Top 5 Startups Data Breaches Till 2023

Every day we read about a hack that happened on the news. In the startup environment, attacks are more frequent, this is because growth is one of the key metrics of success, either growing revenues, growing users, or growing transactions. With a growth mentality, features are shipped quickly without proper testing or without embedding the security aspect.

In this article, we are listing 5 of the largest data breaches that happened to startups till 2023.

1. Canva Data Breach – 139 Million Records 

One-liner

Canva is a graphic design platform that allows users to create social media graphics, presentations, posters, and other visual content. Canva is used by many startups in different industries.

Valuation, Fund & Investors: 

The Australian company is valued at $3.2 billion with a total of 100 Million VC investments to date from 500 startups.

What Happened?

139 Million Records of personal information including real names, usernames, email addresses, and city, and country information were leaked. Canva mentioned that the hacker has gained access to their servers for at least 7 months. You can read the full announcement about the security incident from Canva website.

What should you Do?

If you used Canva during that time, make sure to change your password.

2. DoorDash Data Breach– 4.9 Million Records 

One-liner

DoorDash is an on-demand prepared food delivery service founded in 2013. DoorDash is a Y Combinator-backed company. DoorDash is one of several technology companies that use logistics services to offer food delivery from restaurants on demand.

Valuation, Fund & Investors

The Us- company is valued at nearly $13 billion with the latest round of $600 million of VC investments.

What Happened?

4.9 Million users, delivery workers, and restaurants were leaked. The data includes the user’s profile information, including names, email addresses, delivery addresses, order history, and phone numbers.

 

DoorDash mentioned that a third party has gained unauthorized access to their servers. You can read the full announcement about the security incident from DoorDash blog post.

What should you Do?

If you used DoorDash during that time, make sure to change your password.

 3. Houzz Data Breach

One-liner

Houzz is a website and online community about architecture, interior design and decoration, landscape design, and home improvement. You can use Houzz to order furniture from your mobile using the pictures that are posted by suppliers.

Valuation, Fund & Investors

The Us- company is valued at nearly $4 billion with the latest round of $400 million of VC investments.

What Happened?

An unknown number of users were hacked. However, some unofficial resources mentioned it was about 49 million users. Houzz mentioned that a file that has users' personal details and passwords has been obtained by an unauthorized party. 

You can read the full announcement about the security incident from Houzz website.

What should you Do?

If you used Houzz during that time, make sure to change your password. 

4. EatStreet Data Breach - 6 Million Users

One-liner

EatStreet is an American online food ordering service that acts as a centralized marketplace where diners can order delivery and takeout from restaurants in their area.

Valuation, Fund & Investors

The Us- company has a total fund of nearly $45 Million.

What Happened?

Nearly 6 Million users' data were stolen including information on the users' names, phone numbers, email addresses,  bank accounts, and routing numbers for restaurants and delivery services.

 

Also, data about the third-party delivery services company that EatStreet partnered with. There is also a possibility that the hacker had access to credit card numbers, expiration dates, card verification codes, and billing addresses.

 

Eatstreet mentioned that an authorized third party gained access to its database and was able to acquire critical information including users' personal details, bank accounts, and routing information. EatStreet sent emails to its users, partners, and restaurants which can you read here.

What should you Do?

If you used EatStreet during that time, make sure to change your password.

5. WyzAnt Data Breach 

One-liner

Wyzant is an online services marketplace in educational technology for matching tutors with students.

Valuation, Fund & Investors

The company had raised a total funding of $21.5 million from prestigious investors like Accel Partners,

What Happened?

An unknown number of users were hacked. Personal information was leaked including names, usernames, email addresses, zip codes, and Facebook profile pictures, for users who log in with their Facebook profiles. The company sent an announcement to its users to inform them about the security incident that you can read about here.

What should you Do?

If you used WyzAnt during that time, make sure to change your password.

Conclusion

While the data breaches mentioned above are startup-focused, there were also attacks on larger companies like Facebook, Instagram, Capital One, Adobe, Marriott Hotel, Dubsmash, Armor Games, and many others.

If you would like to know if your information has been hacked in those attacks or others, you can check Have I Been Pwned? Website. This website helps users to know if they became a victim if their accounts were compromised.

It is important to periodically check the updates of website breaches to know if your account has been hacked. Also, make sure to apply the best practices for password protection. You can read the article Your password got hacked? Top 7 ways to protect it to give you a brief about this.

 

To enhance the security of your business further, you can explore our Cybersecurity as a Service section and subscribe to one of our monthly packages tailored to your needs.  Start Right Away!