Top 10 Apps That Were Hacked in 2024
Published:
Cyberattacks rose significantly in 2024, with hackers targeting some of the most widely used apps across different industries. These breaches exposed personal data, financial information, and even sensitive government details, affecting millions of users.
Below, we highlight the top 10 apps that were hacked in 2024, ranked in reverse order.
10. Ticketmaster & Snowflake Data Breach
❓ What happened
Hackers, including the notorious ShinyHunters group, exploited a cloud vulnerability in Snowflake, leading to a massive breach of Ticketmaster customer data.
💥 Impact
Millions of users had their payment information and ticketing details exposed, leading to fraudulent transactions and account takeovers. Customers faced unauthorized credit card charges, and some were unable to access their accounts after credentials were stolen and resold on the dark web.
💡 How it happened
Hackers exploited weak authentication mechanisms in Snowflake’s cloud infrastructure to gain unauthorized access. Security analysts have warned that this breach highlights the growing risks associated with third-party cloud service providers.
9. 23andMe – Genetic Data Leak
❓ What happened
Hackers breached 23andMe, the widely used DNA testing service, and stole genetic data from thousands of users. The stolen information was then sold on the dark web, raising ethical and privacy concerns.
💥 Impact
Leaked genetic data could be used for identity fraud, medical insurance manipulation, or even targeted scams based on inherited diseases and health risks. Some high-profile individuals were reportedly targeted for their genetic information, leading to concerns about potential biological privacy threats.
💡 How it happened
Attackers used credential stuffing techniques, where previously leaked passwords were used to gain access to 23andMe accounts. Many users had weak or reused passwords, making the attack highly effective.
The company has since introduced additional security measures, such as enhanced multi-factor authentication, to prevent further attacks.
8. Life360 – Family Tracking App Breach
❓ What happened
Life360, an app used to track family members’ locations, was breached by hackers who accessed real-time location data of millions of users.
💥 Impact
The breach raised serious safety concerns, as cybercriminals could potentially track users’ real-time locations, putting individuals—especially children—at risk of stalking or kidnapping.
The leak of sensitive location history also revealed long-term patterns of movement, exposing users’ regular routines, frequently visited locations, and travel habits that could be exploited for burglaries or other targeted crimes.
💡 How it happened
The attack was linked to an API vulnerability, which allowed unauthorized access to sensitive data. Cybersecurity experts have called for stronger data encryption and API security policies for apps handling personal location information.
7. Trello – 15 Million Email Addresses Exposed
❓ What happened
A hacker forum leaked 15 million Trello user email addresses, exposing millions of professionals to phishing attacks and business email compromise schemes.
💥 Impact
Hackers could use these email addresses to launch targeted phishing campaigns, leading to unauthorized account access, financial fraud, or ransomware attacks against businesses.
Some victims reported receiving sophisticated fake emails mimicking Trello’s interface, leading to credential theft.
💡 How it happened
The breach stemmed from insufficient data access controls that allowed threat actors to scrape email addresses from public Trello boards. The incident has prompted calls for enhanced user privacy settings and stricter default security policies.
6. mSpy – Spyware App Data Breach
❓ What happened
mSpy, a spyware app used to monitor devices, suffered a massive data breach that exposed millions of customer records, including sensitive surveillance data.
💥 Impact
This breach put victims of domestic abuse and surveillance at even greater risk, as their personal data and monitoring records were leaked online. Security experts raised concerns about the potential for misuse of the leaked data in criminal activities.
💡 How it happened
Attackers exploited a poorly secured cloud storage system, allowing them to extract vast amounts of private data. The incident has fueled the debate over the ethics of spyware and the importance of securing surveillance software.
Check your phone for mSpy
If installed, mSpy and other spy apps can be a major risk to your privacy. Run a scan now with the award-winning Certo AntiSpy to see if your phone is affected.
5. Strava – Fitness App Used to Track High-Profile Individuals
❓ What happened
Not strictly a hack but researchers found that Strava, a popular fitness tracking app, could be used to track military personnel and government officials, revealing their movement patterns.
💥 Impact
National security concerns were raised as Strava’s publicly shared fitness routes could pinpoint the locations of sensitive sites, including military bases and secret facilities. Intelligence agencies expressed concern that adversaries could use this data for espionage.
💡 How it happened
Strava’s default public-sharing settings made user routes visible to anyone, allowing security researchers (and potentially hackers) to identify high-profile individuals. The company has since restricted default public tracking and introduced more user-friendly privacy controls.
4. Cash App – Insider Data Breach
❓ What happened
A former Cash App employee accessed internal reports containing customer names, stock trading details, and portfolio values without authorization.
💥 Impact
This breach exposed users to identity theft and financial fraud, as well as the risk of stock trading manipulation. Some users saw unauthorized transactions in their accounts before they were able to lock them down.
💡 How it happened
Weak internal security controls allowed an ex-employee to retain access to sensitive financial data long after they left the company. This breach has emphasized the importance of stricter employee offboarding procedures.
3. AT&T – 51 Million Customers Affected
❓ What happened
AT&T confirmed a massive data breach affecting 51 million customers, with leaked data containing Social Security numbers, names, and birthdates.
💥 Impact
Victims faced an increased risk of identity theft, financial fraud, and SIM swapping attacks, which could allow hackers to take over their phone numbers and accounts. Many affected customers reported receiving targeted scam calls and fraudulent account activity.
💡 How it happened
Hackers exploited a vulnerability in AT&T’s customer database, exposing sensitive user details. AT&T has since worked with law enforcement agencies to track down those responsible.
2. Disney – 1.1TB Data Breach
❓ What happened
Disney suffered a colossal 1.1 terabyte data breach, one of the largest corporate leaks of the year. Hackers gained access to internal company databases, potentially including user data, financial records, and proprietary intellectual property.
💥 Impact
The breach raised concerns about financial fraud, exposure of sensitive corporate strategies, and the potential leak of unreleased films and TV content. Some high-profile unreleased media assets were allegedly leaked online.
💡 How it happened
The breach was attributed to misconfigured cloud storage and stolen employee credentials, which hackers exploited to gain unauthorized access.
1. The Mother of All Breaches (MOAB)
❓ What happened
The largest data breach in history occurred in 2024, leaking 26 billion records from various platforms, including LinkedIn, Twitter (now X), and Adobe.
💥 Impact
This unprecedented breach increased the risk of credential-stuffing attacks, where hackers reuse leaked passwords to gain unauthorized access to multiple accounts. The sheer volume of leaked data meant that nearly everyone with an online presence was potentially affected.
💡 How it happened
Cybercriminals aggregated leaked data from multiple previous breaches, combining them into a single, massive dataset, creating one of the most dangerous cybersecurity threats ever seen.
Think Your Phone Is Safe? Think Again.
Major security breaches show that no app is immune. Take control of your privacy and secure your device with Certo’s industry-leading mobile security tools.
Final Thoughts
The diverse cyberattacks of 2024 reveal a sobering truth: no digital platform is immune to breaches, regardless of size or security measures. From cloud vulnerabilities to insider threats, hackers continue to find new ways to exploit our increasingly connected digital ecosystem.
As we navigate this landscape, both companies and individuals share responsibility for cybersecurity. Organizations must prioritize robust security protocols and third-party oversight, while users need to embrace stronger passwords, multi-factor authentication, and greater discretion about shared information.
These breaches serve as a reminder that in our digital world, security cannot be an afterthought—it must be foundational to our online existence.
Sophia is a Senior Content Manager at Certo Software, showcasing her deep-rooted expertise as an accomplished writer in the tech industry. With a genuine passion for cybersecurity, Sophia is a trusted source of insight and information.