Hacking is about manipulating and bypassing systems to force them to do the unintended.
While most hackers are benign hobbyists, some hackers do inflict terrible widespread damage and cause financial and emotional hurt. Victimized companies lose millions in repair and restitution costs; victimized individuals lose their jobs, their bank accounts, and even their relationships.
So what are examples of large-scale hacks that wreaked this much havoc? What are the greatest hacks of recent history?
With ‘greatest’ being synonymous with ‘harshest’, we assembled a list of noteworthy hacks from the last 20 years. As you read this list below, you will certainly want to reconsider your own password practices. We’ve enclosed some strong suggestions at the bottom of this article to help you reduce the risk that you too will be hacked one day.
1. Ashley Madison Hack 2015: 37 Million Users
The hacker group Impact Team broke into the Avid Life Media servers and copied the personal data of 37 million Ashley Madison users. The hackers then incrementally released this information to the world through various websites. The shameful impact to people’s personal reputations has had ripples across the world, including claims that user suicides followed after the hack.
This hack is memorable not only because of the sheer publicity of the impact, but because the hackers also earned some fame as vigilantes crusading against infidelity and lies.
2. The Conficker Worm 2008: Still Infecting a Million Computers a Year
While this resilient malware program has not wreaked irrecoverable damage, this program refuses to die; it actively hides itself and then nefariously copies itself to other machines. Even more frightening: this worm continues to open backdoors for future hacker takeovers of the infected machines.
The Conficker worm program (aka ‘Downadup’ worm) replicates itself across computers, where it lies in secret to either a) convert your machine into a zombie bot for spamming, or b) to read your credit card numbers and your passwords through keylogging, and transmit those details to the programmers.
Conficker/Downadup is a very smart computer program. It defensively deactivates your antivirus software in order to protect itself. Conficker is noteworthy because of its resilience and reach; it still travels around the Internet 8 years after its discovery.
3. Stuxnet Worm 2010: Iran’s Nuclear Program Blocked
A worm program that was less than a megabyte in size was released into Iran’s nuclear refinement plants. Once there, it secretly took over the Siemens SCADA control systems. This sneaky worm commanded over 5000 of the 8800 uranium centrifuges to spin out of control, then suddenly stop and then resume, while simultaneously reporting that all is well. This chaotic manipulating went on for 17 months, ruining thousands of uranium samples in secret, and causing the staff and scientists to doubt their own work. All the while, no one knew that they were being deceived and simultaneously vandalized.
This devious and silent attack wreaked far more damage than simply destroying the refining centrifuges themselves; the worm led thousands of specialists down the wrong path for a year and half, and wasted thousands of hours of work and millions of dollars in uranium resources.
The worm was named ‘Stuxnet’, a keyword that was found in the code’s internal comments.
This hack is memorable because of both optics and deceipt: it attacked a nuclear program of a country that has been in conflict with the USA and other world powers; it also deceived the entire nuclear staff for a year and a half as it performed its nasty deeds in secret.
4. Home Depot Hack 2014: Over 50 Million Credit Cards
By exploiting a password from one of its stores’ vendors, the hackers of Home Depot achieved the largest retail credit card breach in human history. Through careful tinkering of the Microsoft operating system, these hackers managed to penetrate the servers before Microsoft could patch the vulnerability.
Once they entered the first Home Depot store near Miami, the hackers worked their way throughout the continent. They secretly observed the payment transactions on over 7000 of the Home Depot self-serve checkout registers. They skimmed credit card numbers as customers paid for their Home Depot purchases.
This hack is noteworthy because it was against a monolithic corporation and millions of trusting customers.
5. Spamhaus 2013: the Largest DDOS Attack in History
A distributed denial of service attack is a data flood. By using dozens of hijacked computers that repeat signals at a high rate and volume, hackers will flood and overload computer systems on the Internet.
In March of 2013, this particular DDOS attack was large enough that it slowed the entire Internet across the planet, and completely shut down parts of it for hours at a time. The perpetrators used hundreds of DNS servers to ‘reflect’ signals repeatedly, amplifying the flood effect and sending up to 300 gigabits per second of flood data to each server on the network.
The target at the center of the attack was Spamhaus, a nonprofit professional protection service that tracks and blacklists spammers and hackers on behalf of web users. The Spamhaus servers, along with dozens of other internet exchange servers, were flooded in this 2013 DDOS attack.
This DDOS hack is noteworthy because of the sheer scale of its brute force repetition: it overloaded the Internet’s servers with a volume of data that had never been seen before.
6. eBay Hack 2014: 145 Million Users Breached
Some people say this is the worst breach of public trust in online retail. Other says that it was not nearly as harsh as mass theft because only personal data was breached, not financial information.
Whichever way you choose to measure this unpleasant incident, millions of online shoppers have had their password-protected data compromised. This hack is particularly memorable because it was very public, and because eBay was painted as weak on security because of their slow and lackluster public response.
7. JPMorgan Chase Hack, 2014: (76 + 7) Million Accounts
In the middle of 2014, alleged Russian hackers broke into the largest bank in the USA and breached 7 million small business accounts and 76 million personal accounts. The hackers infiltrated the 90 server computers of JPMorgan Chase and viewed personal information on the account holders.
Interestingly enough, no money was looted from these account holders. JPMorgan Chase is not volunteering to share all the results of their internal investigation. What they will say is that the hackers stole contact information, like names, addresses, email addresses and phone numbers. They claimed that there is no evidence of social security, account number, or password breach.
This hack is noteworthy because it struck at people’s livelihoods: where they store their money.
8. The Melissa Virus 1999: 20% of the World’s Computers Infected
A New Jersey man released this Microsoft macro virus into the Web, where it penetrated Windows computers. The Melissa virus masqueraded as a Microsoft Word file attachment with an email note ‘Important Message from [Person X]. Once the user clicked on the attachment, Melissa activated itself and commanded the machine’s Microsoft Office to send a copy of the virus as a mass mailout to the first 50 people in that user’s address book.
The virus itself did not vandalize files or steal any passwords or information; rather, its objective was to flood email servers with pandemic mailouts. Indeed, Melissa successfully shut down some companies for days at a time as the network technicians rushed to clean their systems and purge the pesky virus.
This virus/hack is noteworthy because it preyed on people’s gullibility and the current state weakness of antivirus scanners on corporate networks. It also gave Microsoft Office a black eye as a vulnerable system.
9. LinkedIn 2016: 164 Million Accounts
In a slow-motion breach that took four years to reveal, the social networking giant admits that 117 million of their users had their passwords and logins stolen back in 2012, to later have that information sold on the digital black market in 2016.
The reason this is a significant hack is because of how long it took for the company to realize how badly they had been hacked. Four years is a long time to find out you’ve been robbed.
10. Anthem Health Care Hack 2015: 78 Million Users
The second-largest health insurer in the USA had its databases compromised through a covert attack that spanned weeks. Details of the penetration are not being volunteered by Anthem, but they do claim that no medical information was stolen, only contact information and social security numbers.
No harm has been yet identified for any of the compromised users. Experts predict that the information will one day be sold via online black markets. As a response, Anthem is providing free credit monitoring for its members. Anthem is also considering encrypting all their data for the future.
The Anthem hack is memorable because of its optics: another monolithic corporation fell victim to a few clever computer programmers.
11. Sony Playstation Network Hack 2011: 77 Million Users
April 2011: intruders from Lulzsec hacker collective cracked open the Sony database at their Playstation Network, revealing the contact information, logins, and passwords to 77 million players. Sony claims that no credit card information was breached.
Sony took down its service for several days in order to patch holes and upgrade their defenses. There has been no report that the stolen information has been sold or used to harm anyone yet. Experts speculate that it was a SQL injection attack.
The PSN hack is memorable because it affected gamers, a culture of people who are computer-savvy fans of technology.
12. Global Payments 2012 Hack: 110 Million Credit Cards
Global Payments is one of several companies that handle credit card transactions for lenders and vendors. Global Payments specializes in small business vendors. In 2012, their systems were breached by hackers, and information on people’s credit cards was stolen. Some of those users have since had their credit accounts defrauded with dishonest transactions.
The signature system of credit cards in the USA is dated, and this breach could have easily been reduced if credit card lenders would invest in using the newer chip cards that are used in Canada and the UK.
This hack is noteworthy because it struck at the daily routine of paying for goods at the store, shaking the confidence of credit card users around the world.
So What Can You Do to Prevent Getting Hacked?
Hacking is a real risk that all of us must live with, and you will never be 100% hacker-proof in this age.
You can reduce your risk, though, by making yourself harder to hack than other people. You can also reduce the impact of when you do get hacked by implementing different passwords for your different accounts.
Here are some strong recommendations to reduce your online identity exposure:
- Check to see if you’ve been hacked and outed at this free database.
- Make the extra effort to design strong passwords.
- Use a different password for each of your accounts; this will substantially reduce how much of your life a hacker can access.
- Consider adding two-factor authorization (2FA) to your Gmail and other main online accounts.
- Consider subscribing to a VPN service to encrypt all of your online habits.