A Year of Trouble: The Worst Hacks of 2017
January 8, 2018 by Bill Rosenthal

From fidget spinners and unicorn Frappuccinos to virtual reality, 2017 was a year that can be described by unique trends. Unfortunately, we must also add a disturbing amount of large cyberattacks to the trend list. Hackers managed to cause an unprecedented level of chaos at a global-level with state-sponsored ransomware, major phishing campaigns, and enormous hacks.

Here are a few of the most devastating and scandalous hacks from last year: 

  • InterContinental Hotels – Hackers installed malware at 1,200 Holiday Inn and Crowne Plaza hotel locations (owned by InterContinental Hotels) to steal credit card data from unsuspecting hotel guests in April.
  • Petya – Ransomware attack Petya managed to attack large companies in 65 countries all over the globe in only two days.
  • Google – Gmail users were targeted by hackers in a phishing scam in May. Unlucky targets received emails asking them to click on a Google Doc link that contained the malicious code. Although Google was able to stop the attack the day that it started, one million users were affected.
  • Shadow Brokers – First surfacing in August of 2016, the mysterious hacking group Shadow Brokers claimed to have accessed the NSA-linked operation known as the Equation Group and breached their spy tools. They then offered a sample of the alleged data to attempt to auction their information off. In April of 2017, they attempted to release a group of significant NSA tools, including a Windows exploit called Eternal Blue. Hackers have since used this flaw to infect two high profile targets.
  • CloudBleed – Internet infrastructure company Cloudflare announced that a bug in its platform had caused a random leak of potentially sensitive customer data in February. Although the bug was patched within hours, it could have started as early as September of 2016.
  • Deloitte – Deloitte, one of the world’s largest accounting firms, announced in September that hackers had breached the company’s email and access sensitive information on over 350 clients ranging from banks to the United States government.
  • Voter Records – In June, it was announced that a publicly accessible database containing 198 million United States voters had been discovered hosted on an Amazon S3 server. Although some of the data on the misconfigured server was protected, over a terabyte of voter data could have been easily accessed by anyone on the internet.
  • Dun & Broadstreet – In March, Dun & Broadstreet, a business services firm, announced that its database containing 33 million contacts was leaked. This exposed data on tens of millions of employees from the Defense Department to Wal-Mart.
  • Yahoo! – Four years after the original breach, Yahoo announced in October that all of its three billion email users were exposed.
  • WannaCry – In May, the dreaded WannaCry ransomware strain spread across the world and pulverized hundreds of thousands of targets, which ranged from large companies to public utilities. One of the most notable targets of this attack was the National Health Service facilities and hospitals in the United Kingdom.
  • Uber – Uber revealed in November that it had paid hackers $100,000 to delete stolen customer data from its 57 million users and drivers to conceal a massive data breach. Uber could be in trouble for this with the FTC for potentially violating the law.
  • Equifax – The largest hack of the year, Equifax reported in September that hackers had stolen Social Security numbers, addresses, and birth dates from nearly half of the United States population (143 million Americans). 

Let’s make the global New Year’s resolution to be more proactive and vigilant about our cybersecurity practices. What are you doing to help make your company a safer place?