TechGuard Blog

2018's Major Breaches

Just like that, 2018 has come to an end. As we start to embrace the new year and our improved cybersecurity plans, let's recap some of the major breaches of 2018. Although we cannot change the past, understanding the vulnerabilities and major industries that took a hit can help you with your company's mission to tighten your security posture and to prevent the possibility of a breach.

Ten Significant Breaches in 2018

1. Marriott Starwood Hotels

500 million physical addresses, birth dates, passport numbers and credit cards were compromised. When Marriott purchased Starwood Hotels and Resorts in 2016, they inherited a malware issue with their acquisition. As a result, its Starwood guest list had been compromised going back to 2014. This is one of the largest hacks on personal information.

2. Exactis

This data broker in Florida was under fire in June after a security researcher discovered a big mistake: 340 million US citizens' private information including phone numbers, addresses and information such as how many children you have were leaked. This marketing and data aggregation firm exposed a database on a publicly accessible server. This breach is unique because of the depth and specificity of the information.

3. MyFitnessPal

Under Armour's app MyFitnessPal announced in March that in February, 50 million accounts were compromised, including user names, email addresses and hashed passwords. Privacy has become a great concern for consumers.

MyFitnessPal has the capabilities to collect precise performance and location data which can be unsafe if a malicious hacker gains this private information. MyFitnessPal urged members to review their account and change their password.

4. Quora

100 million accounts were exposed in this breach of a question and answer website, giving access to a 'malicious third party'. The account information included names, email addresses, passwords and personal activity from the website as well as other linked networks. Quora did not announce how the breach occurred.

Even more alarming is that when many of the clients received the notification from Quora to change their passwords, they did not even realize they had an account. This incident is an important reminder to check what types of social media accounts you might have registered for even if they are no longer in use. To discover if you have these types of accounts with Facebook or Google, go to your profile picture and then select "settings". Choose "account" from the sidebar menu. Scroll down to see connected accounts and disconnect any accounts that you choose.

5. MyHeritage

92 million users were affected by the data breach of this company that utilizes DNA to show heritage. Both emails and hashed passwords were exposed. Although some might feel relieved that the passwords were hashed, remember that the security of the hashing depends on the hashing level used. In addition, weak passwords are subject to rainbow table attacks even when they are hashed. In this attack, a security researcher reported finding a file that contained the email addresses and hashed passwords on a private server.

6. Cambridge Analytica

87 million people were affected. This company used personal information taken without permission back in 2014 for marketing and advertising. They exploited Facebook and used their valuable data to target their ads and influence US voters. The data was collected through an app called "thisisyourdigitallife".

7. Google+

52.5 million users were affected by this vulnerability in which profile information including name, email, occupation, gender and age were exposed due to a bug discovered by Google in March 2018. Google+ shut down but some people felt that Google+ was not upfront and honest about the vulnerability since they did not inform the public until October 2018.

8. Facebook

50 million individuals were found to be vulnerable. The information that was obtained included name, gender and hometown information. Attackers found three software flaws allowing them to gain access. These vulnerabilities were introduced in July 2017 but Facebook did not discover them until September 16, 2018 when they noticed an unusual spike in activity, which means the hackers may have had access to the data for quite some time.

9. Chegg

40 million registered users' private information was breached in April 2018 but Chegg (a resource for students) didn't discover it until September 2018. As a result, their stock fell more than 12% in less than a week after the announcement, confirming the impact of a company breach. It was revealed that an unauthorized party gained access to a database with names, emails, shipping addresses and passwords.

10. Saks and Lord & Taylor

5 million customers were affected associated with these retail chains owned by Hudson Bay Company. Five million customers are significantly less than some of the other breaches but this breach was extremely scary considering that credit and debit card numbers were exposed. The attackers implanted software to steal data into the cash register systems at the stores.

Moving forward in 2019, we recognize that no industry is off limits from a potential breach or attack. To ensure that you are prepared for these types of risks, talk to a cybersecurity specialist at TechGuard.

Speak to a Cybersecurity Expert

Thank you for your interest in TechGuard Security. Please contact us with any questions or comments:

Call or Email:     Phone: 855-477-7453     Email:

Check out our other blogs on Breaches:

Who’s Ready for a Breach?

How to Respond to a Breach within your Company