The largest password leaks of all time

From time to time, one of your passwords can get compromised because it wasn’t secured properly. In the history of the internet, there were, however, moments when hundreds of millions passwords or other sensitive personal details leaked at the same time. We have looked at some of the most astonishing data breaches.

Password leaks are usually the result of a direct hackers’ attack or of poor configuration of the system in question. They occur day and night but usually involve a limited amount of sensitive information. In the following cases, the numbers were incredibly high and the consequences grave. We choose the most interesting sensitive information leaks and rank them according to the amount of breached accounts.

1 RockYou21, 2021, 8.4 billion records

RockYou2021, named after a leak in 2009, is a compilation revealed on a hacker forum of more than 8 billion passwords, which makes it the largest set of passwords to leak in the history of the internet. Since there are only about 4.7 billion people online around the world, potentially all of us could have been affected. Such a huge database of passwords can be used by anyone and is a very strong weapon when it comes to password spraying attacks. Especially those who recycle their passwords are in danger of having one of their accounts stolen.

2 Yahoo!, 2013–2016, 3 billion records

The Yahoo! leaks are another leak to pass the threshold of billion accounts. During a couple of years, about 3 billion accounts were compromised by hackers hired by Russia’s Federal Security Service, the FSB. The company created a fund to compensate some of its users, and the value of the company, which was at the time being sold to Verizon, dropped significantly. Although no passwords in plain text were stolen, security questions were revealed, making the leak a serious cybersecurity threat.

3 Aadhaar, 2018, 1.1 billion records

In March 2018, the entire database of biometric data of the citizens of India became available for sale online. Virtually all Indian citizens are made to register in the database, because only then can they carry out certain administrative tasks. Apart from personal details, a software that enables the user to generate new IDs was sold by the seller. The breached system was run by a utility company.

4 Facebook, 2019, 540 million records

Sensitive data of about 540 million users were publicly exposed on the Amazon Cloud service. Although the event involved only a relatively small number of passwords, telephone numbers were among pieces of disclosed information, which can be used to lure other data or to steal an account. It’s fair to say that the sensitive information was exposed not by Facebook itself but by other companies using it for their own purposes. It’s clear, however, that Facebook pays insufficient attention to the handling of the big data they collect and sell to gain profit.

5 Marriott International, 2014–2022, 500 million records

This hotel franchise has suffered a series of data breaches resulting in the leak of sensitive information of more than 500 million guests. The causes varied over time, but the sole fact that the company was not able to secure their customers sensitive data on several occasions shows that their attitude towards cybersecurity is unsatisfactory, to say the least.

Stay safe

The cybersecurity risks to your accounts are high. You can’t do anything about the security level of the services you use, but you can minimize the number of threats by handling your passwords with care. Go for Passwd and get a secure storage for your sensitive details.