Click to Skip Ad
Closing in...

Altogether, more than 1 billion people had their data compromised in 2018

Published Jan 4th, 2019 8:08PM EST
Data breaches 2018

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

From credit card skimming to technology bugs to massive outright hacks, 2018 was one of if not the worst year on record in terms of data breaches that hit companies and hurt consumers around the world.

According to NordVPN digital privacy expert Daniel Markuson, when you tally up all of the most significant and worst data breaches of the year, the result you arrive at is the stunning fact that we learned more than 1 billion peoples’ data was potentially compromised at some point in 2018. Markuson notes in a review of all the breaches that “The scope of these attacks shows that even the biggest corporations are vulnerable and are prone to errors.

“This means that it’s becoming more difficult to trust them as we never know when our data is going to end in the wrong hands. Unfortunately, we have little to no control over when the next company will be hacked, but we can take a few precautionary steps to protect our data.”

Those steps include providing companies with only the absolute minimum information they need about you. The less data they have about you, the less that can be stolen. Change your passwords. Also, use strong and unique passwords, and think twice before posting information on social media that can be used against you.

Of course, those are obvious steps that most people would probably admit they know. It’s actually putting them into practice that’s a whole other matter. And even then, there’s only so much you can control. As Exhibit A, here’s a rundown of the data breaches and compromises from 2018, per Daniel’s analysis:

British Airways — 380,000 accounts

Attackers got access to customer names, addresses, emails and payment data at the airline, which said that between August 21 and September 5 some 380,000 transactions were compromised on the airline’s website and app. According to Daniel’s rundown, “hackers found a loophole in BA’s booking page, injected malicious code and instantaneously sent customer data to their own server.”

Google+ — 500,000 accounts

Amazingly, a bug at Google’s failed social network went unnoticed for three years. Once the company found it, perhaps scared by what Facebook went through with Cambridge Analytica, they decided to keep quiet. In all, the bug gave third-party developers potential access to half a million accounts and tons of user data like birthdays and occupations. There’s no evidence developers actually misused any data, but Google took the opportunity to just shut the consumer side of Google+ down completely, for good.

Tickey Fly (owned by Eventbrite) — 27 million accounts

As Daniel notes, this event ticketing website got hacked by a cybercrook by the name of IsHaKdZ “who stole the data from 27 million accounts.” The Washington Post confirmed the data stolen was authentic and also spoke with the hacker, who replaced the company’s homepage with an image from the movie V for Vendetta.

Uber — 57 million users

The ride-sharing company disclosed that hackers stole the data of 57 million customers and drivers. They got data including names and phone numbers of 50 million Uber riders around the world as well as personal information of some 7 million drivers. Not only that, Uber paid off the attackers in an attempt to get them to delete the data they stole.

Facebook — 147 million accounts

It started with 50 million users back in March. The disclosure that British political consulting firm Cambridge Analytica got inappropriate access to millions of Facebook user accounts set the social networking up for a terrible year for the duration of 2018. Not only did Cambridge Analytica use information it acquired to help elect Donald Trump, but a subsequent Facebook bug exposed the data of another 90 million users in September and then another 7 million in December.

MyHeritage — 92 million users

MyHeritage, which tests your DNA to give you information about your family tree, inadvertently leaked email addresses and passwords of more than 92 million users in a mishap spotted in June.

Quora — 100 million users

A hack of the question-and-answer website Quora put details related to 100 million users at risk. Quora acknowledged that ‘a malicious third party’ accessed sensitive information in the company’s database.

Firebase — 100 million users

Google-owned development platform Firebase leaked data associated with more than 100 million users, according to Daniel’s rundown. “The platform might not be well known to everyone, but it’s widely used by mobile developers,” he notes. “Appthority researchers scanned 2.7 million iOS and Android apps that connect to and store their data on Firebase. They found that over 3,000 of those apps were connected to a misconfigured database that could be accessed by anyone.”

My Fitness Pal — 150 million users

The food and nutrition app My Fitness Pal disclosed early in 2018 that it had leaked the data of 150 million users. Hackers got usernames, email addresses and passwords. But once the company found out about this, they were super-fast in notifying users, which happened just four days later.

Twitter — 330 million users

Twitter, which isn’t usually in the news for this kind of thing (at least anytime recently before this), acknowledged this year that a security bug had exposed the passwords of some 330 million users.

Marriott — 383 million users

Marriott, at first, seemed poised to take the dubious honor of being the cause of the biggest data breach of the year. The hotel chain initially said that the data of about half a billion users had been exposed when hackers broke into its booking system and got their hands on customer data going back four years. However, Marriott today revised that number down to about 383 million users who likely had their names, addresses, phone numbers, card numbers and more end up in hackers’ hands. Making this worse — it doesn’t appear the data here was used for financial gain, making it seem likely this was a state-sponsored attack.

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.