Other Threats

Major Cyber Attacks in the Last 5 Years

major cyber attacks

Cyber attacks are planned and coordinated malicious attacks which are carried out with viruses, trojans, or similarly harmful codes. These attacks can be carried out due to various reasons ranging from hacktivism or political reasons to making money or tarnish the reputation of companies.

As cyber attacks may have a purpose, sometimes we also witness attacks that are carried out without any purpose but ego satisfaction. We have compiled some of the major cyber attacks that were performed in the last 5 years and how many users were affected in each.

We would like to note that a total of 2 billion 307 thousand users affected just in the 5 cyber attacks you are going to find in the following.

Adult Friend Finder – October 2016

Affected Users: 412.2 Million Accounts

The FriendFinder Network has been serving millions of users for more than two decades. Unfortunately, this social networking service was the victim of hackers in October 2016 and all their six databases affected by the attack.

Websites such as Penthouse.com, Stripshow.com, Adult Friend Finder were some of the platforms available in the Network. As a result of the attack sensitive and private information about the users such as passwords, names, and email addresses breached.

The biggest fiasco was the breached passwords were hashed with a relatively weak algorithm SHA-1. According to LeakedSource.com, 99% of the passwords cracked with the SHA-1 algorithm.

Marriott International – September 2018

Affected Users: 500 Million Accounts

According to New York Times, a Chinese intelligence group hacked the Starwood guest reservation database of Mariott International in September 2018. Although Marriott, detect unauthorized access and took immediate action, they failed to prevent the breach.

Experts found that the group had unauthorized access to their network since 2014. The attackers copied and encrypted the data and even attempted to remove it. It took two months for Mariott to decrypt the data.

After the decryption, officials learned that the hackers copied the personal and financial information of their guests including payment card numbers and their expiration dates, communication preferences, reservation dates, gender, guest account information, email and physical addresses, phone numbers, passport numbers, dates of birth, and arrival and departure information.

Despite Marriot took the necessary actions to improve the security of its network, it could not avoid the fine charged by Information Commissioner’s Office (ICO) in the United Kingdom. The company fined £18.4 million in 2020 because of failing to keep the personal data of their customers secure.

Dubsmash – December 2018

Affected Users: 162 Million Accounts

Dubsmash is a video messaging service that suffered a cyber attack in December 2018. Informationa such as usernames, passwords, dates of birth of about 162 million users stolen.

People noticed it when the stolen data sold on the dark web market, Dream Market. The company did not make any explanations about the attack or the number of affected accounts.

As a result, 162 million users’ data put on sale. It is one of the biggest cyber attacks of recent years with the massive number of breached user information.

Facebook – April 2019

Affected Users: 533 Million Accounts

Everyone shocked when two datasets of Facebook apps exposed in April 2019. These two datasets included the Facebook IDs, account names, and phone numbers of 530 million Facebook users.

Moreover, in April 2021, this data posted for free on the internet. However, hackers already shared this data publicly on the dark web. Developers developed new tools to check whether the phone numbers of users were in this dataset or not.

LinkedIn – June 2021

Affected Users: 700 Million Accounts

In June 2021, hackers posted 700 million accounts from LinkedIn on a dark web forum. This corresponds to more than 90% of LinkedIn’s user base. A hacker called God User exploited the API of the website and used data scraping techniques to gather all this information.

The hacker shared the data of 500 million users and then put the data of 700 million users on sale.

LinkedIn announced that the data does not contain any sensitive information. The attack was a violation of the terms of service but not a data breach. However, the data sample posted by the hacker included information such as email addresses, phone numbers, social media details, genders, and geolocation records.

Unfortunately, the number of cyber attacks is increasing rapidly every passing year. More and more hackers are organizing and performing attacks for various reasons and purposes.

As MS Cyber Security, we can provide active protection for your datasets, networks, and systems to prevent such incidents that can hurt the reputation of your organisation. You can contact us at any time to discuss the details or receive a free quote.

Back to list