15 Cloud storage data breaches

BySafety Crave team
15 Cloud storage data breaches

In 2024, using weak or simple passwords for cloud storage is no longer acceptable. Such practices can allow hackers to gain unauthorized access to cloud your accounts. Reports indicate that 45% of data breaches are cloud-based. Various factors contribute to cloud storage breaches, such as data not being improperly encrypted data or not encrypted at all, or the absence of multi-factor authentication (MFA), which makes it easier for attackers to breach accounts.

We’ve compiled 15 common data breaches to illustrate that even large companies are vulnerable, emphasizing the importance of taking proper measures to keep your data safe and secure.

Common types of breaches

  • Leaked Credentials : Unauthorized access is gained by exploiting breached credentials from third-party breaches or info stealers
  • Phishing Attacks : Users fall into revealing personal data through deceptive emails and messages
  • Malware : Malicious software is injected into your system by which you can lose access to data until a ransom is paid
  • Human Error : Sensitive information can be sent accidentally to the wrong recipients or poor security practices can expose your data.
  • Lost devices : Lost or stolen devices containing sensitive data can lead to unauthorized access.

Famous Breaches

The following list includes some of the most well-known data breaches that have affected big businesses throughout the years, many of which highlight the weaknesses in cybersecurity procedures and cloud storage:

1. Dropbox 2012

In 2012, Dropbox experienced a breach that compromised more than 67 million users data. The breach was not revealed until 2016 when the breached content was exposed on the dark web. This delay left the unaware users vulnerable. The breach was occurred because of the weak password in an employee’s account that raised concerns about the transparency and security practices of Dropbox. Following this, Dropbox made all users reset their passwords to prevent similar leaks in the future.

2. iCloud 2014

The hackers gained unauthorized access to celebrities’ accounts, revealing their private pictures online. The reason was weak security measures and poor password management. Apple denied the service was directly hacked and stated that phishing schemes and poor passwords were the reasons. However, this raised public awareness of creating complex passwords and using security measures.

3. Code Spaces 2014

It is a cloud hosting and project management service. Attackers gained access to the Amazon Web Services control panel and demanded ransom with a threat of data deletion. The attacker deleted most of the stored data as retaliation when Code Spaces tried to regain control. The business operation, customer data, and backups were wiped out leaving no chance of recovery. Code Spaces were forced to shut down permanently within the days of the breach.

4. Evernote 2013

A famous note-taking app, Evernote, experienced a breach of sensitive data, including email addresses and passwords. The app enforced a quick password reset and strengthened the password encryption methods adding 2FA. This incident proved that even encrypted data can be compromised.

5. Adobe 2013

Adobe suffered a breach of encrypted passwords and credentials, making it the largest breach in history affecting 153 million users in 2013. Attackers were able to steal . Not only were the individuals affected, but the products of the company were also exposed. Adobe used a weak encryption method which was easy to crack. Adobe enforced password reset as a response and strengthened security measures.

6. LinkedIn 2012

Attackers cracked 6.5 million hashed passwords and exposed them online which revealed the inadequate security measures and the use of a weak SHA-1 algorithm. The company faced criticism for not using stronger encryption methods. Ultimately, LinkedIn increased security efforts and stronger encryption to prevent such incidents.

7. Yahoo 2013-14

In the largest data breach, hashed passwords, email addresses, and even security questions were accessed. The breach was not disclosed until 2016 impacting additional 1 billion users. The compromised data was personal information that could be used again for attacks. Yahoo failed to disclose the breach immediately, which led to widespread criticism and a $350 million reduction in the purchase price.

8. Uber 2016

A breach compromising 57 million drivers’ and customers’ data occurred in 2016. Hackers accessed the Amazon Web Services S3 cloud bucket that contained the personal data and license details of 600,000 drivers. Uber decided to pay the ransom of $100,000 in an attempt to keep the incident hidden. Uber could not disclose the breach which led to criticism.

9. Capital One 2019

In 2019, a former AWS employee exploited a weakness in the company’s cloud which resulted a breach and unauthorized access of data. Over 100 million users were affected. Attackers used a misconfigured firewall on Capital One. The company faced scrutiny and was required to implement enhanced protocols.

10. Microsoft 2019

In 2019, a breach affecting the Azure cloud storage of Microsoft exposed around 250 million customer support records. The reason was misconfigured security settings in the cloud infrastructure. Sensitive data highlighting vulnerabilities in the cloud service management was revealed. Microsoft conducted a thorough investigation to prevent future incidents.

11. Marriot 2018

A breach in Cloud-based reservation system compromised the data of over 500 million guests. The breach was traced back to the Starwood guest reservation database that Marriot had gained in 2016. This means the breach had been undetected for years. Marriot faced scrutiny and legal challenges including fines.

12. Facebook 2019

A significant data breach that exposed the info of over 540 million users occurred in 2019 due to misconfigured Amazon Cloud Storage. A substantial amount of personal IDs, comments, reactions, and account details were revealed. The reasons were improper security measures which left the data accessible. Facebook and Amazon faced scrutiny regarding data protection methods and the breach highlighted the potential risks associated with data storage.

13. My Heritage 2017

My Heritage is a genealogy platform and the breach exposed email addresses and hashed passwords. The reasons were the vulnerabilities within the platform’s cloud storage. The platform took immediate steps to improve security protocols and notified affected users to take actions.

14. Accenture 2017

Amazon Web Services S3 buckets were exposed leading to a breach. The buckets contained sensitive information. The number of clients affected by the breach is unspecified which raised concerns about security practices. Accenture took immediate steps to secure the exposed buckets.

15. Verizon 2017

An employee error involving an unsecured S3 Amazon bucket led to a major data breach in 2017. The bucket became publicly accessible, exposing the data of 14 million Verizon customers. Verizon worked to address the security lapse and conducted a thorough investigation. The breach underscored the need for regular audits, rigorous test controls, and employee training to prevent such mishaps

Leave a Reply

Your email address will not be published. Required fields are marked *