If the threat of a cyberattack frightens you, it’s for good reason. Cybercrime accounts for billions of dollars in victim losses, and the headache of recovering your data and safeguarding yourself and your customers is a horrifying prospect.
As cybersecurity professionals, nothing makes our skin crawl quite like cyberattacks. However, headlines are rife with cybersecurity horror stories, so in the spirit of the season, here are six cybersecurity horror stories to fill you with dread.
The Phantom Love Letter
As the internet began making its way into more and more households around the turn of the century, cyberattacks became more prevalent, and in this case, so did social engineering. In 2000, one of the largest cyberattacks of its time was launched in the form of the ILOVEYOU worm. Also known as "Love Bug" or "Love Letter," ILOVEYOU spread as an email with an attachment called "LOVE-LETTER-FOR-YOU.txt.vbs." When opened, the worm would overwrite various common file types—including JPEGs and MP3s—then send itself to everyone in the user's address book.
ILOVEYOU spread almost immediately, hitting about 45 million users in just two days.1 It caused between $5.5-8.7 billion in damages on 10% of the world’s internet-connected computers,2 plus another $15 billion spent by companies and government agencies to actually remove the virus.3
PlayStation Network (2011)
When online gaming made its way to the console market in the mid-2000s, it opened up a world of connectivity for gamers around the world. Unfortunately, sometimes these paid services also opened the door for cyberattacks. Such was the case with Sony's PlayStation Network in 2011. On April 20, 2011, Sony suspended access to the PlayStation Network after discovering an intrusion had occurred sometime between April 17-19, acknowledging a "compromise of personal information."4 Sony later said 12,700 credit card numbers from non-U.S. cardholders were taken, though the numbers were from an outdated database.
When all was said and done, the hack and subsequent network downtime cost Sony $171 million.5
Even retail giants aren't safe from cybercriminals. In 2013, cybercriminals used stolen login credentials to gain access to Target's database, compromising 41 million payment card accounts and gaining access to 60 million customers' contact information, including full names, phone numbers, email addresses, CCV codes, and more.6 In 2017, Target settled in a multistate settlement for $18.5 million, the largest amount for a data breach at the time.
No One Is Safe
Yahoo! (2013 and 2014)
When you talk about the largest data breaches of all time, Yahoo! reigns supreme. In July 2016, Yahoo! discovered millions of account credentials for sale on the dark web resulting from a 2014 breach that compromised data from 500 million accounts.7 Yahoo! then discovered a separate cookie-based attack had occurred in 2013, allowing hackers to access billions of accounts without passwords. In total, all 3 billion user accounts had been compromised, making the two attacks the largest data breach in history.8
Litigation is still ongoing, but Yahoo! has had to pay millions in both settlements and fines stemming from the attacks, in part because the company waited so long to disclose the breach to users and force password resets.9
Of all the companies we should trust with our most sensitive information, credit agencies are near the top of the list. That's what made the Equifax breach of 2017 so shocking. In 2017, Equifax announced 147 million consumers' personal data—including Social Security numbers and driver's license numbers—had been compromised,10 prompting many across the country to put a freeze on their credit.
Almost as shocking as the breach itself was Equifax's response. Though the breach was discovered in May 2017, the company didn't announce the breach publicly until two months later, allowing its executives to sell off $2 million in shares. Once the news was public, Equifax claimed consumers waived their right to file a class-action suit, only balking at that notion after a mass outcry. Finally, a typo in one of the company's tweets sent users to a phishing site rather than the website that had been set up to tell users if they had been affected; that site also didn't work that well.
Though Equifax has yet to face any fines or penalties from the government, some consumers have reportedly sued the company successfully for nearly $10,000.11
Since it debuted earlier this decade, ransomware has made a name for itself as one of the nastier, more pesky forms of malware. Essentially, ransomware locks a user out of their computer until they pay some fee to unlock within a certain time frame. If users don't pay within the time frame, the data is completely wiped out. One of the more famous examples of ransomware is WannaCry, which worked its way onto 200,000 computers in 2017 with hackers demanding $300 in Bitcoin to unlock. The attack became a prime lesson in why you should always back up your data as economic losses mounted to about $4 billion according to risk modeling firm Cyence, becoming one of the costliest cyberattacks of its kind.12
What cybersecurity horror stories chill you to the bone? Let us know in the comments!
1 Ward, Mark. “A Decade on from the ILOVEYOU Bug.” BBC News. 4 May 2010.
2 “Top 10 Worst Computer Viruses.” What Are Purchase Trends.
3 “10 Worst Cybercrimes of the Decade - The 'Love' Bug.” MSN.
4 “Update on PlayStation Network and Qriocity.” PlayStation Blog. 26 April 2011.
5 Hachman, Mark. "PlayStation Hack to Cost Sony $171M; Quake Costs Far Higher." PCMag.com. 23 May 2011.
6 McCoy, Kevin. "Target to pay $18.5M for 2013 data breach that affected 41 million consumers." USA Today. 23 May 2017.
7 Greenberg, Andy. "Hack brief: Yahoo breach hits half a billion users." Wired. 22 September 2016.
8 Haselton, Todd. "Yahoo just said every single account was affected by 2013 attack — 3 billion in all." CNBC. 3 October 2017.
9 Kastrenakes, Jacob. "SEC issues $35 million fine over Yahoo failing to disclose data breach." The Verge. 24 April 2018.
10 Purtill, Corinne. "A year after the Equifax breach, there are consequences—for consumers." Quartz. 9 September 2018.
11 Wolff-Mann, Ethan. "People are taking Equifax to small-claims court — and winning." Yahoo! Finance. 31 January 2018.
12 Berr, Jonathan. "'WannaCry' ransomware attack losses could reach $4 billion." CBS News. 16 May 2017.