10 biggest 2018 data breaches — and what they mean for 2019

Data is the new fuel that drives corporations and governments. As a result, data is precious to all hackers, cybercriminals, and foreign governments. Thanks to the millions of applications each mobile user downloads and uses, there are tons of useful and sensitive data lying in corporate databases for the hackers to intercept. This data includes an individual’s name, contact details, bank account information, card details, and much more. The challenge arises from the fact that our information is valuable, but we rarely deal with this information discreetly. We allow third-party apps to access our phone records, we store payment information on application databases, and we often download and use apps from untrustworthy sources across the web. So it’s no surprise that 2018 saw more than its share of ransomware and malware attacks. It resulted in some of the worst data breaches in the history of computing and cybersecurity. Learning about these breaches help us understand what went wrong and how we can secure our sensitive information better in the future. Here are the top 10 2018 data breaches.

1. TicketFly

TicketFly is a popular online platform used by millions to find events and purchase tickets. Most of the users save their card details and account details on the server for easy access and instant payment.

However, close to 27 million users fell victim to a data breach that affected TicketFly in 2018.

On May 31, hackers shut down the website for a week after the sporting-event and concert ticketing website refused to pay the ransom.

The hackers replaced the homepage and gained access to consumer data, employee data, and other information. The company disclosed the information on the attack on June 7.

2. Facebook


A lot has been happening in the headquarters of the leading social networking site since the Cambridge Analytica days. Between July and September 2018, hackers leveraged the “view as” feature on Facebook to steal tokens for access profiles.

This breach compromised the personal details of close to 29 million users across the globe. It divulged personal information including names, phone numbers, email addresses, and other personal details Facebook collected over time.

The breach was disclosed to the general users on September 28.

3. Chegg

The American education company has come under the radar of cybercrime experts due to its 2018 data breach. An “unauthorized party” accessed user data stored in the Chegg databases. The company received some flak for not disclosing the hack to the affected consumers, but only to the SEC.

The hackers gained access to the user’s names, shipping and billing addresses, payment details, usernames, passwords, and email addresses. Close to 40 million user accounts were directly affected by this breach that was first discovered on Sept. 19.

4. Google+

Google Plus

The first wave that hit Google+ was reported on Oct. 8. However, Google disclosed the details of this breach later the same year, reportedly because of the fear of regulatory scrutiny this breach might have attracted.

In December, Google revealed the details of another data breach that happened the same year, leaving the data of close to 52.5 million Google+ users vulnerable to hackers. Last year was a trying one for Google during which the corporation faced multiple threats and possible data breaches (and other issues as well). It should be noted that Google+ is shutting down in 2019.

5. MyHeritage

MyHeritage had been trending among Gen X users and today’s young adults interested in their genealogy and building their family tree.

Although the service providers added two-factor user authentication to increase the security, the potential data breach that hit MyHeritage was one of the worst in recent times.

A security researcher found a critical file containing user information outside the MyHeritage server. The potential breach could have revealed the data of more than 92 million users. It was first discovered on June 4 and revealed on the same day.

6. Quora

Quora’s data breach had a whopping 100 million victims. All Quora users were targeted during this breach, which was discovered on Dec. 3.

The details of this breach are still foggy, but the reports do tell us that a third-party gained access to the usernames, email addresses, contact details, and other information. The hacker had done so by gaining access to one of Quora’s systems.

7. MyFitnessPal

The fitness company is currently facing a number of lawsuits, some related to the 2018 data breach. It all began in February 2018, when an “unauthorized party” gained access to the MyFitnessPal user accounts.

The company, which is owned by fitness-gear maker Under Armor, released no further information while disclosing the data breach to the public on March 29. It left the data of more than 150 million users vulnerable to cyberattacks.

8. Twitter


The Twitter data breach affected more than 330 million users. In the first quarter of 2018, Twitter discovered a bug that was storing the user information unmasked.

This bug was storing the user data in an internal file that made the information vulnerable to ransomware attacks. Although the controversial corporation has officially not released an update on data breaches, it was inexcusable for any large corporation.

The news was disclosed to the public on May 3. It attracted a deluge of controversies and backlashes from cybersecurity companies and general users.

9. Exactis

Security researcher Vinny Troia informed Exactis of a comprehensive collection of data leaks in the mid-2018.

Exactis immediately disclosed it to the public on June 27. The breach leaked the names, addresses, phone numbers, email addresses, and other sensitive details like age, genders, and information on the user’s family, habits and hobbies.

This breach resulted in a class-action lawsuit by Morgan & Morgan. It jeopardized the privacy of close to 340 million users.

10. Marriott

In September, Marriott was first notified by an internal security tool about attempted unauthorized access to the Starwood Guest Reservation database.

However, during the follow-up investigations, Marriott authorities found that there have been several attempts and successful access to the database since early 2014.

More details state that the unauthorized parties accessed, copied and encrypted consumer information and proceeded to delete the same in the last few years. The Marriott breach resulted in the leak of data from over 500 million guests, clients, and vendors.

What did we learn from 2018 data breaches?

These 2018 data breaches show us that even the most popular — and presumed to be secure — social networking sites, advanced hospitality websites, and fitness apps are not safe from the hacking attacks.

They may have the latest technology to fortify the data of their clients and consumers, but hackers are developing newer and better technology to overpower the anti-viruses, firewalls, sandboxes, and malware detection mechanisms that public departments and corporations are employing.

The only way to keep your data safe is by not saving your phone number, bank details, and card details on third-party application databases.

Secure your accounts with strong username-password combinations even when typing your username-password 10 times a day feels like a chore. It’s a lot better than losing access to your account.

Featured image: Shutterstock

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top