Technological advancement is seen as a linear progression of humankind towards a more connected and developed world. There is no turning back from the point website hacks we have reached so far.
Nonetheless, a new type of challenge is in front of all of us. That is ‘cybersecurity’. Data thefts are becoming more common with hacking attacks exploiting loopholes in the system. What does it cost customers when big websites get hacked? The answer is both reputation and money.
Statistics of Website Hacks:
The number of malicious attacks in cyberspace has exponentially risen over the years. According to a study by the University of Maryland, a hacking attack takes place on computers with internet access every 39 seconds on average.
Three industries including, Government, Retail, and Technology faced 95% of the total hacking attacks in 2016. The kind of information stored on the web pages of these three is of most interest to hackers. Resultantly, data breaches are more often which cause monetary losses.
Another interesting fact is that 43%of cyber attacks are aimed at small businesses. Attacks can range from denial of services to the incorporation of malware. Mostly attacks generate from the web. The incessant data breaches since the introduction of Internet technology has cost billions of dollars.
Moreover, many companies have lost their reputation which is worth more than dollars. Consequently, the focus on cybersecurity is growing. Companies put effort and money into running web scans and malware detection software. With the increased number of hacker attacks, this seems like the right thing to do.
Here is the list of the top 7 biggest website hacks in the history of the Internet:
1. Yahoo: The Hackers’ Sweet Spot
Yahoo got a series of hacker attacks from 2014 to 2017. In September 2016 the tech giant released information on the security breach. As a result of this attack data of 500 million users was stolen. Two more cyber attacks followed in 2016 and 2017 respectively.
Overall, one billion user accounts got compromised on the Yahoo platform. People have different theories regarding the motives of hackers. For instance, some believe that state-sponsored hackers carried out attacks to help law enforcement agencies.
However, we cannot say anything with absolute surety. Yahoo does have a vulnerability management system in place. It secures password cryptographically. Nonetheless, hackers exploited certain loopholes and gained access to the propriety system in some cases. The Yahoo attack was the scariest one as many users use the same email address and often times the same password to login to their bank accounts or shopping carts etc.
What Do We Learn:
The responsibility for account protection lies with users as well. What we learn from Yahoo attacker is that weak passwords can cause a lot of harm in the long run. Keep your passwords long and complex. Use window protection software. Accept cookies only from authentic and secure sites while browsing the internet.
2. Marriott Hacked:
Marriott International is a famous hotel group with its chains around the globe. In 2018, the company’s authorities disclosed a massive data breach. An unauthorized party had gained access to 500 million customers’ information. The hackers attacked the Starwood division’s reservation database.
Further investigation into the matter revealed that hackers had access to the Starwood network since 2014. Stolen data of clients included; name, gender, date of birth, address, phone number, email address, passport number, account information, and in some cases even the encrypted card information. Whether the hackers were able to decrypt info or not is still unknown. The massive hack cost Marriott International 72 million USD.
Recent Hack: Recently in 2020, Marriott Bonvoy Loyalty program members had their data stolen. Up to 5.2 million people are victims of this recent breach. Apparently, two Marriott employees themselves or someone with their credentials was involved in the breach.
What Do We Learn:
Marriott data breach is second to only Yahoo data breach in the history of database hacks. The poor vulnerability management on part of Marriot resulted in the 2018 hack event. The Starwood database had sensitive data stored in an unencrypted format. It aggravated the threat of potential misuse of information. Subsequently, Marriott International expressed the intent of encrypting information.
3. Adobe Hacked:
Adobe Inc. is a well-known software provider company. The creative designing industry runs on Adobe’s products. In 2013, Adobe faced a cyber-attack which resulted in the theft of usernames and encrypted passwords of 38 million accounts. A prior statement of the company confirmed that the hacking attack affected 2.9 million accounts. These initial victims also had their encrypted credit card and debit card information compromised.
In addition to client information, website hacks also stole the source code of Photoshop (the photo editing software). This data could help the criminal actors copy Adobe’s technique and build similar software. In the aftermath of the attack, Adobe advised its users to reset their passwords. The company also had a file of usernames and hashed passwords remove from a hackers group.
What Do We Learn:
According to Adobe’s claims, the hack wasn’t severe and its customers were safe if they didn’t use the same logins for other sites. However, attacks like such are a reminder that any company with some sort of data is vulnerable. The ways to breach are being upgraded every day. So, companies need to be on top of their games when it comes to vulnerability management.
4. LinkedIn Hacked:
LinkedIn is a popular career networking site. A notorious hacking attack on the LinkedIn site resulted in password theft of 6.5 million accounts on June 5th, 2012. The victims were no longer able to access their accounts. In an official statement, LinkedIn informed users that they will get a notification email for resetting their passwords.
Furthermore, in 2016 LinkedIn found out that the actual number of affected accounts was much bigger. Another 100 million accounts had their email and hashed passwords stolen. So, the total number of more than 106 million accounts were compromised.
Reportedly, Russian Cybercriminals were behind this cyber attack. The breach clean-up had cost LinkedIn around 1 Million USD.
What Do We Learn:
LinkedIn didn’t use salt (random data) while hashing user’s passwords. This made the site insecure. Resultantly, the company faced a backlash for negligence. However, it wasn’t really a big issue. But for hackers, it provided a back door.
5. Equifax Hacked:
Equifax is a consumer credit card company in the USA. In 2017 the company revealed an incident of hacking it suffered over a course of several months. Hackers penetrated into the Equifax network and stole customers’ data including social security numbers, names addresses, and birthdates.
The security breaches happened first in March 2017 and then May-July 2017. 147.7 million Americans were victims of the attack. The company later blamed 4 Chinese for infiltrating their computer systems. However, lawsuits and fines cost Equifax nearly 1 billion USD.
What Do We Learn:
Hackers Attack on Equifax brought a huge backlash for the company. Reportedly the employee portal of the company was accessible through open internet till June 2017, despite security warnings in 2016. The company ignored red flags and breached the trust of its customers.
6. Anthem Website Hacked:
Anthem Inc, a health insurer in the US, was hacked in 2014 resulting in data theft of 80 million people. Criminal hackers from china successfully accessed medical records and identifiable information of people. Multiple healthcare brands work with Anthem. Most of them including Healthlink were victims of the attack. Anthem had insurance of 100 million USD for cyber issues.
All of this money was spent on notifying customers of the breach. The website hack made people worried as the stolen information ranged from names, birthdays, medical ids to social security numbers, home addresses, and income data.
Anthem, after disclosing the hacking attack, told people to monitor their account activity. The company was not at fault because it wasn’t required by law to encrypt data. However, many civil lawsuits were brought against Anthem by individuals.
What Do We Learn:
Anthem had cybersecurity deficiencies that were common to databases. Nonetheless, the data breach made it clear that hackers can exploit any loophole to get into the system. The online information of users is particularly vulnerable. Special security measures and extra vigilance from users and company ( to identify breach immediately) is necessary for protection from identity theft.
7. Sony Pictures Hacked:
Sony got hacked in 2014 by a group of hackers name ‘Guardians of Peace‘. The cybercriminals got their hands on confidential information regarding Sony Pictures’ employees. Furthermore, website hacks also released movie scripts and copies of unreleased films. They also implanted malware to wipe out Sony’s computer infrastructure.
Hackers’ ambition was clear. They wanted sony to back off from the release of ‘ The Interview’, a comedy movie based on a plot to assassinate North Korean leader Kim Jong-Un. A subsequent investigation into the hacking attack revealed that the Korean government-sponsored the attack. Sony decided to release the movie directly on the internet without premiering it in theatres.
What Do We Learn:
The Sony Pictures’ Hack was different from all the other hacking attacks. It brought repercussions of cyber attack in the real world. Hackers released family pictures of sonny employees and also gave threats of terrorist attacks at theaters. So, we learn that cyberattacks can be as worrisome as a real-life threat to you and your family.
Hacking attacks are becoming very common these days. With all of our data present in digital space, everyone needs to be vigilant. If you are a company, whether big or small, with some sort of data on your site then you are already in hackers’ crosshairs. In order to protect yourself and your users, make efficient cybersecurity plans. Run web scanning and put vulnerability management infrastructure in place. Lastly, putting an extra security check besides email and password is always a good step. So, don’t ignore captcha, security check, and 2-Factor Authentication (2FA).
About Vizz Web Solutions:
Vizz Web Solution is tech solutions provider company. We are experts in building software for all sorts of industries. Additionally, providing secure solutions with no room for hacking attacks is our foremost priority. Check our portfolio to get an idea about the work we do. Contact us for any queries or consultancy.