From the widely-publicized hack of the Democratic National Committee to the disclosure of just how large the 2013 and 2014 Yahoo attacks were, hacking made even more headlines in 2016 than the year before. It’s clear that as people spend more time online and store more personal data in websites and apps, their private information is becoming more vulnerable to hackers.
Learning from past mistakes is important, so let’s look into the top 10 most significant hacks of 2016.
It was revealed in May that over 360 million Myspace emails and passwords were up for sale on an online hacker platform. The original attack took place in 2013 and while many of the accounts are now inactive, it is likely that many users used the same email or password for other online accounts. Any duplicates make users’ other accounts vulnerable, even if they haven’t used Myspace since its heyday in 2007.
In August, Reuters reported that Bitfinex, a Hong Kong-based Bitcoin exchange, lost 120,000 units of Bitcoin worth $72 million to hackers. Bitfinex, which is the world’s largest Bitcoin exchange, reported that the money was stolen directly from users’ segregated accounts. The news caused the value of Bitcoin to plummet by 23%. To date, the exchange still does not know how the hackers were able to access the users’ accounts and still does not have a plan to address customer losses.
Opera, a browser business that recently sold to a Chinese consortium, was the target of a hack in August 2016. The hackers gained access to Opera Sync, which allows users to synchronize their browser data and settings across devices and obtained the login information of 1.7 million users. While the passwords were encrypted, hackers could still view users’ emails and names. The company has since reset all passwords and emailed all registered Opera sync users with details.
LeakedSource revealed that the website design platform Weebly was hacked in February, compromising the information of over 43 million users. The information included usernames, email addresses, well-encrypted passwords and IP addresses. Weebly immediately responded to the attack by making significant changes to their security and working with vulnerable customers to protect their information.
While the original hack of microblogging and social networking website Tumblr occurred in 2013, the full scale of the information obtained from Tumblr’s servers wasn’t revealed until 2016. In May, over 65 million Tumblr email addresses and encrypted passwords were put for sale on the darknet marketplace “The Real Deal.” This type of information is being called “historical mega breaches” — recently released data that was obtained several years before. This suggests that there may be other large hacks that are affecting users but haven’t been revealed yet.
Another in a string of historical mega breaches, Dropbox’s servers were hacked in 2012. At the time, the company said that a small number of emails had been compromised and worked with those who they thought had been affected to protect their accounts. However, in August 2016, Motherboard reported that 68 million emails and passwords were stolen, thanks to a tip by the data breach notification service Leakbase. While the passwords were secured, Dropbox encouraged all users who hadn’t changed their passwords since 2012 to take security steps to protect their accounts.
Like Dropbox, the original hack to LinkedIn’s servers happened in 2012. At the time, 6.5 million hashed passwords stolen from the site appeared on an online forum. However, in 2016, the hacker “Peace” put 117 million LinkedIn emails and hashed passwords for sale on the darknet marketplace site “The Real Deal,” making the scale of the attack almost 20 times larger than originally thought. A source told Motherboard that they had cracked 90% of the passwords within 72 hours after the encrypted information was posted.
Online “sex and swinger community,” AdultFriendFinder.com, was the target of one of the largest single data breaches in history in November 2016. 339 million customers’ emails, IP addresses and passwords were compromised in the attack. The passwords were stored in either plain text or a discredited encryption, making the information very easy for hackers to exploit. This was the second breach that the site had in the past few years — in May 2015, 3.5 million users had their personal data and preferences stolen.
In yet another historical mega breach, Yahoo was subject to separate attacks in 2013 and 2014. The company disclosed the attacks in 2016, announcing that sensitive user information including names, phone numbers, dates of birth, passwords and security questions were leaked. The 2014 attack compromised over 500 million accounts, while the 2013 hack left over 1 billion users information at risk. The two attacks are the largest breaches to a single company’s network in history.
1. Democratic National Committee
In what was the most publicized series of attacks in 2016, the Democratic National Committee was hacked multiple times throughout the presidential election cycle. In July, hackers leaked 20,000 emails from key Democratic National Committee (D.N.C.) staffers to WikiLeaks. The aftermath, based on the content of the e-mails, saw the resignation of several top players including D.N.C. chair Debbie Wasserman Schultz. In a separate incident in August, hackers also released the personal details, addresses and phone numbers of nearly 200 House Democrats, as well as documents that appear to have been taken from Senator Nancy Pelosi’s computer.