The 12 Greatest Computer Hacks in History

Cybercriminals have caused widespread damage over the last 20 years

Many hackers are benign hobbyists, tech-savvy computer users who manipulate and bypass computer systems without intending to cause harm. Other hackers are willful criminals, out to steal your passwords, money, or even your identity. But these cybercriminals are small potatoes compared to the sophisticated, organized hackers that victimize millions and inflict terrible widespread damage and emotional injury.

Here's a look at 12 of the biggest, baddest breaches in history, based on the number of victims, amount of damages, and how they changed how we regard computer security.

In this article, we concentrated on hacks with malicious intent, not incidents where organizations unintentionally left consumer data vulnerable and exposed, such as when Twitter admitted to a vulnerability in its Android app.

01
of 12

Most Personally Damaging Hack: Ashley Madison

Hackers Release Confidential Member Information From The Ashley Madison Infidelity Website
Carl Court / Getty Images

Ashley Madison is a website whose motto is, "Life Is Short, Have an Affair." The site caters to people who are married or in serious relationships, and who don't exactly want their participation in the service advertised.

In July of 2015, a hacker group calling itself Impact Team broke into the servers of Ashley Madison's parent company Avid Life Media, stealing the personal data of 37 million users. The hackers then incrementally released this information to the world through various websites.

The results were catastrophic, ruining reputations and marriages. There were even claims that user suicides followed the hack.

This hack is noteworthy not just because of the publicity explosion it created, but because the hackers also earned some fame as vigilantes crusading against infidelity and lies. 

Read more about the effects of the Ashley Madison breach, how you can check if your spouse was affected by the hack, and how the hack transpired.

02
of 12

Most Resilient Hack: The Conficker Worm

Conficker worm malware: still infection 1 mil computers per year
Steve Zabel / Getty

The Conficker worm (also known as Downup, Downadup, and Kido) was first detected in November of 2008. Conficker replicates itself across computers, where it lies in secret either to convert your machine into a zombie bot for spamming, or to detect your credit card numbers and passwords through keylogging and then transmit those details to its programmers. This smart program defensively deactivates your antivirus software to protect itself and has infected millions of computers worldwide.

While this resilient malware program has not wreaked irrecoverable damage, Conficker refuses to die. It actively hides and then copies itself to other machines and continues to open backdoors for future hacker takeovers of the infected machines.

Conficker is noteworthy because of its resilience and reach, still traveling around the internet more than a decade after its discovery.

Read more about the technical side of the Conficker worm, how to detect and remove Conficker from your computer, and how Symantec can remove the worm for you.

03
of 12

Most Deceitful Hack: The Stuxnet Worm

Stuxnet worm set back Iran's nuclear program by years
Getty

Stuxnet was a malicious computer worm that was uncovered in 2010 but was probably in development since 2005. Its original target was Iran's nuclear facilities, but it eventually mutated and spread to other industrial entities, such as water treatment plants, power plants, and gas lines.

After Stuxnet was released into Iran's nuclear facilities, it secretly took over specific Siemens industrial control systems, commandeering more than 5,000 of Iran's 8,800 uranium centrifuges. It caused them to spin out of control, then suddenly stop and then resume, while simultaneously reporting that all was well.

This chaotic manipulation went on for 17 months, secretly ruining thousands of uranium samples and causing the staff and scientists to doubt their own work. No one realized they were being deceived and vandalized.

This devious and silent attack wreaked far more damage than simply destroying the refining centrifuges themselves. The worm led thousands of specialists down the wrong path for a year and a half, wasting thousands of hours of work and millions of dollars in uranium resources.

This hack is memorable because of its optics and deceit. It attacked the nuclear program of a country in conflict with the United States and Israel and other world powers, and it also deceived the entire Iranian nuclear staff for a year and a half.

04
of 12

Most Unique Retailer Hack: Home Depot

Home Depot hack, 2014: over 50 million credit card numbers
Raedle / Getty

By exploiting a password from one of its store vendors, the hackers behind the Home Depot cyberattack in 2014 achieved the largest retail credit card breach ever seen at the time, stealing the credit card and email information of more than 56 million people. Through careful tinkering of the Microsoft operating system, these hackers managed to penetrate Home Depot's servers before Microsoft could patch the vulnerability.

After they entered the first Home Depot store near Miami, the hackers worked their way throughout the continent. They secretly observed the payment transactions on more than 7,000 Home Depot self-serve checkout registers, skimming credit card numbers as customers paid for their purchases.

This hack is noteworthy because it was launched against a large corporation and millions of its trusting customers, ending the naivete of retail customers and ushering in an era of caution.

Read about how then-CEO Frank Blake responded to the hack, how the Wall Street Journal described the hack, and how the Home Depot hack is now an official case study

05
of 12

Most Noteworthy DDoS Attack: Spamhaus

Spamhaus: nonprofit protection against spammers and hackers

A DDoS (distributed denial of service) attack is when a website or service is overwhelmed by too much traffic. By using dozens of hijacked computers that repeat signals at a high rate and volume, hackers flood and overload computer systems on the internet.

In March of 2013, a DDoS attack was waged against Spamhaus, a nonprofit professional protection service that tracks and blacklists spammers and hackers on behalf of web users. In this attack, hackers flooded Spamhaus servers, along with dozens of other internet exchange servers.

The Spamhaus DDoS attack was so big it slowed the entire internet across the planet, even shutting down parts of it for hours at a time.

This DDoS hack is noteworthy because of the sheer scale of its brute-force repetition. It overloaded the internet's servers with a volume of data that had never been seen before.

Read more about Spamhaus, how the DDoS attack occurred, and how a London teen admitted to being one of the hackers.

06
of 12

Worst Breach of Public Trust: eBay

An Ebay sign and logo.

JOSH EDELSON / Stringer Getty Images 

In 2014, eBay admitted that its servers were hacked, but insisted user data was safe. In reality, hackers accessed 145 million user records, including passwords and email addresses. Hackers accessed servers using the credentials of three corporate employees, eventually making their way to the user database.

This was an unpleasant incident, as millions of online shoppers had their password-protected data compromised. This hack is particularly memorable because it was public and because eBay was painted as weak on security, lambasted for its slow and lackluster public response to the cyberattack.

Read more about how the eBay hack transpired, how eBay responded to the incident, and how eBay was criticized for its sluggish reaction.

07
of 12

Most Noteworthy Banking Attack: JPMorgan Chase

JP Morgan Chase was hacked
Andrew Burton / Getty

In the middle of 2014, alleged Russian hackers broke into the largest bank in the United States and breached 7 million small-business accounts and 76 million personal accounts. The hackers infiltrated the 90 server computers of JPMorgan Chase and viewed personal information on the account holders.

Interestingly enough, no money was looted from these accounts. JPMorgan Chase never shared all the results of its internal investigation but did admit hackers stole contact information such as names, addresses, email addresses, and phone numbers.

This hack is noteworthy because it struck where people store their money, raising questions about the security of the U.S. banking system and creating a sense of skepticism.

Read more about the story of the JPMorgan Chase hack, how server technicians failed to upgrade one of its servers, and what the official report documentation from the U.S. Securities and Exchange Commission says.

08
of 12

Most Embarrassing Virus for Microsoft: The Melissa Virus

Melissa email virus 1999

Around March 26, 1999, a New Jersey man released this Microsoft macro virus into the web, where it penetrated Windows computers. The Melissa virus masqueraded as a Microsoft Word file attachment with an email note alleging an "'Important Message from [Person X]."

After the user clicked the attachment, Melissa activated itself and commanded the machine's Microsoft Office email client to send a copy of the virus as a mass mailout to the first 50 people in that user's address book. Eventually, 20 percent of the world's computers were infected.

The virus itself did not vandalize files or steal any passwords or information. Its objective was to flood email servers with pandemic mailouts, and it did a good job. Melissa successfully shut down some companies for days at a time as the network technicians rushed to clean their systems and purge the pesky virus.

This virus is noteworthy because it preyed on people's gullibility and the then-current weakness of antivirus scanners on corporate networks. It also gave Microsoft Office a black eye as a vulnerable system.

Read more about how the Melissa virus worked and how it wreaked havoc on the web.

09
of 12

Most Slow-Motion Breach: LinkedIn

LinkedIn hack 2016: 164 million accounts breached

In a slow-motion breach that took four years to reveal, social networking giant LinkedIn admitted in 2016 that 117 million of its users had their passwords and logins stolen in 2012. That information was eventually sold on the digital black market in 2016.

The reason this is a significant hack is because of how long it took for the company to understand how badly it had been hacked. Four years is a long time to realize you've been robbed.

Read more about the LinkedIn attack and how the company publicly responded.

10
of 12

Hack With the Worst Optics: Anthem Health Care

Anthem health care: 78 million users hacked
Tetra / Getty

The major U.S. health insurer had its databases compromised through a covert attack that spanned weeks back in 2015. Anthem refused to disclose details of the penetration, but the company claimed no medical information was stolen, only contact information and Social Security numbers for 78 million users.

As a response, Anthem provided free credit monitoring for its members and vowed to shore up its security measures.

The Anthem hack is memorable because of its optics, as another monolithic corporation fell victim to a few clever computer programmers.

Read more about the Anthem hack and how Anthem responded to its customers' questions.

11
of 12

Worst Gamer Hack: Sony Playstation Network

Sony Playstation network: 77 million users hacked
Djansezian / Getty

In April of 2011, intruders from the Lulzsec hacker collective cracked open the Sony database at its PlayStation Network, revealing the contact information, logins, and passwords of 77 million players. Sony claims no credit card information was breached.

Experts speculated that the weakness was exploited through an SQL injection attack, and Sony took down its service for several days to patch holes and upgrade its defenses.

The PSN hack is memorable because it affected gamers, a culture of people who are computer-savvy fans of technology.

12
of 12

Most Consumer Confidence-Shaking Hack: Global Payments

Heartland hack 2012: 110 million users
PhotoAlto / Gabriel Sanchez / Getty

Global Payments is one of several companies that handle credit card transactions for lenders and vendors, particularly for small business vendors. In 2012, its systems were breached by hackers, and information regarding 110 million credit cards was stolen. Some of those users have since experienced fraudulent transactions.

Since the attack, the United States has migrated to a chip-and-pin or chip-and-sign approach for processing point-of-sale card transactions.

This hack is noteworthy because it struck at the daily routine of paying for goods at the store, shaking the confidence of credit card users around the world.

The Heartland payment processor was also hacked in 2009 before merging with Global Payments.