The Biggest And Most Famous Hacks In History
While the increasing digitalization of commerce and socialization has certainly had its benefits, it has, unfortunately, also had its fair share of drawbacks. One of the biggest negative consequences has been hacks, which can turn people's livelihood upside down in just a few moments. Hackers can target anything, from currency to personal information to passwords and logins, or even healthcare data, and it seems like their tools are only becoming more and more sophisticated.
Today, it sadly seems like hacking is almost a normal part of life, and countless people are becoming victims to elaborate schemes that steal millions. Due to the anonymity of the internet, it can often be incredibly hard to track down hackers and thieves, leaving many of them to escape punishment for their crimes. From huge conglomerates like Meta and Marriott International to smaller companies and even state governments, no one is seemingly out of the reach of nefarious hackers.
According to Chainanalysis, from 2021–2022, hackers stole more than $7 billion in cryptocurrency alone. Theft has always been a problem in America, but this form of looting is a bit more evolved than the train robberies of old. From Reddit to Meta, these are some of the biggest and most famous hacks in history.
Reddit's two hacks
Over the years, Reddit has become one of the largest peer communities on the web and a go-to place for many netizens looking to interact with each other about pretty much anything. Unfortunately, Reddit's large size has also made them the target of various hackers over the years. In 2018, they made news when Reddit announced that they had been hacked that June. Hackers were able to infiltrate their system by getting access to a few Reddit employees' accounts, and they accessed user data from the site dating from 2005–2007.
Nearly five years later, in February 2023, Reddit once again found itself under attack from hackers. This time, the hacking group BlackCat was behind the attack, and they may have taken upwards of 80GB of files. Reddit once again released a statement on the attack on their website, noting that the hackers had appeared to gain access to several internal documents and some code. Luckily, this time they noted that no "non-public data has been accessed... published or distributed online."
However, things took an interesting twist a few months later in June, when it came out that BlackCat was attempting to extort $4.5 million from Reddit in exchange for deleting the data. Reddit had not responded to their multiple overtures, causing BlackCat to go public with their demands. If Reddit refused to pay, they threatened to expose all of the data to the public.
Vladimir Levin hacks Citibank
In 1994, one of the first major cyber thefts happened when a Russian hacking group led by Vladimir Levin attempted to steal millions from Citibank. Levin orchestrated the theft over several months and was one of seven people immediately arrested for their actions. Apparently, he was able to repeatedly hack into the Citibank central computer located on Wall Street and get access to individual accounts. Using his unauthorized access, Levin then transferred money out of the accounts — $10 million in total — and into those of his accomplices.
He completed more than 40 transfers in all, but the authorities were quickly on his tail. As soon as he started his illegal transfers, customers quickly began to notice large amounts of money missing from their accounts. They alerted their bank, which in turn contacted the FBI for help. A sting was set up in San Francisco, California, in late 1994 to catch Russians Yevgeny and Yekaterina Korolkova, who were opening up accounts for Levin in person. The Korolkovas soon flipped on Levin, and he was arrested in London the next year.
Due to their quick thinking, authorities were able to freeze most of Levin's accounts and recovered $9.6 million of what he stole. Levin eventually pleaded guilty in 1998 and was sentenced to three years in prison and nearly a quarter of a million dollars in restitution.
The Melissa Virus of 1999
Not all cases of hacking involve theft or extortion, and in some cases, it seems like chaos is the only motive. That appears to be the case of the infamous Melissa Virus, which took the upstart internet by storm in the late 1990s. The creator of the virus was David L. Smith, a computer programmer who lived in New Jersey at the time. In the end, Smith's virus caused millions in damages and repair costs, and he eventually found himself in federal prison.
The virus started on March 27, 1999, when Smith began distributing Melissa through an American Online (AOL) adult newsgroup. Basically, once someone downloaded the file with Melissa and opened it in their Microsoft Word app, the virus would spread to their Microsoft Outlook email, and send itself to various recipients. Once those recipients downloaded and opened the file the same process would happen, ad infinitum. The virus didn't collect personal information or steal anything, but quickly overloaded hundreds of servers, causing massive internet shutdowns.
Within a week, Smith was arrested after AOL had helped identify him. It was estimated that the Melissa Virus caused as much as $80 million in damages in just a few days. Smith was sentenced to 20 months in federal prison for his crimes, as well as 10 years in state prison — though he only had to serve 20 months of the latter thanks to a deal.
Hackers ruin Christmas for gamers
For millions of young gamers, the 2014 Christmas season was a little bittersweet. While many of them woke up to new consoles and video games on December 25, their joy turned to annoyance and grief pretty quickly. That year, the infamous Lizard Squad hacking group decided to shut down the online gaming networks for two of the largest video game systems: Sony's PlayStation Network and Microsoft's Xbox Live.
By using what is known as a Distributed Denial of Service (DDoS) attack, the Lizard Squad was able to overwork Sony and Microsoft's servers. This prevented real gamers from accessing the networks reliably and consistently, as they were too overloaded with fake internet traffic. The Christmas hacks were not the Lizard Squad's first incident, and they had targeted both PlayStation and Xbox, as well as other video game networks, in the past. Considering that more than 150 million people use the PlayStation and Xbox Live networks, the number of people potentially impacted was massive.
Eventually, both Sony and Microsoft were able to restore the online services within a few days, and they both said that no user information had been leaked or stolen, which was a big relief. The Christmas hacks were very frustrating for gamers around the world, and the Lizard Squad's actual motives are unclear, though the attacks may have been aimed at getting Sony and Microsoft to up their security.
Sony gets hacked over The Interview
Seth Rogen and James Franco are known for making controversial movies, but the international incident they created over 2014's "The Interview" was on a whole other level. The movie spoofs the leader of North Korea, Kim Jong Un, and ends with him getting shot and killed by Franco's character. When the North Korean government heard about the film in June, they immediately demanded that Sony Pictures refrain from releasing the movie. A few months later in November, hackers — suspected to be from North Korea — infiltrated Sony's systems and started stealing data and causing problems.
Sony employees were unable to access their own network, and the hackers got away with several movies and confidential information. Sony somewhat gave in to demands, initially canceling the release of "The Interview" completely. However, that did not stop the hackers, who ended up releasing much of the information online. Journalists immediately picked up the information and began publishing it, in effect doing the hacker's work for them.
Not only did the hackers release mundane email exchanges between Sony executives, but they also released private conversations that put them in an unflattering light. In addition, several Sony movies, including "Annie" and "Fury," were released to movie pirating websites, likely causing millions in lost revenue. Sony would later backtrack and allow for the movie's planned Christmas Day release to go ahead, though in a much more limited fashion.
Yahoo becomes compromised — twice
In both 2013 and 2014, web service provider Yahoo found themselves on the receiving end of two of the biggest hacks in history. The attacks did not come to light until 2016, and when they did they created a firestorm. In the 2014 incident, hackers were reportedly able to get user information on 500 million Yahoo customers. In 2013, it's thought that hackers had access to all of Yahoo's user accounts, which totaled more than 3 billion at the time.
Yahoo did not mention who was responsible for either of the hacks, though they suggested it could have been a hostile foreign government in the case of the 2014 attacks. In both attacks, the perpetrators were able to obtain things like security questions and passwords, which had implications for far more than just accounts on Yahoo. Since things like security questions can be used to help retrieve account information, the hackers could have used the data gleaned from Yahoo to infiltrate accounts on other services.
In 2017, the Department of Justice announced charges for four people, three Russian nationals and a Canadian national, over the 2014 hacks. The DOJ claimed that the defendants were connected with the Russian Federal Security Service (FSB) and that they had also accessed emails from Russian journalists as well as Russian and American officials. Of the four charged, only the Canadian national was apprehended, and he was later sentenced to 5 years in prison.
The JBS meat supplier hack
Typically, when you think of computer hacking, the first targets that come to mind are probably things like banks and credit card companies. However, as JBS Foods found out, they can go after just about anything. In the summer of 2021, JBS found themselves becoming hostage to a group of very insidious hackers who demanded a massive payday. JBS is the largest meat supplier in the world, and on May 31 both their Australian and North American systems were locked.
The hackers are thought to have been either REvil or Sodinokibi, two prominent Russian hacking organizations. They caused an international shutdown in JBS' production for several days until JBS paid out an $11 million ransom. Luckily, JBS claimed that they did not think their data had been stolen or leaked.
In their statement, JBS said that they had already restored their systems by the time they paid the ransom, but did so "to mitigate any unforeseen issues ... and ensure no data was exfiltrated." Incredibly, even with a $200 million security budget, JBS still fell victim to hackers who completely crippled their systems.
The CNA Financial hack
In one of the most costly hacks in recent history, CNA Financial Insurance lost $40 million big ones in March 2021. Hackers were able to shut down CNA's network for several days, including even their main website which was inaccessible for customers. At the time not much information was released about what had happened or what was affected, but in November, CNA revealed a bit about just how much was ultimately compromised. Apparently, not only were names leaked, but the hackers even got sensitive information like Social Security numbers.
CNA was incredibly vague about what had happened but noted that they had already been working with the 75,000 or more customers who were potentially affected by the hack. Due to CNA's lack of transparency, details on the hack are not fully available, but it was another example of a massive ransomware payout being made out of sheer desperation.
CNA isn't exactly a small company, as they have thousands of employees and make more than $10 billion in annual revenue, so it's a bit unsettling to think that even they can become subject to exposure. Hackers initially wanted $55 million, but CNA was able to talk them down to $40 million. It was still a costly hack and one that CNA would likely rather forget.
The 2016 U.S. election hacking
Few events have been as polarizing as the 2016 U.S. election, and much of that has to do with the Russian hacking campaign. In January 2017, just months after the election, the Office of the Director of National Intelligence (DNI) released a report about the hacking (via The New York Times). In the report, the DNI explicitly blamed Russian president Vladimir Putin for the hacking campaign, which he organized to disrupt the election and "undermine public faith in the U.S. democratic process." Not only was Putin involved, but the Russian General Staff Main Intelligence (GRU) was also responsible for the hacking.
The nefarious plot targeted both Donald Trump and Hillary Clinton's presidential campaigns but was not directed at voting machines that actually processed votes. The hackers tried to infiltrate local election voter databases, tried to access Clinton's campaign and the Democratic Congressional Campaign Committee's emails, targeted Republican candidates and the Republican National Committee, and more.
Eventually, Robert Mueller investigated the hacking claims, and he indicted a number of actors. Several of them were either convicted or pleaded guilty, including several people associated with President Donald Trump.
A 15-year-old hacked the Pentagon
For most 15-year-old boys, their concerns are usually related to things like chasing girls, playing sports, and dreaming about driving fast cars — but Jonathan James was not your normal teenager. According to the Department of Justice, In 1999, while his peers were familiarizing themselves with the basics of computers, James was much more advanced and was hacking into NASA and the Defense Threat Reduction Agency. His screen name was "cOmrade," and he created quite a stir at NASA when they realized what he was doing.
James hacked the government several times from June to October, getting away with millions in proprietary software and thousands of Pentagon emails. The systems that James accessed were very secure and contained information regarding both the international space station and the military.
Due to James' hacking, the computers had to be offline for three full weeks, and for his crimes, James received a 6-month jail sentence. Sadly, James died by suicide just a few years later. He had been suspected of hacking into a spate of retailers and had recently had his house raided in connection with it.
If you or someone you know needs support now, call or text 988 or chat 988lifeline.org.
The Marriott International hack
Starting in 2014 and lasting through 2018, Marriott International was victim to one of the worst hacks in history. Marriott's Starwood reservation system was compromised, which allowed hackers to get all kinds of valuable information, including credit cards and other sensitive details. When Marriott first announced the data breach in late 2018, it was thought that as many as 500 million customers had potentially been at risk. Not all of Marriott's resorts were part of the Starwood system, but enough of them were to put a substantial amount of information in jeopardy. Later, it was revealed that hackers gained access to just over 133 million records from Starwood, including passport information.
Predictably, Marriott faced a class-action lawsuit over the data breach, which a judge ruled in May of 2022 was allowed to proceed. The lawsuit alleges Marriott should have known about the data breach sooner and done something to stop it, and that they failed to immediately publicly disclose the problem once they realized it was happening. In February of 2020, former Attorney General William Barr blamed Chinese hackers for the Marriott breach and suggested they may have been the same people connected to the hackers who were indicted over the infamous Equifax breach.
The infamous 2019 Facebook hacks
To put it kindly, 2019 was not a good year for Facebook's cyber security team. First, there was a glitch in their system that allowed for users' phone numbers to be taken. But that was just small potatoes compared to the other breach, which resulted in more than 530 million users' personal data being posted to hacking forums. Both of them occurred in 2019, but Facebook didn't find out about the larger attack until early 2021 when the information was first leaked by hackers.
In a questionable case of ethics, Facebook did not even tell the affected users about the breach, and only acknowledged what had happened after several media outlets reported on it. In their response, Facebook clarified that they had not been "hacked," but rather the data had been "scraped" from their system, instead. They claimed to have fixed the problem that initially led to the hacks, but they did not elaborate on what information was taken. In 2022, Meta was fined €265 million ($277 million) by the Data Protection Commission (DPC) of the EU over the hack.
The Colonial Pipeline ransomware hack
Since the 1960s, Colonial Pipeline has provided a valuable service along the East Coast shipping jet fuel, diesel fuel, and gasoline. However, in May of 2021, their systems came under attack from a group of hackers, who were later revealed to be the Eastern European DarkSide hacking group. As a result of the hacks, Colonial had to close down thousands of miles of pipeline, which caused shortages of fuel in places along the East Coast. Memories of the 1970s oil and gas crises came back to mind, as soon people were piling into gas stations hoping to fill up before the pumps ran dry.
Colonial is responsible for millions of barrels of fuel to its customers all along the coast daily, but the shutdown only caused prices to rise by a few cents. Eventually Colonial had no other choice but to give in to the hackers' demands, giving them almost $5 million worth of Bitcoin. Their systems were shut down for a week over the incident, likely costing them a fortune. The attacks on Colonial raised big fears about the future security of energy resources, with Colonial's vulnerability being a major factor.