Top Hacks and Cybersecurity Breaches of 2018

It’s crucial to be more cautious and protective of your personal information. Educate yourself and think twice before providing personal information online. The top hacks of 2018 caused hundreds of millions of people to suffer as their sensitive information was exposed and, in some cases, exploited.

Guest Writer
Image of a laptop with a screen that has code and the word
Illustration: © IoT For All

The year 2018 had its fair share of data breaches and cybersecurity fails, and it witnessed this troubling trend all year long. Hundreds of millions of people suffered at the hands of these attacks as their sensitive information and data was exposed and sold on the dark web.

Malware (Zeus/Zbot), viruses (Trojan), and spyware (e.g., Xnspy) are not the only ones to blame. We are to blame, too. As we give most apps easy access to our phones, contacts, and multimedia, we do not pay much attention to what happens to our personal information stored on our phones. We knowingly give consent to the various apps and networking sites we use, allowing them to make a profile in our name in their record. Artificial intelligence has progressed beyond our imagination. It observes our online behavior, likes, dislikes and interests and then gets an almost accurate idea of how we think.

Google, Facebook, Aadhar, and Quora were some of the worst cyber security breach victims of 2018. Below is a list of the top breaches we saw the past year.


The Aadhar data breach affected 1.1 billion people. The Indian government’s ID database keeps a record of the citizen’s identity and biometric info. The database suffered a major leak in which the private information of Indian residents, including their names, bank account information, and ID numbers, was stolen. The data leak surfaced on a system run by the utility company Indane. The company hadn’t secured their API.

The exact date of the data breach could not be determined, but the breach was discovered in March of 2018.

Marriott Starwood Hotels

500 million people suffered at the hands of this data breach. The guest information included email addresses, passport numbers, reservation dates and phone numbers along with payment card numbers and their expiration dates. The hackers were able to gain access to the reservation database of Marriott Starwood Hotels. After that, they copied and stole all the information. This all started in 2014 but the breach wasn’t discovered until September 2018.


The Exactis data breach affected 340 million people. The company compiles data on millions of people and businesses, and the data includes everything from their personal information, phone numbers, and addresses to interests and specific characteristics.

The data breach occurred in June 2018 and was discovered when a security expert came across a publicly accessible database that had almost every US citizen in it. It still remains vague whether any hacker was able to access that information or not.


The account information of 100 million people was compromised. It included names, emails addresses and encrypted passwords, users’ public questions and answers, and the data from the accounts linked to Quora. The data breach was carried out by a malicious third-party that accessed one of Quora’s systems. It was discovered in November 2018.


92 million people were affected from this data breach in which email addresses, along with encrypted passwords of the signed-up users, were stolen and put on a private server outside the company. The data breach occurred in October 2017.

Cambridge Analytica

87 million people suffered because of the Cambridge Analytica data leak in which Facebook profiles and other data that assists in identifying users’ interests and preferences were stolen. The breach occurred in 2015.

Here is what happened: A professor from the University of Cambridge developed a personality prediction app called thisisyourdigitallife. The app passed user information to third parties, including Cambridge Analytica. This is the same firm that helped the presidential campaign of Donald Trump via targeted ads creation while using the voter data of millions of people.

Although only 270,000 Facebook users installed the app on their phones, because of the former data-sharing policies of Facebook, the app was able to collect data on millions of their friends as well.


The Google data breach affected 52.5 million users, leaking the private information on their Google+ profiles, including their name, email address, date of birth, age, relationship status, employer and job title.  The breach occurred from 2015 till March 2018 and then from November 7 to 13.

At the beginning of the year, Google made it public that it would shut down Google+ after a report from Wall Street Journal surfaced exposing a software glitch that led Google to reveal the personal profile data of 500,000 Google+ users. Later, in December, Google again announced that it had suffered another data breach that affected 52.5 million users. Google has now decided to shut down Google+ permanently in April 2019.


About 29 million users were affected in this data breach where extremely personal information, including contact details, relationship status, location, recent researches and details of the devices used to log in the accounts were compromised. The attack happened on July 2017 and again in September 2018.

The hackers were able to get their hands on the vulnerabilities in the Facebook code that allowed them to reach the access tokens, which are the digital keys that let them have complete access to the compromised users’ accounts and their data.


Personal data, such as names, email, and shipping addresses, along with account usernames and passwords of 40 million people were compromised in this digital attack. The data breach first occurred on April 29, 2018 and again on September 19, 2018.

As per the SEC filing, an unauthorized party somehow gained access to the company database that stored all the user data for and some of the company’s family of brands.

Protection Against Digital Attacks

It’s time to stop for a moment and think about how the information we so blindly put on the internet could be used against us. Nowadays, with cybercrime on the rise—and there’s a particular risk for IoT systems—it’s crucial to be more cautious and protective of your personal information.

Any hacker worth their salt can access an unprotected organization if they work hard enough. So, rather than having blind faith in social media platforms and other companies, we must educate ourselves and think twice before providing personal information, both online and offline.

Written by James Watson, Content Manager and IoT enthusiast at Xnspy Techs

Guest Writer
Guest Writer
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All.
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All.