The 2010s has only just ended, but in the cybersecurity world it will be long remembered for a large number of high-profile cyberattacks that shaped the world of cybersecurity today. These attacks should interest every internet user as, besides being morbidly fascinating, some will have affected many of those reading this article.
Yahoo in 2013
Have you ever had an account with Yahoo? Was this account before 2013? If so, your email address was compromised and the password you used were almost definitely added to a hacker’s dictionary. In 2013, every single Yahoo account was compromised – that’s roughly 3 billion independent accounts in what holds the record for the single largest breach in the entire history of the internet. It shockingly took Yahoo until 2016 to let their users know that their names, emails, birthdates, phone numbers and security answers had been sold on the dark web. This catastrophic cybersecurity failure had a significant impact on Verizon’s acquisition of Yahoo, causing it to be worth $400 million less.
Ashley Madison in 2015
Ashley Madison is a dating site for married people to have affairs. In 2015, their database of more than 30 million email addresses was leaked, as well as credit card information. Although this value pales in comparison to a breach like Equifax, the social impact of this leak was huge. Politicians and celebrities were found to have used it and many domestic issues were caused by spouses finding out about their partner’s proclivities. Some suicides were even reported as being linked to the incident, with Ashley Madison being mentioned in suicide notes. As a result, this hack was one of the first to result in deaths.
Equifax in 2017
Equifax is one of the USA’s largest credit bureaus. In 2017 it got access to 143 million customers’ data. The value of this data was absolutely massive as the information compromised included social security numbers, credit card numbers, drivers’ licence numbers and more – an absolute gold mine for identity thieves. Equifax’s CEO had to testify at four hearings and embarrassingly admitted it was due to one single update not being made.
Equally embarrassing was the website that Equifax offered to customers to learn if they were impacted by the breach. Emails sent to customers resembled phishing emails, directing them to a website with a flawed TLS implementation and other problems. As a result, it was classified as a phishing site and users were blocked from being able to access it by some security firms. Click here to find out more about phishing.
Target in 2013
Target was breached by its reliance on third-party partners. Malware was passed into Target’s system via an air conditioning contractor that partnered with the company. As a result of this creative malware entrance, 40 million Target customers had their card details stolen and 110 million customers were impacted. It was truly impactful for Target – their CIO had to resign and it lost nearly $300 million due to the hack. It changed the future of cybersecurity as it brought the issue of third-parties into mainstream debate and showed what damage they could do.
Were there any hacks we missed? Let us know in the comments.