Posted on 20/04/2016 by
Cyber attacks have become a regular feature of modern life throughout the globe. Where there exists technology, there's also a hacker willing to infiltrate and exploit it. Cyber crime is a vastly lucrative industry and is estimated to cost the UK economy £27bn a year - just short of 1% of GDP. But hacking can also be ethical as shown by organisations like Wikileaks who seek to expose government hypocrisy and corruption internationally. Client Server examine the 9 biggest hacks of all time, ranked by the amount records stolen.
9) Playstation Network, 2011: 77,000,000 records stolen
Between April and May 2011, Sony Computer Entertainements online gaming service, Playstation Network (PSN) was hacked along with it's media streaming service, Qriocity, by LulzSec, a derivative of the hacking collective Anoymous.
The group managed to expose the names, birthdays, email addresses, passwords, security questions and even some credit card details of PSN users, through circumventing Playstation Network's core security mechanisms with what was likely an SQL injection.
The PSN hack exposed Sony's inherently floored security system and highlighted the relative ease of obtaining personal details of users which had not been sufficiently encrypted. Sony were vehemently criticised for their slowness to respond and initial inability to identify or rectify the problem.
8) Anthem, 2015: 80,000,000 records stolen
Last year, the second largest health insurer in the US was hit by a concentrated attack, stealing un-encrypted personal details including the social security numbers, dates of birth, addresses and phone numbers of tens of millions of Americans.
It took Anthem a number of weeks to realise that the data was being stolen, by which point the damage had been done. Experts believe the breach, which is rumoured to have originated from China will cost the US healthcare giant $100million (£69.5m).
7) AOL, 2004: 92,000,000 records stolen
A software engineer who worked within America Online stole and sold tens of millions of customer records to spam email companies.
Jason Smathers took advantage of his inside knowledge of AOL's computer systems to steal users screen names, selling them to an online gambling site owner who proceeded to sell on the details to a number of third parties, resulting in a total of 7 billion unsolicited emails being disseminated.
The AOL mega hack is significant as it set a precedent for the infiltrations that were to follow, and proved that astronomical amounts of data could be stolen with ease. Smathers was sentenced to 15 months in jail for the theft.
6) TK / TJ Maxx, 2007: 94,000,000 records stolen
The US based retail giant is world renowned for selling the world's biggest brands at knock-down prices, however in 2007 their customers were remembering them more for losing their driving license details as well as their credit and debit card numbers.
Utilising an insecure in-store WiFi network, hackers had unrestricted access to all customer's records representing the biggest retail hack in history.
5) Heartland, 2009: 130,000,000 records stolen
Heartland Payment Systems process over 11 million transactions per day in the US, representing $80 billion in transactions a year. It's big business and was certainly a lucrative target when it was hit by hackers in early 2009.
Cyber criminals took advantage of a vulnerability based on SQL injection as AOL had five years previously. Analysts had warned Heartland as to their vulnerability to this now well known attack but had done nothing.
The breach was the biggest credit card scam in history and eventually cost the company $110 million from settling claims associated with the breach.
4) Ebay, 2014: 145,000,000 records stolen
Through obtaining the details of a small group of the world's biggest auction site's employees, hackers were able to access a database containing a complete list of customers details, seizing a majority of them.
3) Adobe, 2013: 152,000,000 records stolen
For a company that prides itself upon the quality of its' many software packages, Adobe would not be high up on the list of organisations you would expect to hacked, especially to the extent and depth in which they were in 2013.
Approximately 38 million accounts, containing some 152,000,000 documents were stolen by hackers, including encrypted payments details and passwords of Adobe's customers.
2) American Business Hack, 2004-2012: 160,000,000 records stolen
In the 8 years between 2004 and 2012, hackers based in Ukraine stole an estimated $300 million from a culmination of some of the US's largest businesses.
The cyber thieves managed to lift private payment information from the databases of organisations including Dow Jones, JC Penney, 7 - Eleven and Euronet. US card numbers sell on the black market for approximately $10, with Canadian ones priced at $15 and Europeans fetching the most at $50 a piece.
1) Operation Shady RAT, 2006-2010: Unknown number of records stolen
Remote Access Tools are the holy grail for hackers as they allow computers to be taken over from anywhere in the world, providing unprecedented access to would-be cyber criminals.
Between 2006 and 2010 the Chinese government are alleged to have stolen untold amounts of private data belonging to some 70 public and private organisations in 14 countries, seizing a fortune in intellectual property. Victims included the International Olympic Committee and the World Anti-Doping Agency, which pointed the finger at China in the lead up to the 2008 Beijing Olympics.