Best Reviews logo
Best Reviews logo
Search
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
Best Reviews
Articles
5 of the Biggest Password Leaks of 2017

5 of the Biggest Password Leaks of 2017

By István F.István F. Verified by Adam B.Adam B. Last updated: July 26, 2024 (0)
Table of contents

How can I know if my password was stolen?2017 isn’t over yet but cyberbreaches are already approaching last year’s level, where billions of records were leaked and caused terrible headaches for the affected parties. So if you thought that was bad, you may have to think again; there’s still some time to go until the end of the year, and we’ve already seen hacks, ransom attacks, and leaks of gigabytes of data. Millions of records have been stolen, and an abundance of classified hacking tools set free into the wild, which has led to its own set of issues. So without further ado, here are five of the biggest leaks of 2017

Cloudflare leaks info for months

A researcher on Google’s Project Zero, Tavis Ormandy, has uncovered a bug in Cloudflare’s internet infrastructure service that was leaking confidential information such as private messages on dating sites, user identity information, and (potentially) protected health information, passwords, API keys, authentication tokens, and much more. Cloudflare has more than two million sites in its network, including major services such as Uber, Fitbit, and OkCupid.

60% off RoboForm for Best Reviews readers
RoboForm logo
Commit to RoboForm using Best Reviews' exclusive discount and enjoy a discount of 60% off the regular price.
/goto/roboform/ Click to show code

When notified about the flaw, Cloudflare reacted promptly and had mitigation in place within an hour, but what made things more severe was the fact that search engines were caching the leaked information. The flaw had been leaking data since September 2016, but Cloudflare did not find out about it until February 2017, so the damage is yet to be fully determined.

Onliner spambot leaks 700 million email addresses

In August 2017, security researcher Benkow discovered Onliner Spambot exposing a huge number of files containing personal information. Troy Hunt, the author of the HaveIBeenPwnedsite, wrote that the massive data leak contained 711 million unique email addresses, many of which were also accompanied by corresponding passwords. Troy even found his own real email address there, so there is a slight chance that yours could be there as well. Maybe it is a good time to change your email password?

Deloitte embarrasses itself

Can the world’s top cybersecurity consultant fail miserably in protecting the highly sensitive data of its customers? Yes, it seems it can, as this hack against the New York–based financial services company shows. Deloitte discovered the leak in March 2017, but some believe the attackers have been able to access sensitive data since fall 2016.

That’s a massive problem considering that Deloitte had high-profile clientele earning the company $37 billion in 2016. Apparently, a company employee felt so safe that they didn’t enable two-factor authentication, which allowed the hackers to access the data. The damages are yet to be fully determined.

SVR has vehicle records exposed

More than half a million records belonging to vehicle recovery company SVR Tracking were leaked in 2017, as discovered by the Kromtech Security Center. The exposed data included email addresses, passwords, license plates and vehicle identification numbers (VINs), as well as 339 logs containing vehicle records and contacts with more than 400 car dealerships using SVR’s service. SVR fixed the repository configuration vulnerability identified by Kromtech and started its own investigation.

Zomato loses 6.6 million password hashes

About 17 million user records – user IDs, names, usernames, email addresses, and password hashes – were stolen from Zomato’s database, as discovered by the company’s security team. The leaked data contained 6.6 million users’ password hashes, which can be cracked using brute-force algorithms. Zomato says it has reached out to these users and prompted them to change their passwords on all services where they might have used the same password.

What have we learned from this?

What really raises eyebrows, however, is how enabling two-factor authentication might have prevented some of these breaches. Still, while reading about these gigantic leaks, just take a moment and consider once again if you took the minimum steps to protect your account? Did you enable two-factor authentication? Remember, it’s not the same as two-step verification.

It’s easy to lose faith in technology when you hear about the frequency of security breaches, and knowing that you could be the next target is enough reason for concern. But unless you burn all the bridges to your digital life this struggle will always remain, and the best thing to do is to protect those online accounts with strong passwords, encrypt the data and use a password manager. It’s up to you to decide, however, what data to throw into the secure basket.


Best password managers of 2025

Editors' choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Visit RoboForm
Reviews
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Visit LastPass
Reviews
Businesses
1Password logo
Editor's rating:
(4)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Visit 1Password
Reviews
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Visit Keeper
Reviews
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Visit NordPass Personal
Reviews
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Visit Dashlane
Reviews
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption
Visit Enpass
Reviews

Related articles

Can You Trust Free Password Managers?
Read more
Best Ways To Keep Passwords Safe and Organized
Read more
Best Ways to Share Passwords Securely With Your Team
Read more

User feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Popular guides

Latest reviews

Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2025 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us