Until this week, Facebook or Twitter being hacked seemed like a worst-case scenario for many casual Internet users. Nobody expected the servers of MySpace, which houses 390 million accounts, to be hacked.
This is 2016, not 2005, but it happened, and it shines another light on how unsecure many corporations are. Let’s poke around at a dozen of the most infamous corporate hacks of all time to see if there are lessons to be learned.
12. Snapchat (2013)
Although Snapchat’s largest hack was back in 2013, security concerns remain as the service is one of the most-wanted hacking targets. The temporary nature of Snapchat’s snaps makes it appealing to younger generations to hold discrete conversations with a level of comfort knowing it’s as private as digital conversations get. This, of course, means everybody wants to see everyone’s Snapchat.
A simple Google search of “Snapchat hack” produces 585,000 results, and many of the top results aren’t about the major database breach that affected millions of users. Instead, they were tools and how-to guides on how to hack into someone’s account. Supply is meeting demand, and Google’s algorithms rarely lie.
11. Apple (2014)
The Fappening was the hottest topic of 2014, despite strong contenders in hacks, data breaches, and other cybercrime. On August 31, 2014, a 4chan user began leaking a collection of nearly 500 private celebrity photos (many of them nudes) in one of the most high-profile data breaches in recent history.
Celebrities like Jennifer Lawrence, Kaley Cuoco, and Kate Upton were among the dozens of mostly female celebrities affected by the leak. Using a fake email, Ryan Collins of Lancaster, PA, the hacker responsible, tricked several celebrities into supplying their Apple login information. They used this information to search contact lists, emails, and iCloud documents
10. Home Depot (2014)
In September 2014, Home Depot made the news for admitting a breach into their servers resulted in 56 million credit and debit card numbers and 53 million email addresses being compromised. The breach was traced to a leaked vendor password that was used to break into the system and install malware.
The malware sat undetected on cash registers and point of sale terminals for five long months before finally being discovered and removed. So far this incident is said to have cost Home Depot over $43 million in damages, according to Kapersky Labs.
9. DDoS (2001)
If you don’t already know, DDoS is a distributed denial-of-service attack in which refresh requests are repeatedly sent to a server to overload it. The tactic is the definition of a script-kiddie hack, but it’s effectively shut down sites as big as PayPal in 2011 in protest for the company halting contributions to Wikileaks.
The DDoS attack was used in online forums for years, but in 2011 a then-15-year-old hacker who went by the name MafiaBoy aimed a DDoS attack (known by Anonymous as the low-orbit ion cannon) at some of the biggest sites on the block and successfully took down CNN, Yahoo, Amazon, eBay, Dell and eTrade before being stopped.
8. JP Morgan Chase (2014)
In the summer of 2014, JP Morgan Chase, the largest bank in the country, was hacked and 83 million customer records (72 million of which were personal accounts) were leaked. Account numbers, names, email addresses, physical addresses, passwords, social security numbers, and user IDs were leaked from June to August of that year.
Although Chase hasn’t released specific losses, analysts say a data breach costs an average of $154 for each account, which adds up to $12.782 billion, and Chase is reported spending upwards of $250 million per year to upgrade security.
7. Sony PlayStation (2011)
Every gamer remembers the great PlayStation Network hack of April 2011. Personal information including passwords and credit and debit card information was stolen from the servers of Sony after a SQL injection exploited an Apache server. Although a patch had been released weeks ago, Sony had not yet installed it and was therefore vulnerable.
A total of 77 million customers were affected by the hack, which caused Sony to temporarily shut down the PSN, issue apologies and gifts galore to affected users, and spent over $173 million recovering. Estimates of a $3.1 billion loss were projected, and, a few years later in December 2014, Sony Pictures would suffer a hack, leading in the leak of the movie “The Interview” as well as (coincidentally) several Academy Award hopefuls.
6. Anthem (2015)
Hacking and healthcare is a scary proposition. With so many smart and connected devices being used for artificial and supplemental parts, it’s only a matter of time before someone’s artificial heart or prosthetic leg is hacked. In 2015, we saw just how vulnerable healthcare servers are, when Anthem, a leading health insurance giant, was hacked.
To this day, we still don’t know the full effect of the breach, though 78 million records were affected. Costs are estimated at over $100 million, which analysts fear extends beyond the company’s insurance policy. Whether or not Anthem will survive this hack remains to be seen.
5. TJ Maxx (2007)
It’s funny when the rich are hacked, but we’re pretty sure rich people aren’t shopping at TJ Maxx and Marshall’s. Those are my mom’s stomping grounds, along with 94 million other customers who had their customer and financial information compromised in from 2003 to 2007 as hackers harvested customer information through POS machines.
Costs from the breach range from $256 million to $4.5 billion, though the retailer has managed to remain afloat and is just as bad off as every other brick-and-mortar retailer.
4. Heartland Payment Systems (2006)
From 2006 to 2008, Heartland had 130 million credit card numbers stolen by Albert Gonzalez of Miami, FL and two Russian cohorts. Payment processors are middlemen who retailers pay to process credit card payments for them. Large regional and national retailers such as 7-Eleven use Heartland, and in a two-year period these hackers became millionaires.
Unfortunately for Gonzalez, he was given the maximum sentence and won’t see daylight for at least another six years, while at least one of his cohorts has another 20 to go in his Turkish prison sentence.
3. HBGary Federal (2011)
When HBGary Federal CEO Aaron Barr announced in February 2011 he was going to unmask the leaders of Anonymous, the hacker group immediately went on the offensive. By penetrating the company’s email server, Anonymous leaked emails showing multi-million-dollar smear campaigns orchestrated by HBGary on behalf of clients as diverse as Bank of America and the U.S. Government.
Barr lost his job, but not before ensuring the hackers responsible were caught, including Hector Xavier “Sabu” Monegur, who would eventually turn informant, Ryan “Kayla” Ackroyd, Jake “Topiary” Davis, and “tflow,” whose real name wasn’t released due to being 16. The incident is one of the most infamous sagas in the history of Anonymous.
2. Nasdaq (2010)
The stock market is one of the least understood parts of economics. What little the general public does know is Wall Street depends on computers, very fast and secure ones. So when it was discovered that Nasdaq had been hacked in October 2010, everyone was instantly alarmed.
No one had ever successfully compromised such a target, and an NSA analysis of the malware confirmed it was designed with possibly military intent. It was traced back to Russian software engineering and was attempting to steal $11 billion from the New York Stock Exchange, which would have effectively crippled the U.S. economy. The White House highlights this attack as proof NSA data monitoring is necessary.
1. MySpace (2016)
It feels like this week’s MySpace hack is inconsequential, but it’s not. Although you may believe you use unique passwords and update them often, odds are you follow a pattern which is likely a repeating one, especially as you get older. So when old accounts like MySpace are hacked, it’s a reminder of how much information we really leave lying around.
Approximately 360 million MySpace user accounts have been compromised, and if you were under 40 in 2000, there’s a good chance yours is one of them. Before Facebook and SnapChat, MySpace was actually a decent place for young people to be. Now all those memories are available again for anyone to revisit.
Despite all the security and encryption technology in the world, hackers still manage to access and leak confidential information now more than ever. Companies large and small in every industry need to keep their databases and networks secure, especially now that Visa, MasterCard, EuroPay, Amex, and Discover have successfully shifted fraud liability to businesses.
Consumers need to know how simple many of these hacks were accomplished and understand the government and law enforcement action associated with breaking into or shutting down a company’s servers. DDoS is the most basic hack attack, yet it’s also one of the most harshly punished as we saw in the PayPal case.
As more devices become automated and connected, including drones, automobiles, VR/AR headsets, and cameras galore, expect hacking to continue making an impact on the world through technology.
Brian Penny is a former Business Analyst and Operations Manager at Bank of America turned whistleblower, troll, and freelance writer. His work appears in High Times, Huffington Post, Fast Company, Hardcore Droid, and The Street.