7 of the Largest Little-Known Data Breaches in Recent History


April MillerSenior IT and Cybersecurity Writer for ReHack Magazine

Wednesday, April 27, 2022

Today’s biggest data breaches almost always make headlines, but with so many, even some of the largest slip through the cracks.

Article 4 Minutes
7 of the Largest Little-Known Data Breaches in Recent History
  • Home
  • IT
  • Security
  • 7 of the Largest Little-Known Data Breaches in Recent History

Over the years, data breaches have only grown larger, impacting more and more users as hacking strategies evolve. As a result, only the most infamous breaches are widely remembered, such as the 2013 Target breach.

It’s difficult to miss a data breach at a major company or organization. These seven, however, are lesser-known than other major breaches in recent history.

1. eBay (2014)

The 2014 hack of ecommerce site eBay is one of the less obscure data breaches on this list. It didn’t get as much attention as other breaches its size tend to, though. In 2014, hackers compromised data from 145 million user records on eBay’s network. At the time, it was one of the largest breaches in history.

In the years since, however, far bigger breaches have occurred. Passwords, account information and personal information was stolen in the 2014 eBay breach, but financial data was kept safe.

2. MongoDB (2017–2020)

MongoDB – a document-oriented database program – has had trouble with data breaches multiple times in recent years. From 2017 through 2020, hackers used ransomware against MongoDB clients for months on end. The hackers initially took advantage of databases that users and companies left vulnerable to attack on MongoDB.

Reports indicate there were about 60,000 such exposed accounts. Throughout the series of breaches, hackers downloaded information from databases, deleted data and demanded ransom payments for stolen data.

3. National Lottery (2018)

In 2018, hackers used a strategy known as “credential stuffing” to steal account information for 10 million users on the U.K. National Lottery’s website. Credential stuffing takes advantage of people who reuse usernames and passwords on numerous websites by trying one set of stolen login credentials on numerous sites.

As a result, over 10 million users had to change their National Lottery login information. Many other lottery organizations today have detailed security policies, including regulations to protect the integrity of lottery games as well as players’ data.

4. Wattpad (2019)

In 2020, 270 million users had data compromised on the online writing community Wattpad. Many users at first feared their creative work or private messages had been stolen, creating potentially serious intellectual property risks. However, Wattpad quickly reassured users that no story data was taken, only passwords and account information. Other private information was compromised, though, including birthdates, gender data, account names, and IP addresses.

Nonetheless, this is an interesting case in recent data breaches because many users were more concerned about the safety of the content they’d created than their passwords or personal information.

5. Animal Jam (2020)

The children’s online game Animal Jam was hacked in 2020, in a breach that affected 46 million users and went undetected for a month. This breach compromised different bits of data for different users. The largest portion, including 32 million users, had at least their username compromised. Only about 5.7 million of the 46 million users had their full date of birth compromised.

Thousands of parents’ accounts were also breached, including sensitive billing details. Breaches like this can lead to credential stuffing by abusing the fact that many children reuse passwords between websites. Animal Jam responded to the breach by resetting all account passwords and sending out detailed security updates to users.

6. VTech (2015)

VTech is a less well-known brand name than others that have made headlines for large data breaches. In 2015, though, the toy company revealed that hackers compromised the data of over 6.4 million children through VTech’s online apps. At the time, this was the largest breach to ever specifically target children, until the above-mentioned Animal Jam hack five years later.

The compromised data from VTech’s network included private information on parents as well as children and affected users in 10 different nations.

7. TD Ameritrade (2007)

The 2007 TD Ameritrade data breach is often forgotten today since so many much larger breaches have occurred over the last decade. In 2007, though, the TD Ameritrade hack was one of the largest cybersecurity breaches in history. Data belonging to 6.3 million customers was compromised in the breach of the online brokerage firm’s network. Hackers stole private information such as names, phone numbers and home addresses, although TD Ameritrade reported that no Social Security numbers were compromised. The breach resulted in a $1.8 million class-action lawsuit against TD Ameritrade.

Preventing headline-worthy data breaches

Arguably the most shocking detail about all of these data breaches is the fact that they remain lesser-known incidents. Today’s largest data breaches result in hundreds of millions of records being compromised – magnitudes more than those seen in earlier years. This clearly indicates that cybersecurity may be getting better.

Thankfully, so are hacking strategies. Businesses, organizations and individuals need to all stay at the cutting edge of cybersecurity to prevent future headline-worthy data breaches.

April Miller

April is a senior IT and cybersecurity writer for ReHack Magazine. She aims to make technical security topics easily accessible for a broad audience and is passionate about educating readers on how they can use their technology to make the most of their workplace.


Join the conversation...