From the DNC to Mark Zuckerberg -- Here Are the Worst Hacks of 2016
This year, hacking group OurMine has successfully broke into accounts of major public figures -- including Mark Zuckerberg, Sundar Pichai and Jack Dorsey -- who ironically are the world’s top tech executives (and Katy Perry).
Although these attacks pose a threat to personal information and data, most of these incidents have been harmless and, in fact, funny. On its website, the hacking collective OurMine states: “We have no bad intentions and only care about the security and privacy of your accounts and networks.” So far, this statement stands true, as the group positions itself as a security company offering services to help rather than harm online privacy.
For the majority of these high-profile hacks, the group posts variations of “we are just testing your security” and tagging themselves.
In July, matters got serious. Rather than another silly OurMine attack on a tech exec, state-sponsored hackers hijacked a computer network used by Hillary Clinton’s campaign -- which may pose a “national security threat,” some sources say.
In August, the hacking trend seemed to be shifting from mischievous to dire. Last month, thieves broke into the second largest Bitcoin exchange and stole more than $65 million worth of the cryptocurrency. Just a few weeks ago, Russian hackers breached more than 330,000 cash registers at restaurants, stores and hotels.
The star for this week’s “hack of the week” is the World Anti-Doping Agency, whose break-in exposed medical records of U.S. Olympians Simone Biles and the Williams sisters.
Regardless of the hackers' intentions -- good or bad -- the number of attacks is a growing concern. From Zuckerberg to Google’s Puchai to the Democratic party, the list goes on. Check out these big hacks of 2016.
Hacking group Our Mine did it again … but not in its usual fashion. This time, the group allegedly broke into Sony Music’s Twitter account and declared the “Hit Me Baby One More Time” singer as dead, reports PCMag. That’s right, the sneaky group posted to Sony’s account and told its 614,000 followers that “britney spears is dead by accident!” They also went so far as to create the hashtag #RIPBritney. OurMine also apparently hacked into Bob Dylan's Twitter account to post "Rest in peace @britneyspears."
U.S. Olympic Athletes
Even though the olympics are over, the drama sure isn’t.
Most recently, Russian hackers broke into the World Anti-Doping Agency’s database (WADA) and released medical records of U.S. athletes such as Simone Byles and the Williams sisters.
Director General Olivier Niggli said in a statement: “WADA deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act."
The hackers known as “Tsar Team” or “Fancy Bear” are also linked to the hack of the Democratic National Committee earlier this year.
Facebook advises its users to never reuse a password on multiple accounts, The Wall Street Journal points out. Had its CEO and founder took this advice more seriously, he could have prevented his Twitter and Pinterest accounts from being hacked this past June. Zuckerberg's not-so-difficult-to-guess password “dadada” -- which was originally leaked in 2012 when 100 million LinkedIn passwords were stolen -- proved not so strong against hackers.
Shortly after Zuckerberg’s hack, OurMine sought its next victim, Google CEO Sundar Pichai, whose Quora account was unlocked, also granting the hackers the ability to post to his Twitter. Releasing their tactic to the tech website The Next Web, an OurMine insider said the team found an “exploit” in Quora that granted them access to Pichai’s account. In response to the hack, Quora denied any vulnerabilities in its system.
Even former Twitter CEO Dick Costolo fell victim to OurMine attacks, according to Recode. The hackers logged into an old account that enabled them to cross post onto his Twitter, again claiming only to be testing for “security” purposes.
Now that’s ironic. On top of the former Twitter CEO’s hack, current Twitter CEO and co-founder Jack Dorsey’s account was recently hacked as well.
Similar to Kalanick’s hack, without gaining direct access to his Twitter, the hackers cross-posted tweets through a different social avenue, this time through video platform Vine (owned by Twitter). Along with tweeting their typical “testing your security” post, hackers also posted a number of Vine videos which have since been deleted, reports Engadget.
Marissa Mayer joins the list of tech CEOs hacked. After attacking Dorsey, the hacking group made its way into the Yahoo! CEO’s account. Similar to what we’ve seen in previous attacks, OurMine cross-posted onto Mayer’s Twitter through another social channel -- although it is unknown which.
Oculus CEO Brendan Iribe’s hack was a rare case -- it wasn’t an attack from OurMine but rather an independent hacker, “Lid,” according to TechCrunch.
Although a harmless attack, the hacker admits in a post on Iribe’s account “i’m not testin ya security im just havin a laugh.” And a laugh it was -- the hacker took to the CEO’s Twitter to announce himself as Oculus’ new CEO.
This year, OurMine has also tapped into accounts of Uber CEO Travis Kalanick, Amazon CTO Werner Vogels, Spotify founder Daniel Ek, former America Online CEO and co-founder Steve Case, and, oh yeah, Channing Tatum.
Recently, a computer network used by Clinton’s campaign was hacked by what U.S. officials think to be Russian hackers.
This wasn’t the first time in recent months that Democratic political organizations have been victims to cyber attacks. Two previous hacks on the DNC and the party’s fundraising committee for House candidates took place earlier this summer.Although the computer systems are under review, it is unclear exactly what information hackers gained access too. An analytics program used by the DNC and other entities was “accessed as part of the DNC attack” and a campaign official said “hackers had access to the analytics program’s server for approximately five days,” reported Reuters.
Bitcoin exchange, BitFinex
Recognized as the second largest Bitcoin hack in history, criminals managed to break into BitFinex -- a Hong Kong exchange -- and steal more than $65 million-worth of digital currency.
As the incident is investigated, the nature of the break in remains unknown as well as the identity of the responsible party.
Cash registers at fast food chains, retail stores and hotels
Russian cybercriminals -- likely the Russian cybercrime syndicate Carbanak group -- hacked more than 330,000 cash registers at fast food chains, retails stores and hotels. The group targeted a network of point-of-sale systems by Micros, a company under the Oracle umbrella.
Although confirming the hack, Oracle still seeks to understand the scale of it. “It's unclear when the attack first started, or whether any consumers' financial data was stolen,” reports PCMag.
The hack puts Oracle in hot water as just last year the firm settled charges with the FTC about the security of software updates by Java, an entity the company also owns.
U.S. hotel chains
Twenty hotels operated by HEI Hotels and Resorts, including Starwood, Marriott, Hyatt and Intercontinental, detected malware on their payment systems at restaurants, bars, spas and shops across the U.S.
Although the attack was discovered in June, details have recently been released on its severity. Hackers may have stolen customer names, account numbers, credit card expiration dates and verification codes.
Hotel representatives are unable to calculate the size of the breach because cards were used multiple times daily. To put it into perspective: “about 8,000 transactions occurred during the affected period at the Hyatt Centric Santa Barbara hotel in California, and about 12,800 at the IHG Intercontinental in Tampa, Florida,” Reuters reports.
Comedian and actor Leslie Jones can’t catch a break. After being publicly attacked on Twitter by conservative writer Milo Yiannopoulos for her Ghostbusters film earlier this summer, Jones now faces another cyber issue.
Joining the list of tech execs and CEOs, Jones’ iCloud was hacked on Wednesday, Aug 25, revealing personal information and photos that were then posted to her Tumblr, including her phone number, Twitter password, driver’s license and passport.
Although her Tumblr account was quickly taken down, it wasn't fast enough. The images have surfaced on other websites.
The Department of Homeland Security has opened investigations into the attack.
Yahoo’s had a rocky few months. In September, the company revealed a 2014 cyber attack that affected more than 500 million accounts, where they blamed hackers working for a government.
The company recently announced that it had discovered yet another, apparently unrelated, security breach compromising more than 1 billion users’s accounts -- making it the largest breach in history. The source of the hack is unknown, but Yahoo says the stolen information “may have included” names, email addresses, telephone numbers, dates of birth, hashed passwords and security questions.
LinkedIn and Lynda.com
LinkedIn's online classroom platform Lynda.com was also on the receiving end of a hack this year. In a statement, the site shared that it found that an "unauthorized third party" obtained access to user data such as what courses they selected and contact information. Nearly 55,000 users had their passwords reset, but the site also alerted 9.5 million users who didn't have any information that was password protected, noting that it was "informing users out of an abundance of caution."