported in 2018 which made a huge impact on the organizations.

Biggest Data Breaches – 2018

Starwood Hotels

Marriott International announced a security breach that affected more than 500 million guests who made a reservation at Starwood Hotels and resorts.

- Advertisement - Google News

Hackers gained unauthorized access to the Starwood network since 2014, they copied, encrypted information and taken steps to remove it.

Exactis

Marketing Firm Exactis exposed more than 340 Million Americans sensitive records Online which is estimated more the Equifax data breach that occurred a few months before.

Leaked data contains millions of peoples personal sensitive information phone number, home address, email address, even how many children have in leaked users data.

MyFitnessPal

MyFitnessPal data breach affected more than 150 million user accounts. Attackers stole the usernames, email addresses, and hashed passwords.

The breach occured in February of last year and the company identified the unauthorized data access from their servers on March 25, 2018.

Quora Hacked

Quora exposed more than 100 million users accounts. Hackers gained unauthorized access to the servers and stolen account information, Public content and actions, and Non-public content and actions.

CPF Exposed

120 Million Unique CPF of Brazilian citizens exposed online form a misconfigured Apache server. The highly personal information is openly available for everyone.

The exposed data contains sensitive information that linked CPF includes banks, loans, repayments, credit and debit history, voting history, full name, emails, residential addresses, phone numbers, date of birth, family contacts, employment, voting registration numbers, contract numbers, and contract amounts.

U.S Citizens Records

An unprotected database that contains more than 114 million U.S Citizens records exposed online and the estimation of affected peoples are 82 million and more.

It was completely available for the public including the information of the first name, last name, employers, job title, email, address, state, zip, phone number, and IP address.

MyHeritage

MyHeritage Announced its massive data breach that leaked around 93 Million registered users sensitive data.

Leaked files contains email addresses and hashed passwords of 92,283,889 users who all are signed up the MyHeritage up to and including Oct 26, 2017.

Facebook – Cambridge Analytica

Over all 87 Million affected Facebook Users has been identified and most of them in the US but at least 1 million Facebook Users in the UK and More than 1 Million Facebook Users affected in Indonesia, the Philippines alone.

Google+ Shut down

Google announced Google+ shut down following the security breach that exposed 500,000 Google+ accounts.

The bug allows third-party developers to access user’s name, email address, occupation, gender, and age.

E-marketing Database Exposed

A huge customer database with 11 million records that containing personal details such as email, full name, gender and physical address exposed online. The data to be available from the unprotected MongoDB instance and it is open for anyone to access it.

Cathay Pacific

Cathay Pacific limited suffered a major data breach that affected more than 9.4 million passengers personal data.

According to Cathay Pacific, the following data are details accessed by hackers such as passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number, customer service remarks, and historical travel information.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...