Data breaches

Data breaches, alternatively known as security attacks or pwning, is a form of hacking attack where a hacker/botnet attacks a server via getting into the database and stealing data. At first, it can begin with a DDoS, which sends a botnet to overload the server and shut it down, and then eventually the hacker/botnet tries to find a crack in the firewall to get in and do their job. Once this is done, the data breach gets initiated and eventually identities of millions get compromised.

This has gotten mitigated over the years due to security standards, such as HTTPS, suspicious blocking login alerts, etc, though it is reported that the main problem isn't login credentials being stolen, but rather other stolen data such as credit card addresses, emails, and even other personal information.

Examples

 * 1) The PlayStation data breach of 2011 caused by Anonymous.
 * 2) Wattpad had a data breach by a force known as ShinyHunters, leading to their said payloads being dumped on the dark web and fed to spambots and even actual dark web hackers.
 * 3) While technically the inverse; Club Penguin Online was programmed in such a way where it gave usernames/passwords to the owner, and even took control of several users' information.
 * 4) The Roblox outage of October 2021.

Why They Suck

 * 1) They are used to steal data, especially confidential information such as credit card numbers and even banking details.
 * 2) Not only do they hamper the use of sites like Google and Facebook, they can damage the reputation of even big sites.
 * 3) One data breach is enough to lure other botnets to attack a network even more, via DDoS or doxxing sites generated by spambots.
 * If, they are done by actual people and not bots, they often times use the dark web to dump these as well for hackers/trolls to steal.

Important tips

 * 1) Check your e-mails and phone numbers if you're getting safe or not from other websites through HIBP.
 * 2) Change your passwords otherwise to keep stronger and invulnerable. Avoid using the same password for different logins.
 * 3) Enable 2-factor authentication when available.
 * 4) Make sure your passwords are unique and aren't easy to guess.