Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.
This was the year when many historical hacks came back to bite millions just as they were least expecting it. The uptick in delayed reporting contributed to almost 3,000 publicly data breaches this year alone -- exposing more than 2.2 billion records. And the year isn't even over yet.
Even as we approach December 31, there's no sign of it ending. Let's take a look back at some of the biggest -- and most dangerous -- hacks and leaks so far.
Should Apple help the FBI unlock a terrorist's phone? Apple said yes, but not at the expense of everyone else's security and privacy. The FBI brought a case against Apple to compel it to help its agents break into the iPhone of one of the San Bernardino shooters, who killed 14 people and injured dozens in the terrorist attack in December. Apple refused to help the feds "backdoor" its own product, arguing that it can't crack the encryption, and lodged a formal appeal. The FBI eventually buckled under public pressure, but not before hiring hackers to break into the phone at the last minute. It set in motion a chain reaction of proposed laws and measures to try to ensure that Apple could never be above the law.
Linux Mint remains one of the most popular Linux distributions. That in part made it the target by one hacker, who inserted a backdoor in the operating system and hacked the project's website to trick users into downloading the malicious version. Hundreds of users downloaded the affected build. The hacker, who goes by the name of Peace (who was instrumental in other hacks) explained how he did it.
The global financial messaging system, SWIFT, revealed a new security plan in the wake of a massive $81 million cyber heist from a Bangladeshi bank earlier this year. After learning how the system worked, the cyberattackers took the bank's SWIFT code and made a series of transaction requests for cash to be sent from the country's New York-based account to entities across Asia. It was shoddy security at its worst, but lessons were eventually learned.
Well, at least something good happened to Trump this year -- for a while, things weren't looking great. The alleged billionaire's hotel chain was attacked twice in as many years -- including once in April. It's not all surprising given that his organization was using horribly insecure and unpatched systems that dated back more than a decade. Then, Trump's presidential campaign leaked the resumes of prospective interns, including their names, addresses, and in some cases sensitive employment details. Let's hope his cybersecurity strategy is better when he's in office.
If 2016 was anything, it was the year of the repeatedly broken records. LinkedIn was the first of many hack records that was met (and later surpassed) this year. The business networking company was first hit in 2012, but the scale of the attack was only realized this year when the number of records stolen shot up by almost twenty-fold to 117 million accounts. If that wasn't bad enough, most of the passwords were ridiculously bad -- like "123456" and "linkedin." The alleged hacker was eventually caught in the Czech Republic.
The social blogging site announced in May that it suffered a security breach, but refused to divulge more. It took investigative journalists to discover that more than 65 million accounts were in the dumped database. Tumblr is owned by Yahoo, which later in the year had its own problems to worry about.
It was the world's biggest social network at one point. But until recently, not many had heard of Myspace in some time. Sadly, for many, it was bad news. A massive hack led 427 million accounts stolen early in the year. The company, now owned by Time Inc., had at the time of the breach, just 50 million visitors per month -- a significant drop from its heyday, but nevertheless a reminder that security can come back to haunt.
With just a month before the US election, the White House formally accused the Kremlin of politically motivated hacks -- as if things weren't tense enough. US chief spy James Clapper said that the intelligence community believed that "based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized" hacking activities, such as email leaks on the Democratic campaign. Senior Democrats eventually resigned, and Hillary Clinton's email campaign suffered irreparably -- as the election result proved.
Three hacks in almost as many months. Social networking giant VK.com was hit in June with 171 million accounts stolen, then month later its parent company Mail.ru's forums were bitten by a similarly historical hack. Then, Rambler.ru, a separate company but major internet giant, saw almost 100 million accounts taken in a hack that dated back to 2012. Those hacks combined account for double the population of Russia alone.
Hacking tools thought to have been used by NSA for carrying out intelligence gathering and surveillance activities were stolen earlier this year in one of the biggest breaches of classified files since the Edward Snowden affair. These tools, which could break through Fortinet and Cisco firewalls, were later auctioned off by the Shadow Brokers, an unknown seller of the exploits. Thanks to a previous leak of Snowden files, reporters confirmed the exploits belonged to the US government.
Micros, one of the largest point-of-sale terminal makers, said that hackers had compromised "hundreds of systems" at the company, potentially compromising a portal used by retail clients. Oracle said that the hackers responsible for the breach installed malware on the support portal in an effort to scrape usernames and passwords as they were entered. Those account credentials may be used to remotely administer and access point-of-sale devices located in customers' retail outlets. Oracle bought the company in 2014 for $5.3 billion.
We put so much faith in our browsers, we don't even realize it. They store our passwords, bookmarks, and even our browsing history. When Opera's synchronization server got hacked, all that faith and trust fell apart. The browser maker, with close to 2 million active users affected by the hack, reset user passwords but was overwhelmingly opaque about the breach, leading to many unhappy customers.
As if the NSA hadn't suffered enough bad publicity in the past year -- let alone the past three -- one former staffer made headlines with a breach of his own. Harold Martin, a former staffer, stole 50 terabytes of data from the agency, most of it classified. The breach vastly eclipsed what Edward Snowden stole -- thought to be a little over 50,000 files. Though Wilson was initially charged with mishandling classified information, the scale of his theft bumped the charges up to espionage. How did he get all that data through the NSA? By simply walking out the door, sources said.
Another day, another hack. Weebly, the web designing giant, put more over 43 million customers at risk thanks to their own shoddy security. The hacker took records including usernames, email addresses, passwords, and IP addresses -- but passwords were scrambled. The company admitted fault in a statement.
Another day, another hack, same company. Friend Finder Network was hacked for a second time in as many years. The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the "world's largest sex and swinger community." Over 15 million "deleted" accounts that wasn't purged from the databases. The attack happened at around the same time as one security researcher, known as Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server.
If you bought a car from one of over 100 car dealerships in the past few years, your records may have been taken. Names, addresses, phone numbers, and even social security numbers for both customers and employees for over a hundred car dealerships were left online, all thanks to a centralized records system coupled with shoddy security. Many millions were said to be affected, but the final number isn't known.