Search
  • Videos
  • Enterprise Software
  • Windows 10
  • Cloud
  • AI
  • Security
  • TR Premium
  • more
    • 5G Guide
    • Build a Website
    • Hardware
    • Innovation
    • Best Smartphones
    • Executive Guides
    • Best VPN Services
    • Web Hosting
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
  • Newsletters
  • All Writers
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Enterprise Software
    • Windows 10
    • Cloud
    • AI
    • Security
    • TR Premium
    • 5G Guide
    • Build a Website
    • Hardware
    • Innovation
    • Best Smartphones
    • Executive Guides
    • Best VPN Services
    • Web Hosting
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet China
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan

These are the worst hacks, cyberattacks, and data breaches of 2018

8 of 24 NEXT PREV
  • UK government website cryptojacking

    UK government website cryptojacking

    February: Over 4,000 websites, including UK government, US, and Australian services, all experienced the same security issue at once due to a vulnerable third-party plugin used for website accessibility. Countless website visitors became victims of cryptojacking, in which their CPU power was used without consent to mine for cryptocurrency.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Ticketmaster

    Ticketmaster

    February -- June: Third-party code on Ticketmaster's web domain was compromised, leading to the implant of credit card skimming malware on the domain. Up to 40,000 UK and international customers are believed to have been affected, with information including names, addresses, email addresses, telephone numbers, payment details, and Ticketmaster login details involved in the breach.

    Researchers later connected the cyberattack to the Magecart campaign.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Under Armour

    Under Armour

    March: Under Armour, a seller of fitness apparel, revealed that the firm's MyFitnessPal mobile app had been hacked, leading to the compromise of 150 million accounts. Usernames, email addresses, and hashed passwords were stolen, and while financial data was not affected, users were required to immediately change their passwords.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Aadhaar

    Aadhaar

    March: Aadhaar, India's national ID database, contains the information of at least 1.1 billion Indian citizens. A data leak which originated from a state-owned utility company allowed anyone to download information belonging to all Aadhaar holders, including their private data and financial details.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Facebook, Cambridge Analytica

    Facebook, Cambridge Analytica

    March: The Facebook -- Cambridge Analytica scandal was one of the largest this year with severe consequences that are still being felt by the companies and regulators alike.

    In total, information belonging to up to 87 million users was improperly shared by a developer with Cambridge Analytica for the purpose of voter profiling. It has been suggested that this may have been used to spread propaganda and help elect US President Trump.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • British Airways

    British Airways

    April -- July: British Airways leaked data belonging to hundreds of thousands of customers who used a credit card to make reward bookings between April and July. The compromised information included names, billing addresses, email addresses, and payment information including card numbers, expiry dates, and CVV security codes.

    The leak was uncovered following the Ticketmaster breach. It is believed the hack was the work of Magecart, which has also claimed victims including Newegg, Feedify, and broadcaster ABS-CBN.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Rail Europe

    Rail Europe

    May: Rail Europe, a company which sells tickets for trips around the bloc, suffered a three-month-long data breach caused by credit-card skimming malware. Credit card numbers, expiration dates, and CVV card verification codes were all stolen during the covert campaign, and while the company did not reveal exactly how many customers were involved, Rail Europe accounted for five million customers last year.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • TeenSafe

    TeenSafe

    May: TeenSafe. a mobile app which touts itself as a "secure" monitoring app for iOS and Android aimed at parents, was responsible for two servers which were publicly exposed, leaking parental email addresses, child Apple IDs, device names, and device identifiers.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Dixons Carphone

    Dixons Carphone

    June: Dixons Carphone uncovered a data breach which at first appeared small, despite going undetected for roughly a month. The company thought that 1.2 million customers had been affected but this number was later revised to 10 million. Personal and payment card information was stolen.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Ticketfly

    Ticketfly

    June: Ticketfly pulled its website offline on the basis that the event seller believed there had been a cyberattack -- a premise which turned out to be correct. The company said that information had been leaked which belonged to roughly 27 million customer accounts and included names, email addresses, physical addresses, and phone numbers.

    A hacker believed to be responsible attempted to blackmail Ticketfly a single Bitcoin to keep the data from spreading.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • MyHeritage

    MyHeritage

    June: In June, MyHeritage revealed the discovery of a file containing 92.2 million account records, including email addresses and scrambled passwords which was made public and published online. The data related to all user accounts up to and including to October 26, 2017, but the hack was not uncovered until much later.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Exactis

    Exactis

    June: You would be forgiven for not knowing of Exactis, a marketing and data aggregation company, but the firm's name became somewhat well-known following a data breach which exposed 340 million records on a publicly accessible server.

    Close to two terabytes of information were available in the public domain, including a range of data on US citizens and businesses.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • SingHealth

    SingHealth

    July: Singapore suffered the "most serious" data breach in the country's history this year when healthcare institutions group SingHealth's networks were compromised.

    In total, over 1.5 million healthcare patient records, including one belonging to Prime Minister Lee Hsien Loong, were stolen. Data including patient names, national identification numbers, addresses, genders, and dates of birth were compromised.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Hackers go old school

    Hackers go old school

    July, give or take a decade: Yale University disclosed a security breach which impacted 119,000 members of Yale, alumni, faculty members, and staff -- but the incident took place between 2008 and 2009. Names, Social Security numbers, physical addresses, and dates of birth were all exposed.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Timehop

    Timehop

    July: Timehop, a past social media content display platform, revealed a security breach which exposed information in a database belonging to 21 million users. In total, 4.7 million phone numbers were breached, alongside usernames and email addresses.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Polar Flow

    Polar Flow

    July: Polar Flow, a popular fitness application, contained a security flaw which permitted anyone to improperly query a developer API. It was later discovered that this security hole could be used to track military personnel who made use of the mobile app.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Student medical records

    Student medical records

    August: A data breach deemed "appalling" affected students at a Melbourne high school, in which their confidential medical and behavioral records were published online. Over 300 records were leaked, and in some cases, contained descriptions of medical conditions, medication, and learning difficulties.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Air Canada

    Air Canada

    August: Air Canada experienced a security problem with its mobile app, in which an unauthorized threat actor was able to compromise the system. As a result, information belonging to roughly 20,000 customers was exposed -- and this included passport numbers.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • T-Mobile

    T-Mobile

    August: T-Mobile detected unauthorized entry into the carrier's network, and although the intruder was quickly booted out, this was not before the attacker was able to access customer data. Roughly three percent of its 77 million customers -- or approximately 2 - 2.5 million customers -- were impacted, with information including customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types exposed.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Facebook's network breach

    Facebook's network breach

    September: If dealing with the aftermath of Cambridge Analytica was not enough, a vulnerability in Facebook's code permitted attackers to steal authentication tokens. Information including names, contact details, cities, device types, places of work, and more was also stolen from some users.

    Original estimates pegged the theft as impacting 50 million users, which were later revised to 30 million.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • ISP, web traffic hijacks

    ISP, web traffic hijacks

    October -- November: During these months, a spate of ISP and Internet infrastructure attacks emerged. Researchers claim that China has been hacking the backbone of the Western Internet for years, Cambodian ISPs were struck with some of the largest Distributed Denial-of-Service (DDoS) attacks in the country's history, Google traffic was hijacked by a small ISP in Nigeria, and Telegram traffic was attacked in Iran.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Canada Post

    Canada Post

    November: Information relating to roughly 4,500 customers of the Ontario Cannabis Store (OCS) was improperly shared and leaked, including the names or initials of nominated signatories, postcodes, dates of delivery, reference numbers, Canada Post tracking numbers, and OCS corporate names and business addresses.

    While the breach was small, the sensitive subject matter -- and the recent decision to make recreational cannabis legal in Ontario, Canada -- made the incident stand out. It may now be legal, but that does not mean smokers would be happy with others knowing about their recreational use.

    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Amazon

    Amazon

    November: As is often the case with the most well-known companies, if a security incident occurs, they will often give out information which is necessary -- but no more. Amazon followed this pattern, admitting that a "technical error" had exposed the names and email addresses of some customers, but did not go any further into detail.

    Despite a lack of concrete information, when a company such as Amazon has a security lapse, it is certainly of note.

    Security

    • 2020 is when cybersecurity gets even weirder, so get ready
    • FBI recommends that you keep your IoT devices on a separate network
    • A decade of malware: Top botnets of the 2010s
    • How to prevent a ransomware attack (ZDNet YouTube)
    • Best home security of 2019: Professional monitoring and DIY (CNET)
    • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

  • Google+

    Google+

    In late December, Google revealed a fresh bug in the Google+ API which had the potential to permit attackers to steal private data belonging to close to 52.5 million users. This discovery pushed the Google+ closure data forward from August to April 2019.

    Read on: ZDNet

    Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

    Caption by: Charlie Osborne

8 of 24 NEXT PREV
Charlie Osborne

By Charlie Osborne for Zero Day | November 30, 2018 -- 14:19 GMT (06:19 PST) | Topic: Security

  • UK government website cryptojacking
  • Ticketmaster
  • Under Armour
  • Aadhaar
  • Facebook, Cambridge Analytica
  • British Airways
  • Rail Europe
  • TeenSafe
  • Dixons Carphone
  • Ticketfly
  • MyHeritage
  • Exactis
  • SingHealth
  • Hackers go old school
  • Timehop
  • Polar Flow
  • Student medical records
  • Air Canada
  • T-Mobile
  • Facebook's network breach
  • ISP, web traffic hijacks
  • Canada Post
  • Amazon
  • Google+

Millions of records were lost, services were disrupted, and credit card data was stolen as hackers ran amok over the year.

Read More Read Less

TeenSafe

May: TeenSafe. a mobile app which touts itself as a "secure" monitoring app for iOS and Android aimed at parents, was responsible for two servers which were publicly exposed, leaking parental email addresses, child Apple IDs, device names, and device identifiers.

Security

  • 2020 is when cybersecurity gets even weirder, so get ready
  • FBI recommends that you keep your IoT devices on a separate network
  • A decade of malware: Top botnets of the 2010s
  • How to prevent a ransomware attack (ZDNet YouTube)
  • Best home security of 2019: Professional monitoring and DIY (CNET)
  • How to control location tracking on your iPhone in iOS 13 (TechRepublic)
Published: November 30, 2018 -- 14:19 GMT (06:19 PST)

Caption by: Charlie Osborne

8 of 24 NEXT PREV

Related Topics:

Security TV Data Management CXO Data Centers
Charlie Osborne

By Charlie Osborne for Zero Day | November 30, 2018 -- 14:19 GMT (06:19 PST) | Topic: Security

Show Comments
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • 1 of 3
  • The Nightmare in Silicon Valley: 8 horror technologies that should scare you to death

    Every night is fright night with what can happen once these scary technologies take hold in ways that you may not have imagined.

  • Julia programming language, cloud computing, cybersecurity worries: Research round-up

    All the facts and figures that matter to you and your business from the past month in technology news.

  • YubiKey 5Ci: USB-C and Lightning Security Key

    The world’s first Lightning-compatible security key

  • 10 Linux distros: From different to dangerous

    One of the great benefits of Linux is the ability to roll your own. Throughout the years, individuals, organizations, and even nation states have done just that. In this gallery, we're ...

  • 2019's tech, security, and authentication trends

    We take a look at the top tech, cybersecurity, and authentication trends as revealed today by the Duo Security's 2019 Trusted Access Report, which includes data from 24 million devices, ...

  • The world's most famous and dangerous APT (state-developed) malware

    A list of the most dangerous, effective, and most well-known malware strains that have been developed by the cyber-security units of various countries' intelligence and military ...

  • Best-paid tech jobs, malware warnings and shadow IT: Research round-up

    All the facts and figures that matter to you and your business from the past month in technology news.

ZDNet
Connect with us

© 2019 CBS Interactive. All rights reserved. Privacy Policy | Cookies | Ad Choice | Advertise | Terms of Use | Mobile User Agreement

  • Topics
  • All Authors
  • Galleries
  • Videos
  • Sponsored Narratives
  • About ZDNet
  • Meet The Team
  • Site Map
  • RSS Feeds
  • Reprint Policy
  • Manage | Log Out
  • Join | Log In | Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy
  • TechRepublic Forums