Well folks, it's that time of year again. Time to reflect on the past decade and take a look at the top 5 cybersecurity breaches that had us all on the edge of our seats. And boy, did we have some doozies to choose from.

Starting off at number 5,

we have the infamous Yahoo data breach of 2013. This little gem affected a whopping 3 billion user accounts, including email addresses, telephone numbers, and even security questions and answers. But don't worry, Yahoo assured us that our passwords were safe and secure. Oh wait, never mind, they were also compromised. But hey, at least they offered two years of free credit monitoring, because who doesn't love a good credit score, right?

Coming in at number 4,

we have the infamous Target data breach of 2013. This one was a real crowd pleaser, affecting 40 million credit and debit card accounts and personally identifiable information of up to 110 million customers. But the real cherry on top? Target didn't even discover the breach until a month after it happened. Talk about a security fail. But don't worry, they did offer their customers a 10% discount on their next purchase. Because, you know, that makes up for potentially losing your entire identity.

Number 3

on our list is the breach of the US Office of Personnel Management in 2015. This one was a real treat, as it affected 21.5 million current and former government employees, including sensitive information such as fingerprints and security clearance details. But don't worry, the government assured us that it was not the result of a hack, but rather "a sophisticated cyber intrusion." Because that makes it all better, right?

Our runner-up for the silver medal

is the Equifax data breach of 2017. This one affected a staggering 143 million customers, including their names, addresses, Social Security numbers, and even driver's license numbers. But the real kicker? Equifax's own security team had identified the vulnerability months before the breach occurred, but failed to patch it. But hey, at least they offered affected customers a free credit monitoring service and a $125 cash payment. Because, you know, that's totally worth it.

And finally, we have the granddaddy of them all, the Facebook data breach of 2018.

This one affected a whopping 87 million users, including their personal information, such as their location, interests, and even private messages. But don't worry, Facebook assured us that the data was only used for "research purposes." Sure, because that makes it all better.

So there you have it, folks. The top 5 cybersecurity breaches of the past decade. And while we may have lost our personal information and trust in these companies, at least we got some free credit monitoring and discounts out of it. Because, you know, that's totally worth it. 🤣

Nah, seriously though...

We've seen a lot in the last decade when it comes to IT operations dropping security balls.

Most impactful might have been - and still are - recent password manager company hacks.

They might not seem to be as damaging as the big number breaches of our Top 5 list here, but depending on the effectiveness of follow up work done by the blackhats, these could prove to be far more costly than all the other's together.

Primarily because of the customer password vault data the hacker's got their hands on. Sure, the password data in there is encrypted, but knowing how poor people choose their passwords and how they reuse them on a 1000 sites and services, the vaults might not be very hard to crack by specialized pw cracking systems/clusters and might open like "sesame", then it's game over if people that were hit by these breaches haven't put in the work to change all their password's already, if they even were in the know that their choosen pw manager company has messed up that is.

This is another issue that play's into the hands of black hats. Information overload widely leads to people feeling overwhelmed and stressed for a while, before they literally ignore everything information security related "because automatic updates" and "a yearly password change" will give them a somewhat good feeling and because they think to fight for personal data privacy is a lost cause anyways, foremost because they got nothing to hide. Yep, exactly what life stock thinks on the way to the slaughter house.

But I got carried away...

What do you think about all this? Do you question your cyber security effort's and maybe do at least some self assessment of your IT stuff on a regular basis? Let me/us know in the comment's if you like!

Cheer's Lucky!