Top Cybersecurity Breaches That Happened in 2020

Cyber-attacks pose a significant threat to businesses of all sizes, government agencies, and individual internet users. Recent cyber-attacks have come from hacktivist groups, lone wolf hackers, and nation-states.

The first cyber-attack on record was The Morris Worm in 1988. Robert Tappan Morris, a graduate student at Cornell University, developed a worm program that would crawl the web to count how many computers were connected to the internet. However, the worm installed itself on one in seven computers and forced them to crash, which saw it inadvertently become the first distributed denial-of-service (DDoS) attack. The Morris Worm damaged around 6,000 computers, which then comprised 10% of the entire internet.

In 2002, the first internet attack as we now know it saw a DDoS attack target the 13 Domain Name System (DNS) root servers. The attack could have brought the internet down if allowed to continue and was then the most sophisticated and widescale cyber-attack ever launched.

Recent cyber-attacks have advanced and can affect vast numbers of people. Single attacks now regularly steal the data of hundreds of millions of people.

Below is an overview of some of the most significant cyber-attacks recorded in history.

In October 2013, software company Adobe suffered a cyber-attack in which hackers stole credit card data from nearly 3 million customers. The attack also saw login credential data, including usernames and hashed passwords, of up to 150 million users stolen. Further research into the attack discovered that the hackers had also stolen customer names, identification data, passwords, and more debit and credit card data.

In August 2015, Adobe was ordered to pay legal fees of $1.1 million. It also paid around $1 million to customers in further settlements because of unfair business practices and violating the Customer Records Act.

In May 2019, the graphic design website Canva suffered an attack that exposed email addresses, names, cities of residence, passwords, and usernames of 137 million users. Hackers were also able to view but not steal files that included partial payment and credit card data.

The attackers, known as GnosticPlayers, contacted the technology news website ZDNet to boast about the attack. They claimed to have obtained users’ open authorization (OAuth) login tokens, which are used for logging in via Google.

Canva confirmed the attack, notified its users, and prompted them to update their passwords and reset their OAuth tokens. But a list of 4 million Canva accounts and stolen passwords was later shared online, which resulted in Canva having to invalidate any passwords that remained unchanged.

More than 162 million users’ data—email addresses, hashed passwords, dates of birth, and usernames—was stolen from the video messaging service Dubsmash in December 2018. A year later, the data was made available for sale on dark web site Dream Market as part of a dump of data that also included information from attacks on Armor Games, Coffee Meets Bagel, MyHeritage, MyFitnessPal, and ShareThis.

Dubsmash acknowledged that its systems had been breached and the stolen data put up for sale, and advised users to change their passwords. However, it has not reported how attackers gained access to the data or confirmed the attack scale.

A cyberattack in May 2014 exposed the account list of eBay’s 145 million users. The attack, which exposed user addresses, dates of birth, names, and encrypted passwords, occurred as hackers obtained three eBay employees’ credentials. Attackers gained complete access to the entire eBay network for 229 days.

eBay asked customers to update their passwords, for which it received criticism over its poor communication and password-renewal process implementation. The auction site also advised that financial details, such as credit card information, were stored in a separate location and had not been compromised.

The business social network LinkedIn is a common target for cyber criminals launching social engineering attacks. It has also suffered major cyber attacks that leaked its users’ data.

The first came in 2012, when 6.5 million hashed passwords were stolen then posted on a Russian hacker forum. The attack’s true size was revealed four years later when a hacker was discovered selling 165 million LinkedIn users’ email addresses and passwords for 5 bitcoins, which were then worth around $2,000. LinkedIn acknowledged the breach and reset passwords on all accounts that had been affected.

Collaboration platform Slack was affected in 2015 when hackers gained unauthorized access to the service’s infrastructure. This included a database storing user profile data, such as usernames and hashed passwords. The attackers also injected code that enabled them to steal plaintext passwords when users entered them.

Slack revealed the attack affected around 1% of its users, estimated to be around 65,000 users. It immediately reset their passwords and advised all users to reset their passwords and implement security measures like two-factor authentication (2FA).

Four years later, a Slack bug bounty program revealed a potential compromise of Slack credentials, which it suspected was due to malware or users recycling passwords across online services. It subsequently realized that most of the credentials affected were from accounts that accessed the service during the 2015 incident.

Cyberattacks targeting the internet provider Yahoo are widely acknowledged as the most significant data breaches in history. The state-sponsored attacks, which began in 2013, affected all of Yahoo’s 3 billion users.

In September 2016, Yahoo revealed a 2014 attack that compromised 500 million users’ names, email addresses, telephone numbers, and birth dates. Three months later, the company revealed a breach from 2013, which was carried out by another attacker and compromised its users’ names, email addresses, passwords, dates of birth, and security questions and answers. Yahoo initially estimated that the 2013 attack affected 1 billion users but later changed that to its entire user base of 3 billion people.

Games developer Zynga, which created various popular games that users accessed via Facebook, suffered a massive cyberattack in September 2019. The attack by Pakistani hacker group GnosticPlayers, who also claimed the Canva attack, accessed the database of Zynga games Draw Something and Words With Friends. It compromised the email addresses, hashed passwords, phone numbers, and Facebook and Zynga user IDs of 218 million people.