Today’s business leaders can’t afford to let down their guard when trying to avoid the risk of experiencing costly data breaches. They can cost millions. CSO noted in April 2020 that today’s hacks and data breaches regularly affect millions of people per-incident and sometimes that number even spirals into the billions.
An essential strategy that organizations of all sizes use to keep cyberattacks at bay is to hire IT security professionals to protect their data assets. It is no surprise that the demand is outpacing supply for talented and energetic cybersecurity professionals in today’s risk-laden landscape. In an industry where the demand and pay are high, it’s also an inviting area for students to focus their studies.
Before taking a step in that direction, having a clear idea of what cybersecurity professionals face in this fast-paced and high-stakes profession can be helpful. Just what do today’s top information security teams face? We can get an idea by reviewing cybersecurity attacks of the past, from the type of customer data affected to the overall scope of each event.
The 8 Biggest Hacks in History
As businesses of all sizes and industries around the world gather and store information like never before, they can never stop looking over their shoulder for the hacker in the shadows, the one trying to breach their system and steal customer, intellectual and financial data—as these companies learned the hard way:
In 2019, CNN reported that Yahoo disclosed two massive data breaches that affected 3 billion user accounts. The first significant hack incident occurred in 2013 when an unauthorized third-party infiltrated the system and stole user data. In 2014, Yahoo officials reported that the attack was the work of a ‘state-sponsored actor.’ As of 2017, the web service provider revealed that accounts for every customer on its books during that time were breached, including customers who signed up with Tumblr and Flickr.
2. Dropbox, LinkedIn, and Formspring
In 2012, a Russian hacker named Yevgeniy Nikulin caused chaos for three major online outlets and 2.2 billion users by installing malware that compromised each website’s system, providing him with access to user names and passwords. Nikulin breached the internal networks of Dropbox, an online file hosting service, and LinkedIn and Formspring, two social media platforms. He then sold their databases on the black market, allowing multiple hackers around the world to extract, dump, and pass around the stolen data via the dark web.
3. Google Cloud Server
In October 2019, information security researcher Vinny Troia came across 1.2 billion consumer records, amounting to 4 terabytes of user data, in an unsecured Google cloud server, according to Inc. While he did not come across any financial information or user passwords, Troia found email addresses, social media profiles, and some instances of income levels—the very kinds of information hackers use for spam, cyberattacks, and account hacking.
4. Evite, MindJolt, Wanelo, and Many Other Organizations
In early 2019, a hacker called Gnosticplayers infiltrated over 44 companies’ internal systems and stole nearly 1 billion user records that included usernames, passwords, email addresses, and IP addresses. The hacker released batches of data on Dream Market, a dark web marketplace known for selling illegal products.
5. First American Financial Corp.
In spring 2019, First American Financial Corp., a leading US real estate and mortgage insurer left 900 million sensitive customer files vulnerable and exposed for more than two years. Customer file information included bank account numbers, bank account statements, Social Security numbers and driver’s license photographs. Such information is more than enough for cybercriminals to steal identities and money from victims. The organization had kept the nearly 900 files hosted online since March 2017, but officials have not determined if anyone improperly accessed the data, per WPTV.
6. Dubsmash, MyFitnessPal, MyHeritage, and 13 Other Websites
Throughout 2018, nearly 620 million records from 16 major websites were stolen and sold on the dark web for $20,000 in Bitcoin. User information consisted of account holder names, passwords, and email addresses.
7. Marriott International
From 2014 through 2018, attackers stole around 500 million customer records from Marriott International systems. The breach initiated on systems supporting the Starwood hotel brand in 2014, with hackers remaining in those systems until their presence was discovered in September 2018. The hackers took a combination of customer contact information, passport numbers, travel information, Starwood Preferred Guest numbers, and credit card numbers.
With two major hacking events, featuring a combined breach total of nearly 850 million users, Facebook is an essential addition to any list of large-scale cybersecurity attacks. In one incident, two Amazon AWS servers left 540 million Facebook users’ sensitive account information exposed. Another event occurred directly on the Facebook database, which contained 267 million user IDs and phone numbers. The information was leaked on the open web for anyone to view without any authentication. Comparitech, in cooperation with Bob Diachenko, discovered the Facebook data leak and learned that it was the result of illegal scraping or abuse of the Facebook API.
What Do the Endless Cybersecurity Breaches Mean to Businesses and Aspiring IT Security Professionals?
Unfortunately, the eight hacks listed here are only the tip of the hack and intrusion iceberg that has filled up the last decade. It’s easy to go back in the years before to learn that history keeps repeating itself with a trove of infiltrations and compromises. And there are no signs of the trend slowing down over the next decade. Organizations must remain vigilant against active, imaginative, and conniving cybercriminals to protect their customers, stakeholders, brand reputation and future profits. Businesses of all sizes and in all industries need bright minds ready to stay several steps ahead of today’s hackers to prevent an array of intrusive, disruptive and destructive cyber events. That could be you.
If you are planning to pursue a career in cybersecurity, the demand is there. You’ll continually put your skills to the test to protect your employer or clients as you seek to help them stay off future lists for the biggest hacks in history.