Cyber attacks are increasingly common, with criminal groups orchestrating digital assaults on organizations and individuals alike.
It is only by learning from the mistakes of the past that we can hope to better defend ourselves from data breaches in the future. With that in mind, here is a look at the biggest and most damaging cyber attacks ever seen.
Image Source: Pixabay
A stalwart of the original dotcom era, Yahoo! may not be as significant in the tech space as it once was, but it still earns a place in this list because of the sheer scale of the breaches it suffered in 2013 and 2014.
Initially the loss of information relating to 500 million users was admitted in 2016, but this was eventually increased to over 1 billion as a result of a separate breach, with Yahoo! finally coming clean about the true extent of the attack in 2017. Ultimately every single one of the 3 billion users on its books were impacted in some way by the attacks.
It is claimed that the attacks were state sponsored and executed via web cookie manipulation, leaving everything from email addresses, names and phone numbers exposed, amongst other types of sensitive information.
Another recent, high profile cyber attack carried out against the Marriott Hotels chain saw an estimated 339 guests have their privacy compromised over the course of four years.
This breach led on from the acquisition of the smaller Starwood Hotels group, which was apparently subjected to an attack in 2014, which was not then detected until 2018, during which time those responsible were able to freely use the systems and data unhindered.
Major fines were issues against the chain by regulators in several areas, and it is worth putting these in perspective to acquire a bit of context.
For example, JW Marriott Las Vegas Resort & Spa is a world-class hotel, with a casino covering 5,352 m2 of gaming space with 1,560 slot machines, 28 table games, and this is just one Marriott hotel.
Thus, when looking at what is the largest slot machine payout in history, you might assume that this would be dwarfed by the penalties levied against a multinational organization which had failed in its duty of care towards customer data security.
However, given that Marriot only had to pay the equivalent of $25 million for its mistakes, the fact that this is far lower than the $39 million won at a casino by one person shows that there is perhaps not an adequate financial incentive for companies to invest more in cyber security.
Another example of an organization that held serious volumes of private information relating to its users, then lost it when cybercriminals struck, in excess of 400 million accounts were left exposed in the wake of an attack on AdultFriendFinder in 2016.
The biggest issue here is that it was not just one database belonging to the company that was successfully breached, but a total of six. Furthermore, the data stretched back over two decades, meaning that even people who had closed their accounts years earlier were implicated.
The consternation that breaches like this cause the innocent users is undeniably problematic, but the damage done to brand reputation also needs to be taken into account. User trust can be eroded in an instant, so it pays for companies to take security seriously.
While it is the smallest breach covered so far, as over 150 million users had their details stolen in an attack on MyFitnessPal in 2018, it is still a mammoth breach that has had far-reaching consequences.
The site, a subsidiary of clothing company Under Armour, saw everything from usernames and passwords to IP addresses taken from its databases.
Within a year, security researchers identified that this information was being sold to the highest bidder on the dark web. This is indicative of the usual tactics that cybercriminals adopt; steal data from major companies and then profit from its sale, or use the information to carry out further breaches and attacks on other platforms.
Hackers had a backdoor onto eBay’s internal network for several months in a row without being detected in 2013, resulting in personal information relating to 145 million people being taken.
It is not just the initial breach which is so troubling, but the fact that crooks can enjoy unfettered access to sensitive systems for so long that deserves wider attention.
All of these businesses suffered serious operational setbacks and branding issues in the wake of these breaches, so it should act as a lesson to smaller firms that security spending is a cost-saving measure, not an unnecessary luxury that only larger companies need to worry about.