The largest data leaks 2024

CONTENTS

AT&T

Back in March 2024, a leak from the American internet provider AT&T was published containing the user data of over 73 million AT&T customers. This included names, telephone numbers, addresses, SSNs (Social Security numbers) and poorly encrypted passwords. At least 7.6 million of the passwords, i.e. over 10%, have already been decrypted by hackers. According to AT&T, they are not aware of the source of the leak. (Tech Crunch)

This was not the only time that AT&T’s customer data fell into the wrong hands. In April 2024, AT&T noticed a second leak in which phone numbers, call history and other metadata about calls and text messages were stolen. Message and call content is not recorded and, according to AT&T, was not stolen, but “almost all” 116 million customers are affected. The data comes from Snowflake, a company that AT&T uses to analyze customer data. (Tech Crunch)

Discord

Also in April of this year, the “service” spy.pet was launched, which had been recording and collecting messages on public Discord servers for months. Over 4 billion messages from over 620 million users, spread across 14,000 chat servers, are said to have been affected. Although the messages themselves are all public, spy.pet sorted them by user so that instead of having to search through all 14,000 servers yourself, you could see all of a user’s messages at once, including deleted and edited messages. (The Register)

Ticketmaster

May probably saw the biggest leak (in terms of numbers) of the past year. A hacker group under the name “ShinyHunters” retrieved 1.3TB of data from Ticketmaster, including names, addresses, credit card numbers and telephone numbers. 560 million users are said to be affected, mainly from the USA and Mexico. The leak, like the leaks from AT&T and many other companies (Santander, Adobe, EA, Mastercard, Canva, HP, …), came from a hacked Snowflake account. (BBC, Wired, Bitdefender)

Toyota

An American subsidiary of the Japanese car manufacturer Toyota was the victim of a far-reaching data leak this August. The 240 GB leak includes contact, financial, customer and employee data, as well as databases, network infrastructure, emails and other data.

All data since December 2022 is not included, which suggests that the leak may have been obtained from an old backup server. (Bleeping Computer)

Internet Archive

In October last year, the Internet Archive, the world’s largest online library and preservation site, suffered 3 major attacks. A DDoS attack followed by a data leak of the main site on October 10th. Another data leak of the Internet Archive’s Zendesk site became known on October 20. The Zendesk site was responsible for archive support requests. The first leak included login data from over 31 million user accounts, the second one included over 800 thousand partially confidential support tickets. (Bleeping Computer, Bleeping Computer)

IMG_84561

JONATHAN ZELLER
Junior Software Developer
sequire technology

Other articles that might be interesting for you