/>
X

Join or Sign In

Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.

Use your email Use Linkedin Use Facebook

These were the biggest hacks, leaks and data breaches of 2016

Over two billion records were stolen in 2016 alone -- and the year isn't over yet.

|
zack-whittaker-hs2016-rtsquare-1.jpg
|
Topic: Security
a-1-hero.jpg
1 of 18 file photo

Historical hacks come back to haunt, and fresh breaches bite our behinds

This was the year when many historical hacks came back to bite millions just as they were least expecting it. The uptick in delayed reporting contributed to almost 3,000 publicly data breaches this year alone -- exposing more than 2.2 billion records. And the year isn't even over yet.

Even as we approach December 31, there's no sign of it ending. Let's take a look back at some of the biggest -- and most dangerous -- hacks and leaks so far.

b-2-iphone.jpg
2 of 18 file photo

FBI hacked terrorist's iPhone 5c

Should Apple help the FBI unlock a terrorist's phone? Apple said yes, but not at the expense of everyone else's security and privacy. The FBI brought a case against Apple to compel it to help its agents break into the iPhone of one of the San Bernardino shooters, who killed 14 people and injured dozens in the terrorist attack in December. Apple refused to help the feds "backdoor" its own product, arguing that it can't crack the encryption, and lodged a formal appeal. The FBI eventually buckled under public pressure, but not before hiring hackers to break into the phone at the last minute. It set in motion a chain reaction of proposed laws and measures to try to ensure that Apple could never be above the law.

c-3-linuxmint.jpg
3 of 18 file photo

Linux Mint 'backdoored' by hacker

Linux Mint remains one of the most popular Linux distributions. That in part made it the target by one hacker, who inserted a backdoor in the operating system and hacked the project's website to trick users into downloading the malicious version. Hundreds of users downloaded the affected build. The hacker, who goes by the name of Peace (who was instrumental in other hacks) explained how he did it.

d-1-swift.jpg
4 of 18 file photo

SWIFT took numerous hits this year

The global financial messaging system, SWIFT, revealed a new security plan in the wake of a massive $81 million cyber heist from a Bangladeshi bank earlier this year. After learning how the system worked, the cyberattackers took the bank's SWIFT code and made a series of transaction requests for cash to be sent from the country's New York-based account to entities across Asia. It was shoddy security at its worst, but lessons were eventually learned.

d-2-trump.jpg
5 of 18 file photo

Trump's organizations were hit again and again

Well, at least something good happened to Trump this year -- for a while, things weren't looking great. The alleged billionaire's hotel chain was attacked twice in as many years -- including once in April. It's not all surprising given that his organization was using horribly insecure and unpatched systems that dated back more than a decade. Then, Trump's presidential campaign leaked the resumes of prospective interns, including their names, addresses, and in some cases sensitive employment details. Let's hope his cybersecurity strategy is better when he's in office.

d-3-linkedin.jpg
6 of 18 file photo

LinkedIn hack hits the headlines — for a second time

If 2016 was anything, it was the year of the repeatedly broken records. LinkedIn was the first of many hack records that was met (and later surpassed) this year. The business networking company was first hit in 2012, but the scale of the attack was only realized this year when the number of records stolen shot up by almost twenty-fold to 117 million accounts. If that wasn't bad enough, most of the passwords were ridiculously bad -- like "123456" and "linkedin." The alleged hacker was eventually caught in the Czech Republic.

d-4-tumblr.jpg
7 of 18 file photo

Tumblr suffers a major hack, leaking 65 million accounts

The social blogging site announced in May that it suffered a security breach, but refused to divulge more. It took investigative journalists to discover that more than 65 million accounts were in the dumped database. Tumblr is owned by Yahoo, which later in the year had its own problems to worry about.

d-6-myspace.jpg
8 of 18 file photo

Myspace, long forgotten, but not your account details

It was the world's biggest social network at one point. But until recently, not many had heard of Myspace in some time. Sadly, for many, it was bad news. A massive hack led 427 million accounts stolen early in the year. The company, now owned by Time Inc., had at the time of the breach, just 50 million visitors per month -- a significant drop from its heyday, but nevertheless a reminder that security can come back to haunt.

e-1-dnc.jpg
9 of 18 file photo

US accuses Russia of political cyberattacks

With just a month before the US election, the White House formally accused the Kremlin of politically motivated hacks -- as if things weren't tense enough. US chief spy James Clapper said that the intelligence community believed that "based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized" hacking activities, such as email leaks on the Democratic campaign. Senior Democrats eventually resigned, and Hillary Clinton's email campaign suffered irreparably -- as the election result proved.

e-2-mailru.jpg
10 of 18 file photo

As Russia hacks, Russian businesses suffer, too

Three hacks in almost as many months. Social networking giant VK.com was hit in June with 171 million accounts stolen, then month later its parent company Mail.ru's forums were bitten by a similarly historical hack. Then, Rambler.ru, a separate company but major internet giant, saw almost 100 million accounts taken in a hack that dated back to 2012. Those hacks combined account for double the population of Russia alone.

e-3-nsa.jpg
11 of 18 file photo

NSA hacking tools were stolen, and auctioned

Hacking tools thought to have been used by NSA for carrying out intelligence gathering and surveillance activities were stolen earlier this year in one of the biggest breaches of classified files since the Edward Snowden affair. These tools, which could break through Fortinet and Cisco firewalls, were later auctioned off by the Shadow Brokers, an unknown seller of the exploits. Thanks to a previous leak of Snowden files, reporters confirmed the exploits belonged to the US government.

e-4-micros.jpg
12 of 18 file photo

Oracle Micros division hit by hackers, throwing payments into disarray

Micros, one of the largest point-of-sale terminal makers, said that hackers had compromised "hundreds of systems" at the company, potentially compromising a portal used by retail clients. Oracle said that the hackers responsible for the breach installed malware on the support portal in an effort to scrape usernames and passwords as they were entered. Those account credentials may be used to remotely administer and access point-of-sale devices located in customers' retail outlets. Oracle bought the company in 2014 for $5.3 billion.

e-5-opera.jpg
13 of 18 file photo

Opera reset passwords after sync server hacked

We put so much faith in our browsers, we don't even realize it. They store our passwords, bookmarks, and even our browsing history. When Opera's synchronization server got hacked, all that faith and trust fell apart. The browser maker, with close to 2 million active users affected by the hack, reset user passwords but was overwhelmingly opaque about the breach, leading to many unhappy customers.

e-6-halwilson.jpg
14 of 18 file photo

Another huge breach of NSA data from a staffer, no less

As if the NSA hadn't suffered enough bad publicity in the past year -- let alone the past three -- one former staffer made headlines with a breach of his own. Harold Martin, a former staffer, stole 50 terabytes of data from the agency, most of it classified. The breach vastly eclipsed what Edward Snowden stole -- thought to be a little over 50,000 files. Though Wilson was initially charged with mishandling classified information, the scale of his theft bumped the charges up to espionage. How did he get all that data through the NSA? By simply walking out the door, sources said.

f-1.jpg
15 of 18 file photo

Yahoo hack breaks all existing records, with over 500 million accounts stolen

Thought Myspace was big? Yahoo went even bigger with over 500 million accounts compromised. It couldn't have come at a worse time as Verizon was bidding for the company's assets. Yahoo said a state was behind it, but that was quickly dismissed. An investigation into the breach is ongoing.

g-2.jpg
16 of 18 file photo

Weebly admits it left the door open for hackers

Another day, another hack. Weebly, the web designing giant, put more over 43 million customers at risk thanks to their own shoddy security. The hacker took records including usernames, email addresses, passwords, and IP addresses -- but passwords were scrambled. The company admitted fault in a statement.

aff-hero.jpg
17 of 18 file photo

Over 400 million users exposed in AdultFriendFinder networks hack

Another day, another hack, same company. Friend Finder Network was hacked for a second time in as many years. The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the "world's largest sex and swinger community." Over 15 million "deleted" accounts that wasn't purged from the databases. The attack happened at around the same time as one security researcher, known as Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server.

h-3.jpg
18 of 18 file photo

Bought a car recently? Anyone might have your personal data

If you bought a car from one of over 100 car dealerships in the past few years, your records may have been taken. Names, addresses, phone numbers, and even social security numbers for both customers and employees for over a hundred car dealerships were left online, all thanks to a centralized records system coupled with shoddy security. Many millions were said to be affected, but the final number isn't known.

Related Galleries

First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

OnlyKey hardware security key
OnlyKey

Related Galleries

OnlyKey hardware security key

SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

iVerify: Added security for iPhone and iPad users
iVerify

Related Galleries

iVerify: Added security for iPhone and iPad users

iStorage datAshur BT hardware encrypted flash drive
iStorage datAshur BT

Related Galleries

iStorage datAshur BT hardware encrypted flash drive

Netgear BR200 small-business router
Netgear BR200

Related Galleries

Netgear BR200 small-business router