2012 was a good year for password hackers - and a tough year for the rest of people. In the first half of the year at least 18 million passwords were exposed in just seven cyberattacks. And with more people - and more hackers - online than ever before, massive hacks seem to be the here to stay. A combination of weak passwords and poor encryption has led to some of the worst password hacks is history. Learn how many people were impacted by these attack and how they happened.
SONY PLAYSTATION NETWORKS & ONLINE ENTERTAINMENT HACK
April 2011: 100 million users' personal information exposed
Sony Group Corporation, abbreviated as SONY, is a Japanese multinational conglomerate headquartered in Minato, Tokyo. As a major technology company, it is one of the world's largest manufacturers of consumer and professional electronic products, as well as the largest video game console manufacturer and publisher. It is one of the largest music companies (largest music publisher and second largest record label) and the third largest film studio through Sony Entertainment Inc, making it one of the most comprehensive media companies. It is Japan's largest technology and media conglomerate. It is also known as Japan's most cash-rich company, with net cash reserves of 2 trillion yen.
What happened
Passwords, account information and credit card numbers for all 77 million of Sony's PlayStation Network users were compromised in April. Sony was criticized for not informing users sooner, and the network was temporarily shut down. In May, it was discovered Sony Online Entertainment was also been hacked, compromising 24.6 million users' data.
How It happened
One of the Network's most sensitive databases was accessed. Information from an outdated 2007 database was hacked in the Online Entertainment attack.
Possible culprits
Hacking group Anonymous reportedly named Sony as a target shortly before the attacks, but denied involvement. More likely to be a cyberthief seeking to profit.
Cost
ROCKYOU HACK
December 2009: 32.6 million user password & email addresses exposed
RockYou was a company that created MySpace widgets as well as applications for various social networks and Facebook. Since 2014, it has primarily purchased the rights to classic video games; it incorporates in-game advertisements and re-distributes the games.
What happened
A hacker accessed all of RockYou's accounts. RockYou Reportedly failed to notify users, then downplayed the incident. The list served as an invaluable resource for hackers, providing real-world data on the kind of passwords people use.
How It happened
User data was reportedly stored in highly insecure plain text format.
Cost
RockYou paid a $250,000 penalty to the Federal Trade Commission for violating regulations on the protection of children
LAST.FM HACK
June 2012: 17.3 million user passwords hacker
What happened
Announced during the "Week of Leaks," in which eHarmony and LinkedIn were also hacked. However, the hack may have occurred a year before, with the hashes appearing on a hacking forum in 2011. All users were asked to reset their passwords.
How It happened
Rumor has it 95% of hacked passwords were cracked from an easy-to-break MD5 encryption.
LINKEDIN/EHARMONY HACK
June 2012: 8 million user passwords leaked
LinkedIn is an American online business and employment service that operates through websites and mobile apps. The platform, which was launched on May 5, 2003, is primarily used for professional networking and career development, and it allows job seekers to post their CVs and employers to post jobs.
Eharmony (also spelled eHarmony) is a dating website that debuted in 2000. Nucom ecommerce, a joint venture of German mass media company ProSiebenSat.1 Media and American private equity firm General Atlantic, owns eHarmony and is headquartered in Los Angeles, California.
What happened
An estimated 1.5 million eHarmony passwords and 6.5 million LinkedIn passwords were posted in encrypted hash codes on a Russian web forum. Users also received emails asking them to click to verify their email addresses.
How It happened
With LinkedIn numbering 160+ million users, it's believed the culprit cracked only the easiest passwords.
Cost
$500,000-$1 million for forensic work on the hack; $2-$3 million in LinkedIn security upgrades.
GAWKER HACK
December 2010: 1.25 million user accounts hacked
Gawker Media LLC (formerly Blogwire, Inc. and Gawker Media, Inc.) was a blog network and online media company based in the United States. It was founded in October 2003 as Blogwire by Nick Denton and was based in New York City. Gawker Media, based in the Cayman Islands, was the parent company for seven different weblogs and numerous subsites as of 2012: Gawker.com, Deadspin, Lifehacker, Gizmodo, Kotaku, Jalopnik, and Jezebel. The Creative Commons attribution-noncommercial licence governs all Gawker articles. The company changed its name from Blogwire, Inc. to Gawker Media, Inc., and then to Gawker Media LLC shortly after.
What happened
Gawker Media servers were hacked and account information, along with a 20,000-word manifesto, was available by BitTorrent. A Twitter virus was reportedly connected, Employee usernames and passwords, including founder Nick Denton's information, was released.
How It happened
Passwords were protected with Data Encryption Standard, weak enough that hackers could learn the first 8 characters of a password.
Culprit
Hacking group Gnosis, possibly in retaliation for the site's coverage of 4Chan and/or hacking group Anonymous.
YAHOO HACK
450,000 user passwords & emails hacked
Yahoo! is a web services provider based in the United States. It is headquartered in Sunnyvale, California, and is operated by Yahoo Inc., which is 90% owned by Apollo Global Management investment funds and 10% owned by Verizon Communications.
It offers a web portal, the search engine Yahoo Search, and a variety of related services such as My Yahoo!, Yahoo Mail, Yahoo News, Yahoo Finance, Yahoo Sports, and its advertising platform, Yahoo! Native.Yahoo was founded in January 1994 by Jerry Yang and David Filo and was a pioneer of the early Internet era in the 1990s.
What happened
Hackers claimed they were just trying to expose weaknesses in Yahoo!'s online security. Some non-Yahoo IDs may have been breached, as well.
How It happened
Likely breached Yahoo! Voices server using an SQL injection hack. Passwords may not have even been encrypted, hackers said.
Culprit
D33Ds Company, hacking group.
HOW PASSWORDS ARE HACKED
- 50% of passwords use dictionary words, slang, or common number/letter arrangements like "12345"
- In 17 minutes, hackers can break into 1,000 accounts by taking advantage of weak passwords + automated attacks
- 60% of people use the same password on multiple sites, making them more vulnerable
Most common passwords in LinkedIn theft:
- link
- 1234
- work
- god
- job
- 12345
- angel
- the
- ilove
- sex
Choosing smart passwords and varying your passwords between sites is your first defense.