Nobody is safe from malicious cyber criminals. Not even the biggest, wealthiest multinationals.
Large companies have experienced some of the biggest cyber attacks. That’s why they’re spending massively on cybersecurity. Even so, the truth is that cyber attacks continue to happen on a regular basis.
So, how did it start?
It all began back in 1988 when Cornell University graduate student Robert Tappan Morris created a program to assess the size of the internet. The so-called Morris Worm will be remembered as the first cyber attack in cyber warfare history.
Which begs some burning questions, namely:
What are some major cyber attacks?
And even more to the point:
What is the biggest hack in history?
To answer these questions, at The High Court we decided to go over the most notorious cyber attack examples from the history of cyber attacks in the 21st century.
Here’s a sneak peek.
Fascinating Cyber Attack Statistics (Editor’s Picks)
- In 2013, a cyber attack against Yahoo resulted in the hacking of 3 billion user accounts.
- A major cyber attack against eBay in 2014 compromised 145 million eBay users.
- A computer with access to the internet gets hacked every 39 seconds.
- Every year, one in three Americans will face a huge cyber attack on their computer.
- Target offered a 10% storewide discount and free credit monitoring to customers affected when hackers gained access to their credit and debit cards.
- In 2012, 117+ million account details, including emails and passwords, were stolen from LinkedIn.
- In one of the recent cyber attacks in 2019, hackers exposed thousands of personal records in an FBI hack.
- In 2013, MySpace’s data breach resulted in a published database containing 427+ million passwords and 360+ million emails.
Biggest Cyber Attacks of the 21st Century
Now that we have an idea of the mind-blowing figures involved, let’s start our countdown, shall we? Our list of the top cyber attacks begins with a recent cyber attack on Capital One.
11. Capital One (2019) – 106 million records
First on our list of cyber attacks is Capital One. The banking giant, headquartered in McLean, Virginia, had developed a reputation as a trustworthy company over the years. Nonetheless, it was an attractive target for some of the best hackers in the world.
In the summer of 2019, data information, including the names and email addresses of 100 million Americans and 6 million Canadians, was stolen. In total, the data of 106 million individuals had been compromised. The hacker gained access to the data by a misconfigured web application firewall. Even though the hack on Capital One is among the big cyber attacks, there’s a silver lining. The credit card data stayed secured, and the hackers didn’t get access to it.
However, the hacker was able to access 140,000 Social Security numbers and 80,000 linked bank account numbers, as well as phone numbers and credit scores.
According to the US Attorney Office,33-year-old Paige Thompson was the culprit. She was a former Seattle technology company software engineer. Her hack was caught between March 12 and July 17, when she posted some information on GitHub. When another user saw the info, they notified Capital One. Thanks to this timely intervention, one of the largest cyber attack attempts did not escalate.
After the hack, Capital One shares fell by 4% in late extended trading. The expected cost of the accident was anywhere between $100 million and $150 million. It was all because of customer notifications, legal support, and credit monitoring.
10. Target (2013) – 110 million records
With headquarters in Minneapolis, Minnesota, and stores in all fifty states and DC, Target is one of the largest general merchandise retailers in the US. It employs more than 350,000 people, and approximately 75% of Americans live within ten miles of one of its stores.
Between November 27 and December 15, 2013, hackers gained access to nearly 40 million Target consumers’ credit and debit cards, including PIN data. Fortunately, the PINs were encrypted, and only data from in-store used cards were affected. On January 10, 2014, Target disclosed that the data of another 70 million people had been compromised.
Target spokespersons announced that the hacker managed to steal the data from store vendor Fazio Mechanical. However, the perpetrator remains unknown.
Target was called out for not taking immediate action to prevent one of the biggest cyber attacks, even though its security system had notified it. Target later apologized to the public and worked with the US Secret Service, among others, to bring to justice those responsible for the data stolen.
Following the apology, Target offered a 10% storewide discount and free credit monitoring to all affected customers. Between March and May 2014, the retailer shuffled a few executive positions, including the CEO Gregg Steinhafel and the Chief Information Officer. Steinhafel’s resignation was announced in May. His successor to this day is American businessman Brian Cornell.
9. LinkedIn (2012) – 117 million records
Another one of the world’s largest companies affected by cyber attacks, LinkedIn has evolved from an online professional profile network to a vast community of over 700 million professionals globally. The company reports that three people are hired every minute through the community regardless of the current economic state.
In 2012, LinkedIn was the victim of unauthorized access and disclosure of some members’ passwords. Later, the company stated it had become aware of more compromised data, including the emails and passwords of over 100 million members. As a result of this cyber attack, 117+ million accounts were stolen.
The perpetrator of this major internet attack was 32-year-old Russian hacker Evgenii Aleksandrovich Nikulin aka “Peace.” He has recently been sentenced to at least seven years in prison in the US for hacking into LinkedIn.
On May 30, 2016, LinkedIn notified the public that on May 17, 2016, they had become aware that the 2012 stolen data was becoming available online. So, the company invalidated the passwords of all the accounts at risk.
Unlike some other companies, LinkedIn has learned its lesson and is taking care of the safety and security of member data by hashing and salting passwords. It also offers protection tools like email challenges and dual-factor authentication.
8. Heartland Payment Systems (2008) – 134 million records
Heartland provides payment systems that allow you to accept payments anywhere, whether that’s at the table, food trunk, counter, website, or at the customer’s home. You can do so on multiple devices, including tablet, phone, and laptop, as well as terminal and POS system.
Around December 26, 2007, Heartland’s corporate computer network was attacked by an SQL 3 Injection, which placed malware on its payment processing system. Not long after, Mastercard and Visa recognized something was afoot when they detected suspicious transactions and duly informed Heartland. It soon transpired that cyber criminals had stolen 134 million credit cards and corresponding card data from around 30 states. The data was enough to produce counterfeit cards.
The perpetrator responsible for this major credit card incident, who has a good claim to being the biggest hacker in the world, is 28-year-old Albert Gonzalez from Miami, Florida. He was sentenced to 20 years for this cyber attack and for leading a cybercriminal gang responsible for stealing more than 90 million debit and credit card numbers from other retailers.
This major internet attack had a severe impact on Heartland, which was processing 100 million payment card transactions per month for 175,000 merchants at the time of the breach. The company breached compliance with the industry-wide security standard for card payments. Moreover, some say Heartland’s compensation for fraudulent payments amounted to $145 million.
7. Equifax (2017) – 145 million people
Equifax is one of the three American consumer credit reporting agencies, together with TransUnion and Experian.
In 2017, Equifax announced one of the biggest cyber attacks in recent years, which resulted in the exposure of the personal information of 145 million people. Equifax failed to ensure software updates to vulnerable components, even though it got clear instructions on how to do so in March.
Anyhow, the attack occurred in May. The servers and the network were relatively easy to hack. The hackers used malware that allowed them to gain access to the data.
The victims impacted by the financial data breach may face a serious identity threat for as long as they live.
The United States Department of Justice charged four Chinese military-supported hackers. They were members of the 54th Research Institute, a component of the People’s Liberation Army (PLA), the Chinese armed forces.
The cyber attackers (Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei) were charged with computer and wire fraud, economic espionage, and several conspiracies to commit fraud and espionage.
Equifax settled for a global agreement with the FTC (Federal Trade Commission), the Consumer Financial Protection Bureau (CFPB), and 50 US states and territories. To compensate and help the people who were affected by the exposure of personal information as a result of the data breach, the agreement included around $425 million. The settlement was approved, overruling all six objections, on January 13, 2020.
6. eBay (2014) – 145 million people
eBay is a major American multinational ecommerce corporation based in San Jose, California. Simply put, eBay connects consumers to other consumers and allows B2C online sales.
The cyber attack happened between late February and early March 2014. Since eBay is a multinational corporation with headquarters in Europe, this international cyber attack required a rather complex investigation by multiple governments.
The cyber attack compromised eBay’s database, which contained encrypted passwords and other non-financial data, including the emails, usernames, home addresses, phone numbers, and dates of birth of up to 145 million eBay customers. Fortunately, customers’ financial data is encrypted and stored separately.
The Syrian Electronic Army (SEA), a group of famous hackers, claimed it attacked eBay. The criminals broke into a number of employee credentials for login and gained unauthorized access to eBay’s corporate network.
eBay was called out for not informing the affected customers soon enough. It took the company a long time to email the victims. Additionally, it did not share any information on its official website promptly.
5. Adult Friend Finder (2016) – 412 million records
Adult Friend Finder is the largest sex and swinger community in the world, boasting 700 million users. It is part of the FriendFinder network of different social media and dating-related sites.
The breached Adult FriendFinder data goes back 20 years from 2016. The data was stolen in September 2016. At that time, the Adult Friend Finder network received several reports about potential security threats from few sources. As per the cyber hacking news archives, this wasn’t the first time such an incident happened to the network. In 2015, prior to the acquisition of the new sites, Adult Friend Finder data was also stolen.
This is one of the worst cyber attacks. The breach included around 340 million accounts from Adult FriendFinder, but also data from sites from the FF network, Cams.com, and Penthouse.com. Both were sold in February the same year. It’s possible that the data also included 15 million email addresses from deleted accounts.
According to LeakedSource, the credential information included usernames, emails, join dates, and the date of the last time the user visited the network. Unfortunately, passwords were part of that, too. Most of the passwords weren’t securely protected or had no protection at all.
All in all:
A far more sordid affair than what subscribers had signed up for.
It is not known who carried out the most recent hack. However, some sources point to Russian hacking groups.
ZDNet examined a part of the database and confirmed that the data doesn’t include sexual preferences info that wasn’t the case with the data breach for 2015. Later Kelly Holland, the chief executive confirmed that no members’ sexual preferences are collected.
Next on our list of the biggest cyber attacks:
4. MySpace (2013) – 427 million accounts
Remember MySpace and the early days of social media? This social network pioneer, founded in 2003, was the largest social network globally before Facebook. Today, MySpace is focused on music and provides its users with access to tracks and videos.
A hacker and LeakdSource (hacked data search engine) claimed to have data from an unreported MySpace breach. It’s not clear when the data was stolen. Eventually, a hacker known as Peace was selling the hacked MySpace data on The Real Deal, the dark web market.
MySpace later confirmed that the stolen data included credentials from accounts created before June 11, 2013. The blog containing the announcement further explained that MySpace became aware of the data breach in late May 2016.
This world wide cyber attack exposed 427 million passwords and over 360 million emails. The records in the database contained email addresses, usernames, passwords, and, in some cases, a second password. Initially, the credentials were on sale on the dark web. Later, the database became available online for free.
A MySpace blog announced that the company believed Russian cyberhacker Peace had carried out the world cyber attack.
As with most famous cyber attacks, the incident was reported to law enforcement authorities, and MySpace cooperated with the authorities for the investigation.
3. Marriott International (2014) – 500 million records
Marriott International, Inc. is a multinational American hospitality company that manages and franchises 7,400+ properties in 135 countries and territories. The properties include hotels and other lodging facilities. Marriott acquired Starwood Hotels & Resorts in 2016. Today, it’s the largest lodging company in the world.
Marriott’s first data breach is one of the recent cyber attacks in 2018. On November 19, 2018, an unauthorized party accessed Marriott’s database, which contained guest reservation information for the Starwood properties on September 10, 2018, or earlier.
In one of the top 10 cyber attacks, Marriott’s US database was affected. It contained some combination of the following info – names, addresses, email addresses, phone numbers, passport numbers, dates of birth, gender, arrival and departure information. Even some payment card numbers and expiration dates were compromised. Fortunately, the card numbers were encrypted.
As it’s one of the biggest cyber attacks in 2018, Marriott estimates that as many as 500 million were compromised in the breach, although some of these are multiple ones from the same guests. The unauthorized party tried to remove the info after copying and encrypting it, but the next day (November 19, 2018), Marriott decrypted the data.
Some say that the attack patterns and the code used are those of state-sponsored Chinese top hackers in the world.
Marriott was fined £18.4 million for the data breach in 2018. Unfortunately, according to the latest cyber attacks news, Marriott got hacked again in January 2020. The company figured it out and announced it the following month.
2. Hold Security (2014) – 1.2 billion records
Hold Security is a computer security firm owned by Alex Holden, employing 15 people as of 2015. The focus is on penetration testing as well as auditing for companies. Hold Security differs from the other security companies by offering a unique service called Deep Web Monitoring. The service looks for stolen login credentials of clients, trade secrets, and customer or employee information that usually circulates on the deep or dark web.
Among the most notable investigations of Hold Security is the one in 2014 when it caught Russian hackers with 542 million email addresses stolen and 1.2 billion email and password combinations. Hold Security has put an end to one of the biggest cyber attacks in history.
Other well known cyber attacks that Hold Security has tracked down are:
- POS Vendor Breaches
- PR Newswire Breach
- Alleged Email Credentials Cache 2016
- 97 Dating Websites Breached
- Adobe Systems Breached
- JP Morgan Breach
- CorporateCarOnline Breach
- LexisNexis, Dun and Bradstreet, HireRight/ Kroll, NW3C Breach
According to Hold Security, the 2014 Russian breach is one of the biggest cyber attacks ever. The stolen information came from 420,000 websites, including sites that are leaders in their industries.
According to Hold Security, the CyberVor (cyber thief) group got the passwords and accounts through an SQL injection. The websites under attack remained private because Hold Security didn’t want to reveal their names and publicly state their vulnerability.
Altogether, the Russian criminals stole a whopping 1.2 billion usernames and passwords, collecting the greatest amount of stolen credentials in history. However, the purpose of the theft wasn’t to get to the users’ bank accounts. The Russian gang got their money by sending out spam for products like weight loss pills.
As Hold Security described, the group responsible for the hack included was a small number of top hackers in their 20s. They were based in a small city in south-central Russia, a region close to Kazakhstan and Mongolia.
The perpetrators gathered the information from 420,000 websites, which were smaller businesses. The criminals didn’t breach some of the bigger email providers. We have to point out a certain dose of skepticism behind this whole “data breach.”
Since Hold Security didn’t want to reveal the names of the companies that have been hacked, it set up an option for sites to go to check out whether their privacy was compromised instead. A similar option existed for individuals who wanted to check whether their username and password had been stolen. The service for website owners was $10, while for individual consumers it was free.
In the end, there were no independent sources that confirmed the breach. So, Forbes columnist Joseph Steinberg has raised questions about the details.
1. Yahoo! – (2013) – 3 billion accounts
Pretty much everyone used to have a Yahoo! email account at some point, right? Yahoo worldwide is an American web services provider owned by Verizon Media and headquartered in Sunnyvale, California.
Today, the company is worth $32 billion and has 225 million users. Back in the day, though, the numbers were much more massive, as Yahoo! was the biggest web service provider. So, it should come as no surprise that the net worth and the amount of user data that Yahoo! had made it an attractive target for hackers. In fact, Yahoo! is the biggest hack ever on our list.
Here’s what happened:
The 2013 Yahoo! data breach is one of the biggest hacks ever, resulting in the exposure of a mind-blowing 3 billion accounts. The successful attack allowed hackers to access the users’ email accounts fully, including their calendars.
In 2012, right before the attack, there was a hacker intrusion without any data breaches. It was a clear message that Yahoo!’s security and encryption were relatively easy to be breached. After the massive hack attack in 2013, the intruders hacked another 500 million accounts a year later, getting away with names, birth dates, phone numbers, and user passwords.
At first, Yahoo! thought the damage amounted to a “mere” 1 billion accounts. However, later on, it concluded that the hackers had access to a mind-blowing 3 billion accounts.
[bctt tweet=”The hackers got so deep into the system, they had access to every single Yahoo! account that existed at the time. ” via=”no”]
When the cyber hack on Yahoo! happened in 2013, it was done by an “unauthorized third party.” So, we can’t say for certain who the perpetrator was. That’s because the company discovered the full extent of the intrusion later, making it public in 2017.
Yahoo! had to pay $50 million in damages for the data breaches in 2013 and 2014. Additionally, it had to provide credit monitoring services for at least 2 years to 200 million people whose names, phone numbers, and email addresses had been stolen. Verizon would pay half of the settlement because it acquired Yahoo! in 2017, and Altaba would pay the other half.
And there you have it:
The biggest hacks of all time. Which of these famous cyber crime cases are the most intriguing cyber attacks examples to you?
As we’ve seen:
Cyber attacks around the world allow ruthless hackers to obtain valuable data they can sell or use to steal people’s money. Much like cyberbullies, hackers will stop at nothing.
The biggest cyber attacks can pose a serious national and economic threat. To make matters worse, cyber criminals are using more and more sophisticated methods. And with identity theft a growing concern, we all need to remain vigilant.
- Washington Post
- Data Shield Corp
- Heartland Payment Systems
- U.S. District Court
- Security Magazine
- Equifax Breach Settlement
- USA Today
- Washington Post
- Money. CNN