The 9 Biggest Privacy And Security Breaches That Rocked 2013


If you’ve been paying attention, you know that 2013 has been a terrible year for data security and privacy.

The year kicked off with a flurry of breaches that mainly hit social media sites and continued throughout the year. From Facebook to Twitter account hacks up to Target’s recent — and massive — credit card breach, 2013 has shown us that no matter what, our personal data hasn’t been more at risk.

Here’s a look at the biggest data breaches that may make you consider going off the grid in 2014:

1. Social media giants Facebook, LinkedIn, among others, get hacked…repeatedly.

In February, Twitter, Pinterest and Tumblr inadvertently suffered a breach after their customer service provider, Zendesk, got hacked. No passwords were compromised but thousands of user emails were obtained and likely would have been used in email phishing scams to get more personal information.


Fast forward to late November, when hackers stole usernames and passwords for nearly 2 million accounts at Facebook, Google, Yahoo, LinkedIn, Twitter and 93,000 other websites. That breach was a result of malware installed on user computers that swiped log-in credentials for thousands of sites for over a month. Facebook accounts were compromised the most, followed by Google, including Gmail and YouTube.

2. Nearly 40 million Target customers’ credit and debit card numbers were stolen in midst of holiday shopping rush.

From right after Thanksgiving to just before Christmas, cyber-thieves stole Target store shoppers’ credit card numbers and debit card PINs — the four-digit number used to access bank accounts. The breach highlighted the United States’ use of outdated credit card security technology and lack of protective legislative reform. Target will likely continue to deal with the massive breach fallout in the New Year, including dealing with civil lawsuits from affected customers.

3. Hacker group Anonymous targets Twitter accounts.

The breach compromised 250,000 user emails and passwords, following two similar attacks involving The New York Times and Wall Street Journal computer networks late January. Twitter was able to find and shut down a live attack back in February and has since implemented a two-step authentication process to help make user information more secure.

4. Adobe breach snowballs into multi-network security risk.

In the October breach, Adobe reported that 3 million customers’ credit card information was stolen. A source code leak also exposed almost 40 million user emails and passwords. But the breach’s affect spanned beyond Adobe’s Photoshop users. According to Krebs on Security blog, more than 150 million Adobe username and password combinations were posted to But the Adobe breach may have had more far-reaching effects: “The problem is compounded by users who write password hints that tie back to their banks, home addresses and Social Security numbers,” The New York Times reported.

5. System bug exposes 6 million Facebook users’ personal data in yearlong breach.

Facebook said the leaks, which began in 2012, were the result of a technical glitch that was corrected in June. But the social media site maintained that the information wasn’t abused: “We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing,” Facebook said in a blog post.

6. Upwards of 50 million LivingSocial user emails and passwords get stolen.

But the Washington, D.C.-based daily deal site assured its affected customers that their passwords were “hashed and salted” — or had an extra layer of cryptographic encryption — and supposedly harder to decode. As a result of the breach, LivingSocial updated its hashing security measures.

7. Evernote resets about 50 million account passwords after data breach.

The mobile data storage company’s security team uncovered an attempt to access its restricted corporate network in March.


8. The U.S. Department of Homeland Security finally corrected a four-year error in the software it uses to process employees’ background checks.

Social Security numbers, birth dates and names were unprotected due to the third-party software vulnerability. DHS was aware of the problem since 2009 and just fixed in May. The agency didn’t disclose how many of its almost 250,000 employees were affected during the four-year period.

9. Federal Reserve Bank website hacked by Anonymous.

As a part of “Operation Last Resort,” the political hactivist group posted a link to a third-party site where users could download the stolen contact information, including phone numbers and email addresses. The Federal Reserve said the hackers exposed a “temporary vulnerability in their third-party website vendor product,” CNN reported.