the Biggest Data Breaches of Summer 2016


Today, Yahoo confirmed that 500 million user accounts have been compromised in a data breach. In August, the infamous cyber criminal named “Peace” claimed he was selling the usernames, email addresses, telephone numbers, easily decrypted passwords and personal information of 200 million Yahoo users from 2012, prompting the announcement.

Unfortunately, since today is also the first official day of Fall, the Yahoo data breach didn’t make our list of  the most notable data breaches from this summer, but check out the other big names that did:

1. Email providers

In May, information indicating a massive breach of email accounts was released. A Russian hacker known as “the Collector” offered an impressive 1.17 billion email account records for sale on the Dark Web. The records came from a variety of well-known providers, including, Microsoft, Yahoo and Gmail. Fortunately, many of these records were duplicates. In addition, many of the unique records were not active anymore.

2. Wendy’s Restaurants

Another notable breach of the summer affected Wendy’s restaurantsAlthough this breach began in fall of 2015, its effects extended well into July of the following year. This incident–which involved the use of malware designed to steal credit card information–affected more than 1,000 locations. Wendy’s blamed this breach on a third-party service provider.

3. LinkedIn

LinkedIn Data Breach 2016Photo credit:

In June, LinkedIn announced a data breach that actually occurred four years prior. During this breach, hackers stole member IDs, email addresses, and passwords. However, up until summer 2016, LinkedIn failed to address the breach. Once the stolen information began resurfacing, LinkedIn took action by requiring mandatory password resets for every user’s profile to protect any accounts that may still be at risk.

4. MySpace

Back in 2006, MySpace was the victim of a massive data breach that resulted in the theft of 427 million passwords. During May of 2016, a hacker listed these passwords for sale on the Dark Web, and MySpace was forced to react. All users who still had active accounts were forced to change their passwords to prevent further problems.

5. Tumblr

On May 12, Tumblr learned of a data breach that affected a portion of its users. The breach occurred in 2013 when a hacker stole approximately 65 million unique emails and passwords. The hacker attempted to sell this information on the internet. In response, Tumblr notified the users affected and assisted them in changing their passwords.

6. Dropbox

Dropbox HackedPhoto credit:

Toward the end of summer, Dropbox announced that it was requiring nearly 69 million users to reset their passwords because of a massive data breach that occurred back in 2012. Although most of these users had already changed their passwords since the breach occurred, some accounts were still vulnerable. The passwords stolen were hashed, making it more difficult for hackers to break into users’ actual accounts.

7. Last.FM

In September of 2016, the severity of a 2012 data breach affecting Last.FM was finally uncovered. This breach, which was first announced in June of 2012, resulted in the theft of over 43.5 million user passwords. When Last.FM first announced the breach, all users were instructed to change their passwords as a precaution. However, no one realized just how serious the breach had been until this summer.


Yet another victim of attacks beginning in 2012 was, a Russian email provider, and internet portal. The attack compromised a database containing more than 98.1 million accounts. Data stolen included users’ passwords, usernames, social account data and email addresses. Because none of this data was encrypted, hackers could easily read it and use it without any additional effort.

9. U.S. Political Campaign Hacks

U.S. Political Hacking - DNCPhoto Credit:

Perhaps the most controversial data breaches of 2016 were those involving political figures and campaigns. On July 22, for example, Wikileaks published multiple emails stolen from the Democratic National Committee and from Democratic presidential nominee Hillary Clinton’s campaign. This leak eventually resulted in the resignation of the DNC chair. Russian Hackers were also found responsible for hacking the Democratic Congressional Campaign Committee (DCCC). Earlier in the election season, Bernie Sanders‘ staff members were able to gain access to data owned by Hilary Clinton’s campaign, which led to even more controversy.

10. Oracle’s MICROS Payment Systems

At the beginning of August, Oracle confirmed a hack affecting its MICROS division, which is one of the world’s leading point-of-sale services. The breach was uncovered when Oracle’s staff discovered malicious code in certain MICROS systems, as well as within the MICROS customer support portal. By the time the breach was brought to Oracle’s attention, hackers had already infiltrated the customer support portal, infected hundreds of computers belonging to Oracle and gained access to sales registers worldwide.

Honorable Mentions

Mark Zuckerburg Account HackedPhoto Credit:

Several celebrities were also the victims of social media cyber crime this summer. Celebrities whose social media accounts were hacked include:

  • Jack Dorsey – Twitter CEO Jack Dorsey’s account was briefly hijacked on July 9th.
  • Mark Zuckerburg – Facebook’s co-founder and CEO’s Twitter and Pinterest accounts were both hacked in early June.
  • Katy Perry – In May, Katy Perry’s Twitter account was hacked by a prankster who tweeted a friendly message to Perry’s rival, Taylor Swift.
  • Drake – On June 6, Drake’s Twitter account was hacked and used to promote another Twitter user’s account. The user responsible was suspended from the platform.
  • Kylie Jenner – Kylie Jenner’s Twitter account was compromised early in June. The hacker used her account to post insulting tweets.
  • Jack Black – Also in early June, the Twitter account of Tenacious D was compromised. The hacker used the account to incorrectly announce that Jack Black had died.

Here’s what to do if your account is compromised in a data breach

In light of these frightening data breaches, companies are trying harder than ever to protect their sensitive data. Unfortunately, even with the best protective measures in place, cybercriminals may still gain access to your account. To minimize the potential damage associated with data breaches, follow these tips:

  • Change your password immediately when you become aware of a breach. As soon as you learn that one of your accounts has been compromised, change your password. Make sure that your new password is unique, difficult to guess and very different from the stolen password.
  • Create unique passwords for all new accounts. When you create a new account, assign it a unique password that you don’t use for any other accounts. Otherwise, a cyber criminal who steals the credentials used for one account may be able to gain access to others as well.
  • Use a password manager.  If you have trouble remembering all of your passwords, consider using a password manager like Dashlane to simplify things.
  • Sign up for email alerts. For each account you manage, sign up to receive email alerts when a change is made. If you receive an email about a change you didn’t authorize, change your password immediately.
  • Monitor your most important accounts. Monitor your most important accounts, such as those used for financial transactions, carefully. If you notice suspicious activity, change your password and report the activity to an account provider.


Tell me how you reacted after you heard about these data breaches. Did you immediate change your password? Did you take extra time to verify the breach? Share your thoughts with me in the comments below.