Notable data breaches — what leaked, and what to do.

A scraped database of 700 million LinkedIn profiles was put up for sale on a hacking forum. LinkedIn confirmed the data was real but characterised it as scraped public profile information rather than a server breach.

Personal data on 533 million Facebook users from 106 countries was posted in a low-tier hacking forum in 2021, originally exfiltrated via a contact-import vulnerability fixed in 2019.

Ticketmaster confirmed unauthorised access to a third-party cloud database in May 2024. The company notified regulators under GDPR and offered free identity-monitoring to affected customers worldwide.

Researchers discovered an unsecured 12 TB database aggregating data from thousands of past breaches, including Twitter (X), LinkedIn, Tencent, Adobe, and many smaller services. Not a fresh breach — but a single index that made credential-stuffing attacks easier than ever.

A US-based background-check broker disclosed in August 2024 that 2.7 billion records — much of it US consumer PII — had been exfiltrated and posted online. Class-action suits followed in multiple jurisdictions.

AT&T confirmed in March 2024 that customer data dating to 2019 or earlier had been released on the dark web. Affected customers were forced to reset account passcodes.