History's biggest cyberattacks and how to protect yourself on the internet
Hackers commonly gain access to secure company systems through a third party contractor that has system access and weaker cybersecurity
When a large company falls victim to a cyberattack, millions of people stand to have their sensitive data compromised.
The biggest cyberattacks in history have seen tens to hundreds of millions of users' information exposed to hackers. They have caused stock prices to plummet and customers to abandon brands.
Companies spend a considerable amount of money on cybersecurity each year. But as their security measures become more advanced, so do cybercriminals' methods to outmaneuver them.
DHS SURVEY HIGHLIGHTS NEED TO MODERNIZE NATION’S 911 SERVICES
When your information is leaked due to cybercrime, there is not much you can do. But there are best practices you can follow to minimize the damage and ensure the security of your other accounts.
Biggest cyberattacks in history
- Yahoo
- Marriott
- Adult Friend Finder
- Under Armour/MyFitnessPal
- eBay
- Heartland Payment Systems
- Target
- Uber
- Equifax
Best practices for internet security
Biggest cyberattacks in history
1. Yahoo
In September 2016, internet giant Yahoo announced it had been the victim of the biggest data breach in history. The company said the attack compromised the names, email addresses, dates of birth and telephone numbers of 500 million users. A couple of months later, it was revealed a different group of hackers compromised 1 billion accounts.
Yahoo, then a publicly traded company, was acquired by Verizon in 2017 for a little over $4 billion. However, in October 2017, the company revealed that the total number of users impacted by the breach stood at 3 billion. Experts consider the hack the largest discovered in the history of the internet.
2. Marriott
On Nov. 30, 2018, the hotel empire revealed a security breach of its Starwood Hotel brand that may have compromised the data of as many as 500 million guests. Although the breach was not discovered until 2018, the actual theft is believed to have occurred in 2014. The hacker successfully copied over 5.2 million unencrypted passport numbers and 380 million booking records.
AVOID CYBERSCAMS: STRENGTHEN YOUR SECURITY AND WHAT TO DO AS A CYBERCRIME VICTIM
Marriott said hackers stole an additional 8.6 million encrypted credit card numbers along with 20.3 million encrypted passport numbers. The damage caused by the breach makes it one of the biggest online thefts in history.
3. Adult Friend Finder
The website Adult Friend Finder is one of the biggest online dating and networking platforms in the world. In October 2016, the website said hackers could gain access to more than 20 years of data on its six databases, including names, email addresses and passwords of 412.2 million accounts.
The breach became apparent after six databases that the company owned suffered a massive breach with the information of more than 15 million deleted accounts being exposed.
4. Under Armour/MyFitnessPal
In February 2018, the sports apparel brand Under Armour disclosed that a hacker gained access to the email addresses and information of 150 million users of its food and nutrition website, MyFitnessPal.
5. eBay
In May 2014, eBay announced that hackers got into the company network using the credentials of three corporate employees and had complete inside-access for 229 days. During this time, they were able to collect the personal information of all of its 145 million users.
AI FUELING RISE IN CYBERATTACKS
Sensitive user information was compromised by these hackers, including physical addresses, phone numbers, dates of birth, names, encrypted passwords and emails.
6. Heartland Payment Systems
In January 2009, Heartland Payment Systems, the sixth-largest payments processor in the U.S., announced that its processing systems were breached in 2008, exposing more than 134 million credit card numbers and over 650 financial services companies.
The company's stock price fell by nearly 80% within months of the breach. However, two Russian hackers were eventually charged and convicted for carrying out the attack in 2018.
7. Target
In 2013, the retail giant was attacked days before Thanksgiving when hackers gained access through a third-party HVAC vendor to its point-of-sale payment card readers. The breach affected data collected on approximately 110 million customers.
HOW THE TARGET AND UBER CYBERATTACKS FROM YEARS AGO SHAPED PUBLIC PERCEPTION OF CYBERSECURITY TODAY
8. Uber
Uber was breached by hackers in 2016 when code containing sensitive information was uploaded to the website Github. The hackers were able to access Uber's systems and compromised the data of 57 million Uber users and drivers, including their driver's license numbers.
The company's response was to cover it up. They paid the hackers $100,000 to delete their stolen data and chalked it up to a "bug bounty" payment, which is when companies pay ethical hackers who find a security breach and bring it to their attention.
When news of the security breach and ensuing coverup broke later, Uber faced intense backlash from users and lawmakers alike.
9. Equifax
In September 2017, one of the largest credit bureaus in the U.S. revealed that personal information, including Social Security numbers, birthdays, addresses and, in some cases, driver’s license numbers were compromised.
CLICK HERE TO READ MORE ON FOX BUSINESS
In 2020, the Justice Department charged four Chinese military hackers with breaking into the computer networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans.
Best practices for internet security
Long, strong passwords are important to give hackers a harder time cracking them.
But potentially more important is using a unique password for every site. Once one account is compromised, hackers can use your login information in AI hacking tools that try to log into many common sites, which could lead to many more accounts becoming compromised.
Another best practice is to make up answers that only you would know when creating security questions. Many of the answers to default security questions asking, for example, what school you attended or where you used to live, are easily obtainable.
Remember that, to hackers, time is money. Taking basic security measures like using multifactor authentication make you a less attractive target. Hackers will tend to move on to low-hanging fruit.
Phillip Nieto contributed reporting.