As technology advances, so does the dark underbelly of cyber threats. Over the past decade, the world has witnessed a relentless barrage of devastating hacks and cyber-attacks that have left businesses, governments, and individuals reeling in their wake.
Digital transformation has accelerated the growth of data, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyber-attacks of the future might become remains to be seen, but as the old saying goes: ‘Those who do not learn history are doomed to repeat it.’ Therefore, understanding the past and evolving tactics of cybercriminals and fortifying our cybersecurity measures becomes an imperative, lest we find ourselves at the mercy of even more colossal and destructive breaches in the years to come.
Here are 12 of the most notorious data breaches and cyber-attacks in recent history:
The Yahoo Hacks (2013 & 2014):
In 2013 and 2014, Yahoo suffered two major data breaches that had severe consequences for millions of users. The first breach compromised over 1 billion Yahoo accounts, including names, dates of birth, security questions, contact details, and passwords. The second breach affected 500 million accounts.
The data breaches highlighted the serious implications of password and security question reuse. Additionally, outdated encryption methods used by Yahoo failed to protect user data adequately, making it vulnerable to attackers.
WannaCry Ransomware Attack (2017):
The WannaCry Ransomware attack was a global event that affected numerous computers running Microsoft Windows in 2017. The ransomware encrypted users’ data and demanded Bitcoin payments from victims.
The attack impacted over 200,000 computers in 150 countries, causing damages ranging from hundreds of millions to potentially billions of dollars. A new version of the WannaCry ransomware attack reappeared in 2018.
Equifax Data Breach (2017):
One of the most extensive data breaches in history occurred in 2017, affecting Equifax, a major credit reporting agency. The breach exposed sensitive personal information, such as social security numbers, dates of birth, addresses, driver’s license numbers, and more, of over 143 million customers.
Attackers had access to Equifax’s systems for 76 days before being discovered. The breach cost the company $1.4 billion in recovery efforts. The attack was facilitated by an XXE vulnerability in the company’s customer complaints web portal, left unpatched due to internal failures. Lack of proper segmentation and authentication mechanisms also enabled attackers to access data and credentials without detection.
Cambridge Analytica Scandal (2018):
In 2018, a significant scandal came to light involving Cambridge Analytica, a political consulting firm that had illicitly obtained access to the personal information of millions of Facebook users without their knowledge or consent. The breach occurred due to a flaw in Facebook’s application programming interface (API), which allowed third-party developers to access sensitive user data.
This incident raised serious concerns about data privacy and the necessity of implementing stricter access controls to safeguard user information. Facebook faced widespread criticism for its role in the breach and was subsequently fined $5 billion by the US Federal Trade Commission for violating users’ privacy rights.
Marriott International Data Breach (2018):
Marriott International experienced one of the largest data breaches in history in 2018. Attackers compromised the company’s systems, exposing the records of 500 million guests. The stolen data included sensitive information such as passport details, credit card information, arrival-departure dates, personally identifiable information (PII), and more.
The attackers exploited vulnerabilities in the company’s guest reservation system using email spoofing and legacy IT infrastructure. The British Information Commissioner’s Office (ICO) fined Marriott $23.9 million (£18.4 million) for violations of the General Data Protection Regulation (GDPR).
Facebook Data Breach (2019):
In 2019, Facebook experienced a massive data breach that affected more than 533 million users. The breach involved the exposure of sensitive personal information, including location data, phone numbers, user IDs, account names, and more. The stolen data was later posted on hacking forums and obtained from two datasets originating from third-party Facebook apps.
The breach occurred because Facebook was storing user passwords in plain text, making it easy for hackers to access user accounts by guessing or cracking passwords.
SolarWinds Supply Chain Attack (2020):
In 2020, SolarWinds, a network-monitoring software used by numerous high-profile organisations, was targeted in a supply chain attack. Russian hackers compromised the company’s production environment and inserted malicious code into its Orion network monitoring product. Over 18,000 customers including major tech companies such as Intel, Nvidia, Cisco, and VMware among others installed a tainted software update that installed Trojan horses into client systems.
The attackers exploited password guessing, spear-phishing, and a zero-day vulnerability in the Orion software to gain access to SolarWinds’ systems. They evaded detection for months due to insufficient logging and monitoring practices.
Kaseya Ransomware Attack (2021):
In 2021, IT solutions provider Kaseya fell victim to a ransomware attack orchestrated by the REvil group during the US Independence Day weekend. The attackers exploited unpatched SQL vulnerabilities in the company’s VSA servers, impacting over 1500 of Kaseya’s clients.
Though not the largest attack in terms of size, it gained notoriety for its significant impact. The attackers demanded a ransom in exchange for a decryption tool, and Kaseya had to comply and pay to restore its operations.
Colonial Pipeline Ransomware Attack (2021):
The Colonial Pipeline, a major American fuel supplier, fell victim to a ransomware attack using the DarkSide ransomware in 2021. The attackers targeted the company’s billing infrastructure, halting pipeline operations for a week and causing fuel shortages and panic buying along the east coast of the US.
The attackers demanded a ransom in Bitcoin, and Colonial Pipeline paid to regain access to their systems. The attack was exacerbated by a lack of proper security controls and protocols within the company’s IT systems, including an unpatched legacy VPN vulnerability.
JBS Ransomware Attack (2021):
Global meat supplier JBS also suffered a massive ransomware attack in 2021. The incident halted its operations in the United States, Canada and Australia. The attackers exploited flaws in the company’s system and demanded a cryptocurrency ransom of $11 million to restore operations.
LinkedIn Data Breach (2021):
In June 2021, LinkedIn, the renowned professional networking platform, faced a significant data-related issue affecting a massive 700 million users, which constituted over 90 percent of its user base. A hacker, identifying themselves as “God User,” utilised data scraping techniques to exploit not only LinkedIn’s API but also that of other websites. Subsequently, the hacker disclosed a first information data set of approximately 500 million customers, followed by the announcement of selling the complete database of 700 million users.
LinkedIn contended that no sensitive or private personal data had been exposed, and they characterised the incident as a violation of their terms of service rather than a data breach.
Twitter Breach (2022):
In 2022, Twitter encountered a major data breach involving excessive data exposure. The breach began with attackers selling the information of 5.4 million users on a hacking forum. Subsequently, in January 2023, the attackers scraped the public and private data of 400 million additional users and sold it on the dark web.
The flaw in Twitter’s systems allowed attackers to verify if email IDs and phone numbers were linked to specific Twitter accounts. This breach left numerous users, including high-profile individuals such as celebrities, politicians, and activists, vulnerable to social engineering, targeted phishing attacks, identity theft, and other cyber threats.
