February 2014 – 1,056,986 accounts affected
In February 2014, the website Forbes was hacked and more than 1 million user accounts were stolen which included information about user's email addresses, passwords and usernames.
On February 14, 2014 Forbes announced a statement on their Facebook page that their publishing network had been breached, the post on Facebook read as follows:
Security message: Forbes.com was targeted in a digital attack and our publishing platform was compromised. Users' email addresses may have been exposed. The passwords were encrypted, but as a precaution, we strongly encourage Forbes readers and contributors to change their passwords on our system, and encourage them to change them on other websites if they use the same password elsewhere. We have notified law enforcement. We take this matter very seriously and apologize to the members of our community for this breach.The hackers identified themselves as (SEA) Syrian Electronic Army and initially posted on their claim of the attack with screenshots of their presence on one of Forbes’ WordPress systems as proof that they had breached Forbes’ network. The cyber thieves later posted their intent to sell the compromised database records of more than 1,000,000 Forbes user accounts, only to come back with another post intimating the previous was only a joke and that their true intent was to publish the database as soon as they found a secure host to upload the database on. In short order the SEA hackers did just as they said they would and completed the data dump providing links for anyone with (nefarious) intent to access. Below is a breakdown of many of the types of email domains of the affected Forbes clients:
- 25,050 Aol.com
- 407,787 Gmail.com
- 844 (.GOV)
- 14, 572 (.EDU)
- 91,464 Hotmail.com
- 3,460 Mac.com
- 185,271 Yahoo.com