History's biggest cyberattacks and how to protect yourself on the internet

Hackers commonly gain access to secure company systems through a third party contractor that has system access and weaker cybersecurity

When a large company falls victim to a cyberattack, millions of people stand to have their sensitive data compromised.

The biggest cyberattacks in history have seen tens to hundreds of millions of users' information exposed to hackers. They have caused stock prices to plummet and customers to abandon brands.

Companies spend a considerable amount of money on cybersecurity each year. But as their security measures become more advanced, so do cybercriminals' methods to outmaneuver them.

DHS SURVEY HIGHLIGHTS NEED TO MODERNIZE NATION’S 911 SERVICES

When your information is leaked due to cybercrime, there is not much you can do. But there are best practices you can follow to minimize the damage and ensure the security of your other accounts.

Biggest cyberattacks in history

  1. Yahoo
  2. Marriott
  3. Adult Friend Finder
  4. Under Armour/MyFitnessPal
  5. eBay
  6. Heartland Payment Systems
  7. Target
  8. Uber
  9. Equifax

Best practices for internet security

Fictitious html pages and hacker programs are shown on screens while a man has his hands on the keyboard

Yahoo's 2016 data breach is considered the largest cyberattack in the history of the internet. (Annette Riedl/picture alliance via Getty Images / Getty Images)

Biggest cyberattacks in history

1. Yahoo

In September 2016, internet giant Yahoo announced it had been the victim of the biggest data breach in history. The company said the attack compromised the names, email addresses, dates of birth and telephone numbers of 500 million users. A couple of months later, it was revealed a different group of hackers compromised 1 billion accounts.

Yahoo, then a publicly traded company, was acquired by Verizon in 2017 for a little over $4 billion. However, in October 2017, the company revealed that the total number of users impacted by the breach stood at 3 billion. Experts consider the hack the largest discovered in the history of the internet.

2. Marriott 

On Nov. 30, 2018, the hotel empire revealed a security breach of its Starwood Hotel brand that may have compromised the data of as many as 500 million guests. Although the breach was not discovered until 2018, the actual theft is believed to have occurred in 2014. The hacker successfully copied over 5.2 million unencrypted passport numbers and 380 million booking records.

AVOID CYBERSCAMS: STRENGTHEN YOUR SECURITY AND WHAT TO DO AS A CYBERCRIME VICTIM

Marriott said hackers stole an additional 8.6 million encrypted credit card numbers along with 20.3 million encrypted passport numbers. The damage caused by the breach makes it one of the biggest online thefts in history.

3. Adult Friend Finder

The website Adult Friend Finder is one of the biggest online dating and networking platforms in the world. In October 2016, the website said hackers could gain access to more than 20 years of data on its six databases, including names, email addresses and passwords of 412.2 million accounts.

The breach became apparent after six databases that the company owned suffered a massive breach with the information of more than 15 million deleted accounts being exposed.

Between the binary code on a laptop monitor you can see the text "GETHACKT"

According to DeVry University, more there are more than a billion malware programs on the internet. (Jens Büttner/picture alliance via Getty Images / Getty Images)

4. Under Armour/MyFitnessPal

In February 2018, the sports apparel brand Under Armour disclosed that a hacker gained access to the email addresses and information of 150 million users of its food and nutrition website, MyFitnessPal.

5. eBay

In May 2014, eBay announced that hackers got into the company network using the credentials of three corporate employees and had complete inside-access for 229 days. During this time, they were able to collect the personal information of all of its 145 million users.

AI FUELING RISE IN CYBERATTACKS

Sensitive user information was compromised by these hackers, including physical addresses, phone numbers, dates of birth, names, encrypted passwords and emails.

6. Heartland Payment Systems

In January 2009, Heartland Payment Systems, the sixth-largest payments processor in the U.S., announced that its processing systems were breached in 2008, exposing more than 134 million credit card numbers and over 650 financial services companies.

The company's stock price fell by nearly 80% within months of the breach. However, two Russian hackers were eventually charged and convicted for carrying out the attack in 2018.

7. Target

In 2013, the retail giant was attacked days before Thanksgiving when hackers gained access through a third-party HVAC vendor to its point-of-sale payment card readers. The breach affected data collected on approximately 110 million customers.

The query window for username and password on a web page can be seen on the monitor of a laptop.

A simple yet effective way to protect yourself in the event of a cyberattack is to use unique passwords for every site. If one is leaked, your other accounts will not be at risk. (Jens Büttner/picture alliance via Getty Images / Getty Images)

HOW THE TARGET AND UBER CYBERATTACKS FROM YEARS AGO SHAPED PUBLIC PERCEPTION OF CYBERSECURITY TODAY

8. Uber

Uber was breached by hackers in 2016 when code containing sensitive information was uploaded to the website Github. The hackers were able to access Uber's systems and compromised the data of 57 million Uber users and drivers, including their driver's license numbers.

The company's response was to cover it up. They paid the hackers $100,000 to delete their stolen data and chalked it up to a "bug bounty" payment, which is when companies pay ethical hackers who find a security breach and bring it to their attention.

When news of the security breach and ensuing coverup broke later, Uber faced intense backlash from users and lawmakers alike.

9. Equifax

In September 2017, one of the largest credit bureaus in the U.S. revealed that personal information, including Social Security numbers, birthdays, addresses and, in some cases, driver’s license numbers were compromised.

CLICK HERE TO READ MORE ON FOX BUSINESS

In 2020, the Justice Department charged four Chinese military hackers with breaking into the computer networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans.

Best practices for internet security

Long, strong passwords are important to give hackers a harder time cracking them.

But potentially more important is using a unique password for every site. Once one account is compromised, hackers can use your login information in AI hacking tools that try to log into many common sites, which could lead to many more accounts becoming compromised.

Another best practice is to make up answers that only you would know when creating security questions. Many of the answers to default security questions asking, for example, what school you attended or where you used to live, are easily obtainable.

Remember that, to hackers, time is money. Taking basic security measures like using multifactor authentication make you a less attractive target. Hackers will tend to move on to low-hanging fruit.

Phillip Nieto contributed reporting.