Skip to main content

The top 10 major hacks of 2013

Over in the States last week, Christmas shoppers got an unwelcome surprise when it was revealed that an in-store scam resulted in the theft of up to 40 million credit and debit card numbers from Target customers.

The retailer urged consumers to keep a close eye on their statements and credit scores, but this is certainly not the first time that shoppers and web users have had to double check their accounts for fraud, or change an Internet password, in 2013.

This year, criminals have targeted servers to secure personal data, or spread malware via phishing schemes in order to take over Twitter and other social media feeds. Government agencies were not immune to breaches, while the US and China had a war of words over whether they were spying on each other.

Mid-year, meanwhile, there was also an uproar over just how much access the US National Security Agency has to phone records, email, and other data, when former contractor Edward Snowden leaked a treasure trove of documents to the press.

It’s certainly been a busy year for hacker and scammers, and so we thought we’d round up the high-profile hacks which made headlines this year. Read on for our top ten security breaches of 2013…


In early October, Adobe revealed that it was the victim of a hack that affected approximately 3 million users. The scammers made off with customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

The software firm also said that "source code for numerous Adobe products" was stolen in a separate intrusion that could be related to the theft of customer information. Later, however, Adobe admitted that the breach actually impacted 38 million users. Oops.

Syrian Electronic Army

The Syrian Electronic Army emerged in September 2012, but it was quite busy this year targeting the social media accounts of various media outlets that the SEA believed was publishing articles sympathetic to Syrian rebels, including the New York Times, the Financial Times, the Guardian, the BBC, and even The Onion. It also managed to take the New York Times website offline in August. (Honourable mention: Hacking the Burger King and Jeep Twitter feeds).

Chinese hackers

In January, the New York Times revealed that it had been the target of Chinese hackers for at least four months. The attackers were reportedly in search of details about sources to whom Times' reporters spoke to for an October story about the wealth of China's prime minister, Wen Jiabao.

The following month, security researchers from Mandiant traced a prolific group of computer hackers to a government-backed, military building in Shanghai, China. The firm said the People's Liberation Army Unit 61398 is located "in precisely the same area" as a section of APT1, an advanced persistent threat (APT) group that has stolen hundreds of terabytes of data from at least 141 organisations worldwide.


Earlier this month, JPMorgan announced that 465,000 individuals using prepaid cash cards issued by the bank may have had their personal data exposed in a breach. JPMorgan notified affected cardholders, about 2 per cent of the total 25 million people who have UCards and used the UCard Centre website between July and September. (Honourable mention: Evernote's March breach and LivingSocial's April hack).


This hack was more amusing than financially devastating for consumers, but it did highlight a weakness in America’s emergency alert system. In February, someone hacked into the Emergency Alert System and announced on KRTV and the CW in Montana that the zombie apocalypse was upon the good citizens of the US. The message kicked off like any other emergency alert – with dialup-esque bleeps and tones and an alert crawl atop the screen. But rather than warning about a weather emergency or some other plausible situation, a menacing voice came on to warn people about zombies. Rest assured, there were no zombies. Not yet, anyway.

US government hacks

Over in the States, the feds were not immune to hackers this year, with several government agencies falling prey to Internet scammers, including the Federal Reserve, the Energy Department, and even the social media accounts of former Secretary of State Colin Powell.

Zuckerberg's wall

If you don't have $100 (£60) to get Mark Zuckerberg's attention, why not hack his Facebook wall? That's what Palestinian security researcher Khalil Shreateh did after he uncovered a glitch in the Facebook matrix that would allegedly allow anyone to post to the Facebook walls of any other user. After Facebook ignored his warnings, he decided to take advantage of the exploit and post details of the bug on the CEO's wall. Facebook later fixed the bug, but declined to give Shreateh a $500 (£300) bug bounty.

Apple developer website

Apple took its developer centre offline in late July, when an alleged hacker attempted to steal personal information from the company's database. While the data was encrypted and "cannot be accessed," Apple said, there was some concern that “developers' names, mailing addresses, and/or email addresses may have been accessed.” An overhauled version of the site came back online in mid-August.

Facebook and Apple malware

In February, Facebook said its security team had discovered that Facebook's systems were "targeted in a sophisticated attack." It happened "when a handful of employees visited a mobile developer website that was compromised," Facebook said. Several days later, Apple made the rare admission that it too was the victim of hackers, attacked by the same online miscreants who targeted Facebook. No customer data was stolen from either company, however.

Anonymous vs North Korea

In April, North Korea's official Twitter and Flickr accounts were hacked, reportedly as part of "hacktivist" group Anonymous' efforts to disrupt the Communist country's web presence. The attackers targeted North Korean leader Kim Jong-un in a series of tweets and photos that portrayed him in a less-than-flattering light.