Science

The 10 Biggest Hacks of 2015

Hacks lead to leaks and leaks lead to truth -- and mayhem. Here were the 10 biggest of 2015.

by Peter Rugg
Anonymous

If you were creeping on Ashley Madison or just unfortunate enough to piss off Anonymous, you might welcome the promise of a new year. Personal information was splashed on the net seemingly every other week, with a fair share of innocents caught in the crossfire. Sure we got a lot of information about important issues like the country’s drone policy, but the internet being the internet, we also got a lot of useless junk. Not even Hello Kitty fans were safe from the invisible keyboard of the hacking community. Here are 10 of this year’s biggest leaks.

We're killing the wrong people too often.

Getty

The Drone Papers

The year ended with one of its biggest leaks when The Intercept published “The Drone Papers” this month. The enormous document collection focusing on the Obama administration’s increasing reliance on unmanned aerial vehicles confirmed many of our worst fears. The eight-part series use an enormous document leaked from an anonymous whistleblower already being called a “second Snowden” by Wired to reveal the inner workings of the Obama adminstration’s secretive program between 2011 and 2013, confirming many of your worst fears along the way. One horrifying statistic: 90 percent of drone killings over a single five month stretch were not the drone’s assigned target.

Good luck explaining this one.

Ashley Madison

Ashley Madison

Arguably the biggest leak of the year for cultural impact if not actual importance just for the collective schadenfreude of seeing stained reality TV star and former executive director of the Family Research Council Josh Duggar revealed as having an account. Hackers were quick to provide easily searchable databases to check if you, or your spouse, had been compromised on the hunt for illicit strange and we all snickered knowingly when the controversial site turned out to be little more than a lot of thirsty dudes typing at each other.

Hundreds of Uber drivers saw their personal information leaked.

Getty

Uber Driver Info

Hundreds of Uber drivers had their Social Security numbers, tax information, and drivers license numbers posted to the web thanks to a data breach in October. An Uber spokesperson told Forbes the leak affected only 674 drivers whose information was accessed through the Uber Partner site, but that’s small comfort for the drivers on Reddit who were shocked to see any personal info out there after the company assured them it was secure. Wrote one Uber driver and Redditor: “Went to upload new insurance docs and the documents page showed me thousands of people private info (SS#s, home addresses, tax info). I screen capped it and sent to support. Refreshed page 5 mins later and was fixed.” It made for bad employee relations at a time when drivers are organizing nationwide strikes for better treatment.

Millions of inmate phone records were leaked to 'The Intercept'.

Getty

The Securus Leak

Leave it to the publication started solely to report on Edward Snowden’s massive data purge to get some of the best tips of 2015. In November, The Intercept got its hands on records of more than 70 million jailhouse phone calls overseen by prison communications kingpin Securus Technologies. The leak showed what looked to be a systematic violation of inmate rights as attorney-client phone calls were recorded without consent. A day after the records dump, Securus claimed any recorded calls were monitored only with inmate consent and denied its system had been hacked, blaming a yet-unnamed inside man with access for the leak.

Paris Climate Summit Talks

Say what you will about hacktivist movement Anonymous, you can’t claim they don’t follow through. This December Paris law enforcement arrested climate activists who’d organized what they say was a peaceful march through the city as it welcomed the UN Framework Convention on Climate Change. At the time, Paris remained under a state of emergency being only a few weeks removed from the siege of terror attacks and public protests — marches included — were banned. Anonymous, none to happy about the incarcerations, retaliated by leaking the private logins of almost 1,415 officials at the climate summit.

Not even the cheerful kitty can save your data.

Getty

Hello Kitty

Unlike Anonymous’ attack on Paris officials, the motivation for this one remains a mystery the should perhaps go unsolved. Online Hello Kitty fan community SanrioTown.com lost its furry smile just before Christmas when the account information for 3.3 million accounts (3.3 million!!!) was put on blast. The culprits reportedly made it into the system because the passwords were “hashed,” which is a kind of protection that makes it easy for a cyberattack to reveal a big chunk of the code.

Children get exposed too. 

Getty

VTech Toy Firm

Let’s not presume we know the hearts and minds of Hello Kitty fandom, and just say this year was a bad time for kids’ hobbies. The Chinese toy company saw 4.8 million customer details stolen, including account information for parents and children alike — including names, addresses, IPs, email addresses, download history, secret questions, and secret answers. The leak was so bad, the firm had to suspend trading on the Hong Kong stock exchange.

Donald Trump

What’s a year-end list in 2015 without some mention of the Donald? That’s the world we live in. Swish that around in your mouth for a while, remember the taste.

Anyway, proving he was no better at handling data than whichever opposing candidate he might insult, Trump Hotel Administration admitted they’d been the victim of a year-long hack that leaked the financial information of thousands of clients. Information was stolen from eight of the chain’s branches, including locations in New York, Miami, Chicago, Hawaii, Vegas, and Toronto. Those are probably enough words on Trump to fill any unknown quotas, and hopefully not enough to conjure orange-faced elder gods to reclaim the Earth.

Blue Cross Blue Shield

This September Excellus Blue Cross Blue Shield revealed the records for as many as 10 million people thanks to a 24-month-long intrusion campaign into the company’s network. The usual information — Social Security numbers, mailing addresses, telephone numbers, credit card digits — all got spilled. On the bright side, everyone got a letter of notification (and hopefully apology) from Excellus along with two years of free credit monitoring on the house.

FBI Data Portal

Hacker group Crackas With Attitude took credit for leaking the personal data of the FBI’s second-in-command and compatriots to Twitter after jacking the data from the Law Enforcement Enterprise Portal. The leak came less than a month after a Cracka leader hacked CIA Director John Brennan’s private AOL inbox later telling CNN Money “I’m going to go to Russia and chill with Snowden because I know the government is pretty mad about this and I’m probably going to get tortured. I’m actually a pretty fast runner.” So tightening security might be on their list of 2016 goals.