15 biggest hacks of the 2010s
These massive hacks had broad reach and cost companies billions
Hacking has long been synonymous with mysterious individuals exploiting weaknesses within targeted computer systems or networks. While the motivation behind specific hacks and data breaches vary, rarely does a hack go without impacting a number of users.
As one would imagine, there have been plenty of hacks over the years. Of course, various governments and organizations have responded to these hacks in a myriad of ways.
Here, in one convenient place, we’ve gathered some of the biggest hacks, breaches and security news of the 2010s. From the infamous DNC hack to the Ashley Madison data breach, there’s no shortage of interesting stories among this list.
2010
Stuxnet
First uncovered in 2010, Stuxnet was a worm allegedly created by the U.S. government and Israel and used to destroy centrifuges in an Iranian nuclear enrichment facility.
Stuxnet initially targeted Microsoft Windows by chaining four so-called zero-day vulnerabilities together. Then, the worm searched for an industrial control software called Siemens Step7 on the compromised network. From there, Stuxnet manipulated programmable logic controllers that were responsible for automating industrial processes.
Though Stuxnet was geared toward the Iranian nuclear program, there’s no doubt the worm could have targeted other industrial settings as well.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The “press release” hackers
Between 2010 and 2015, a group of five Eastern European men hacked several newswire services. In doing so, the group stole an astounding number of soon-to-be-announced press releases.
This might sound like a waste of time, but it ended up being one of the smartest hacks in history because the group used the insider knowledge to earn upward of $100 million in profits. Fortunately, the Department of Justice and the Securities Exchange Commission caught wind of their scheme and cracked down on the group's members in 2016.
2011
Sony PlayStation hack
In the spring of 2011, Sony announced hackers had stolen personally identifiable information and financial details for 77 million PlayStation Network users.
The hack was catastrophic and led the company to shut down the Sony PlayStation Network for 23 days while engineers addressed the breach. Not only did the company face lost profits due to the outage, but it was also hit with a number of class-action lawsuits.
2013
Edward Snowden
You’re likely familiar with Edward Snowden, so we’ll just get to the point. The Snowden leaks exposed a global surveillance network that the U.S. and its Five Eyes partners coordinated just after the Sept. 11 attacks.
Snowden's revelations led countries like China, Russia and Iran to form their own surveillance operations and effectively ramp up worldwide foreign intelligence-gathering efforts.
Target
In December 2013, retail giant Target admitted that malware planted on its stores' systems helped hackers collect roughly 40 million users’ financial details. While POS malware was nothing new, this was the first time a major retailer suffered such a large breach.
More recently, the Latvian computer programmer responsible for designing a program that helped hackers improve malware used in the breach was sentenced to 14 years in prison.
2014
North Korea takes on Sony
If the hack of Sony Pictures in 2014 taught us anything, it was that North Korea has some pretty good hackers. Carried out by the Guardians of Peace -- later referred to as the Lazarus Squad -- the hack’s purpose was to force the studio to cancel the release of The Interview, a comedy about an assassination plot against North Korea's leader Kim Jong-un.
When Sony refused, the hackers opted to destroy the company’s internal network and leak sensitive data online.
Celebgate
Celebgate is an example of what happens when hackers use password-reset emails and to perpetrate spear-phishing scams.
By using fake password-reset emails targeting celebrities, a small group of hackers gained access to the accounts of some of Hollywood’s most well-known stars. The hackers then released sensitive photos of their unsuspecting victims on 4chan.
This led to the photos being shared on other platforms, such as Imgur and Reddit.
2015
Ashley Madison hack
Hacker group Impact Team chose to deal with adultery in its own way. With the release of Ashley Madison’s internal database, hackers aired many people's dirty laundry by exposing their potential affairs.
Unfortunately, the hack resulted in a number of extortion attempts and even the suicide of a pastor and seminary professor.
Ukraine power grid attacks
The cyberattack on the Ukrainian power grid in December 2015 resulted in power outages across western Ukraine. It also marked the first successful attack on a power grid's control network.
The attack employed a piece of malware known as Black Energy and was followed by a similar attack the next year. In December 2016, the second attack used a more complex piece of malware, Industroyer, to successfully cut off power to a fifth of Ukraine's capital.
2016
Panama papers
In April 2016, many of the world's leading investigative journalists exposed how some of the world's richest people were using tax havens to avoid paying income taxes.
Referred to as the Panama Papers, many believe the data exposed came from a hacker who exploited flaws in Panamanian law firm Mossack Fonseca’s outdated websites to gain access to its internal network.
The DNC hack
The DNC hack is the gift that keeps on giving. In the spring of 2016, the Democratic National Committee admitted it suffered a security breach after a hacker began publishing emails and documents from within the organization's servers. It has since been discovered that the DNC was hacked by two Russian cyberespionage groups. Data stolen in the attack was later used to sway the 2016 election.
Four years later, the DNC hack continues to make headlines.
Yahoo
In 2016, Yahoo disclosed it was the victim of multiple major hacks that exposed over a billion Yahoo users’ data. According to the company, it had experienced a breach in 2014 that affected at least 500 million accounts. Then, in December of that same year, the company detailed a 2013 attack that exposed at least one billion user accounts.
After Verizon’s purchase of Yahoo in 2017, Verizon claimed that the 2013 attack impacted each of Yahoo’s three billion users. In April 2019, Yahoo agreed to pay $117.5 million to settle a class-action lawsuit over the handling of the hacks.
2017
Equifax
Caused by the company failing to patch a critical server, the 2017 Equifax hack impacted the personal data of more than 145.5 million American, British and Canadian citizens.
In February 2020, the U.S. government indicted four members of China's People's Liberation Army for hacking into Equifax as part of a massive heist that also included stealing trade secrets. The Communist Party of China has denied these claims.
2018
Cambridge Analytica hack
Just one of Facebook’s many scandals, the Cambridge Analytica hack exposed how data analytics companies were abusing Facebook's user data to create profiles they'd later sell to political parties in hopes of manipulating elections.
2019
Capital One hack
Disclosed in July 2019, the Capital One hack impacted upward of 100 million Americans and six million Canadians. Fortunately, it’s believed the data from the breach wasn't publicly shared en-masse, so most users impacted by it are likely safe.
As of May 2020, the investigation is still ongoing. The suspect involved in the hack was a former Amazon Web Services employee who’s been accused of illegally accessing Capital One's AWS servers to retrieve mass amounts of customer data.