Past Hacking Attacks and Data Breaches

top hacking attacks in history cybergate international

Past Hacking Attacks and Data Breaches

Top Hacking Attacks in History

Cyber attacks, including high authority website defacing, data breaches and malware spreads, dominated headlines over the past decade. The Internet landscape evolved in the past few years, with borderless commercial transactions taking place every second. Organisations have discovered the power of data and its mining to guide their management teams in critical business decision making. Marketing teams have seen the addition of a number of digital channels to their marketing mix and overall most businesses have undergone sophisticated digital transformations.

In this article we will take a look at some of the biggest cyber attacks that happened in recent years.

Millions of people's data are affected by these cyber security failures.

5 of the most notorious black hat hacking attacks in history follow.

Melissa Virus

Back in 1999 a programmer based in New Jersey, David L Smith, created this first major computer virus which shocked the world. The virus was disguised as a normal MS Word program and was sent to a vast number of unsuspecting recipients. The virus ‘re-sent’ itself to the first fifty people from each infected computer’s address book.

It is estimated that it caused 80 million dollars in damages and compromised around 20% of the world’s computers. David L Smith was jailed for 20 months.

NASA and the US Defense Department – hacked by a teenager

Also in 1999 a fifteen year old from Florida, by the name of Jonathan James, managed to penetrate the computer system of a US Department of Defence division and installed a backdoor on its servers. This malicious program allowed him to intercept tens of thousands of highly classified emails from various governmental agencies and organisations including mails with credentials for military computers and highly confidential emails.

Using his backdoor, James managed to steal important NASA software modules which led to NASA shutting down their systems for around 3 weeks. Jonathan James was later caught. In 2008 James committed suicide and in his suicide letter he denied all allegations related to this hacking incident.

PlayStation Network Hack in 2011

In April 2011 a hacker managed to access the PlayStation Network system. This resulted in data and personal information loss for approximately seventy-seven million users. The company hit by this attack, Sony, in a statement had said that hackers have accessed personal information, but said there is no evidence of credit card details theft. The illegal and unauthorised intruders got access to people’s names, addresses, email address, birth dates, usernames and passwords and security questions.

Sony had to shut down for twenty days and lost a staggering 171 million dollars. This loss included ‘welcome back’ packages. As part of their damage control, Sony allowed PlayStation Network Users to play a number of free games as compensation for the downtime.

This hack incident is possibly one of the biggest ever, into one of the world’s main holders of credit cards. The world’s top holders of credit cards are Amazon, PayPal, iTunes and eBay each holding more than hundred million accounts.

Marriott International data breach in 2014

The Marriott hack involved around half a million Starwood guests from all over the world. The hotel chain had its guest reservation database compromised by attackers who had penetrated their network some three years before the actual attack. Hackers copied and encrypted information including name, address, phone number, email address, passport number, date of birth, gender, account information and arrival-departure information of guests’ stays at their hotels which include top brands such as Sheraton and Le Meridien.

It remains unknown whether encryption keys have been stolen. As part of an image-repair (PR) drive and compensation campaign Marriott offered customers a twelve-month subscription to a fraud-detection service free of charge.

2017’s Equifax data breach

Search engine search results for the search term ‘Equifax’ show a good number of adverse media articles related to the well-known data breach which happened in 2017. Equifax is a multinational client credit reporting agency which collects and aggregates data and information on over eight hundred million individual consumers and more than eighty-eight million businesses internationally.

Practically personal information of half the USA’s population was exposed by the attack. This attack was very similar to Ashley Madison’s data breach. The situation got out of hand (post the breach) with a lot of phishing attacks and imposter websites asking for people’s personal information.

In settlement, Equifax offered affected users settlement funds and free credit monitoring. From a technical perspective, this data breach was due to a vulnerability open-source Apache Struts which was not patched on Equifax servers in a timely manner. An unknown hacker-group had targeted websites that failed to update Struts with the available key security patch.

These hackers literally used a keyboard instead of a gun. Organisations ended up suffering financial losses, credibility losses and reputational damage which cost an arm and a leg to rebuild. In 2020 so far all the following fell victim to hacking attacks: Manchester United, AstraZeneca, Toledo Public Schools, Jewish General Hospital, and University of Mumbai. Prevention and awareness are the answer – pen test your systems and applications today!

    We are here to help

    francesco mifsud cybergate your cyber security partner
    Francesco Mifsud
    [email protected]

    I live and breathe cyber security and everything else in the discipline. With around a decade of experience in the industry I have had the opportunity to develop skills in penetration testing, cloud security, reverse engineering & exploit development, application security engineering, management and organisation-wide cyber security strategy. I hold a well-rounded set of security certifications such as OSCP, eWPTX and CISSP and have delivered training & workshops at some of the most prestigious hacking conferences such as DEF CON, BRU CON, BSides London and BSides Manchester.