Skip to main content

Last year's 6 most devastating hacks, breaches and security catastrophes

Each year we see bigger and more sophisticated hacks, with the last 12 months being no exception. Since last year, we've seen some of the most high profile hacks in history, which have made regular front page headlines.

The Identity Theft Resource Center recorded 619 breaches on the 2013 ITRC Breach List, an increase of 30 per cent over the total number of breaches tracked in 2012. You can see a summary of the report here.

So let's count down some of the highlights:

6. Target: 70 million credit/debit card details exposed

One of the biggest attacks happened in the last month of 2013, which saw an unknown party (as of now) walk away with the credit and debit card details of what was originally thought to be 40 million people but has recently been found to be over 70 million! That's more than the population of the UK who had their personal and financial details taken by an attack against the store Target.

"We take this matter very seriously and are working with law enforcement to bring those responsible to justice" said Gregg Steinhafel, CEO of Target.

This may sound like a huge attack when considering the numbers, but when you consider the impact, 2013 has had much more tricky hacks with more victims than originally thought.

5. Adobe: 150 million exposed account credentials

In October, Adobe stated that it had been the victim of a cyber attack that affected over 38 million customers.

"So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords and credit card details for approximately 38 million active users," said Adobe spokeswoman Heather Edel.

Adobe first stated ColdFusion and Acrobat source code had been stolen and later Photoshop too, but this was far from the end. It was later discovered that users passwords were compromised, no surprise with passwords such as 'password', 'photoshop', '1234' and the ever so popular 'qwerty'.

What made these hacks worse than originally reported, was the discovery that many users had mirrored their passwords across multiple accounts. As a result, social media networks like Facebook, which has over a billion users, advised its users to change their passwords. Reports are now surfacing that the Adobe hack affected numbers as high as 150 million, almost four times Adobe's original statement.

4. The Adobe domino effect

The ripples of this attack continued through into November where even Evernote told its 50 million users to change their passwords:

"The list of compromised Adobe accounts has been uploaded to the web. We compared this list to our user email addresses and found that the email address you used to register for an Evernote account is on the list of exposed Adobe accounts," adding that "Evernote has not been compromised and is not connected to this incident, but if you used the same password for Adobe and Evernote, then you should change your Evernote password now."

Facebook, Linkedin and other online services security was then called back into question when a botnet known as "Pony" was discovered by the security firm Trustwave. The botnet had collected sensitive information from users in as many as 102 countries and compromised over 2 million passwords, forcing the online services to reset many of its users passwords.

3. A different type of attack

2013 also brought a different type of attack, with just as much power. The web-based protest group Syrian Electronic Army famously assaulted the Twitter accounts of many media companies. They took on and took down accounts belonging to the BBC, the Associated Press and many others. Their objective was successful, to raise awareness about its cause with high-profile messages.

In one of the hacks, they took control of the Associated Press and claimed that there was an explosion at the White House. The chaos they caused was enough to gain the attention of the FBI, particularly when they managed to take over the accounts of President Obama.

The FBI gave the following statement: "Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security," adding that "If you detect anomalous or malicious traffic or network behaviour, please contact your local FBI Cyber Task Force."

2. Edward Snowden and the NSA

You can't tell the story of 2013 without the Snowden scandal. It was known as the worst data breach of 2013, former NSA contractor Edward Snowden leaked information about the extent of the US intelligence community's Internet surveillance.

The reason this breach is mentioned is not one that has not been explored as much as it should have been: how was Snowden able to get all that information?

What many people don't know is that he worked part-time for an outside defence contractor, he didn't work for any government agencies. So how did someone with so little connection to the NSA gain so much top-secret information so quickly? This raises some serious questions about the US government's ability to secure its confidential information.

1. Our MUSCULAR Big Brother broke into Google

This moves on to the revelation of the next big breach; the NSA's spying program, MUSCULAR, which may have been the most powerful impact of any breach in 2013.

According to the, CEO of Rook Security J.J. Thompson, the MUSCULAR programme involved intercepting data from Yahoo and Google private clouds where the data was unencrypted. The data collected included email, pictures, video, text documents, spreadsheets, and many other file types.

This revelation led Google and many other companies to take a stronger stance against the NSA's spying programs. J.J. Thompson stated:

"And, along with Microsoft, has begun encrypting its internal network traffic. These and other major tech companies are using every resource at their disposal to fight the NSA including public relations and lobbying efforts. It is likely the greatest level of national attention ever paid to a security incident."

Ed Jones is a marketing executive at Firebrand Training.