Hacks and security breaches at global companies grab headlines because they’re sensational. A giant organization being held hostage by mysterious hackers is a thrilling, albeit frightening, story. But there’s a lot to be learned from more obscure, outlier cases as well.
Every time we download a new app, log-into a new website, or link personal information to a new device, we create untold opportunities for hackers to steal our information. The following round-up includes some of the more bizarre hacks that have occurred in recent years, and while they are funny, they’re also telling of the unintended consequences of ubiquitous connectivity.
- Hackers broke into a high-roller database through a fish tank in a casino lobby. You’ve heard that the Internet of Things (IoT) is wildly insecure, and this story more than proves it. When cybercriminals wanted to access a casino’s high-roller database, they hacked into a smart thermometer connected to a fish tank in the lobby. The thermometer was linked to the casino’s Internet connection, and once the hackers were on the network, they were able to steal details on the casino’s VIPs.
- Teenager used social engineering to hack a former CIA director. The CIA is supposed to be one of the most sophisticated intelligence agencies in the world. But in 2015, a teenager hacked then-CIA director John Brennan’s AOL email. The youthful hacker and his co-conspirators found Brennan’s Verizon phone number, called the company’s customer service line, and persuaded employees that one of them was a staff technician so they could collect information about the intelligence professional’s account. They then used that data to break into his email account, where they found a number of sensitive government documents, including Brennan’s security clearance application.
- British prankster posed as Trump administration officials via email. Brennan wasn’t the only government figure with a compromised email account. Last year, a British prankster hacked the email accounts of several top White House officials and exchanged pleasantries – and barbs – with the likes of former communications director Anthony Scaramucci and the U.S. Ambassador to Russia Jon Huntsman. The hacker pretended to be former chief of staff Reince Priebus and stoked animosity between the latter and Scaramucci. He also posed as the president’s son-in-law, Jared Kushner, and even as Eric Trump. While the hack was apparently intended as nothing more than a joke, it demonstrated how vulnerable government accounts are to malicious actors.
- Cybercriminals hacked accounts on a food delivery app and ordered hundreds of dollars’ worth of take-out food and adult beverages. In 2016, hackers broke into the database of a popular meal delivery app and began using legitimate customer accounts to order themselves tasty dinners and even bottles of alcohol. The app profiles were linked to customers’ bank accounts for ease of ordering, so the cybercriminals simply updated the delivery addresses and dined out on their victims’ dimes. In some cases, the victims didn’t know what had happened until they received a message regarding “their” orders or checked their bank statements. Some orders included several hundred dollars’ worth of food and drinks.
- Marathon runner cheated during a race, and her own wearable device betrayed her secret. A woman who ran a half-marathon in Ft. Lauderdale, Fl., took a short-cut to finish the race, reportedly because she wasn’t feeling well. An understandable decision – except that she altered her running data to appear as those she had won second place. However, a keen-eyed running enthusiast expressed skepticism at the outset and used images of the running watch she was wearing that day to prove she had run fewer miles than she claimed.
- Virtual keyboard company forgot to secure its user database. In another case of unintended self-sabotage, a virtual keyboard company neglected to password protect its data and exposed 577 gigabytes of sensitive user information. More than 31 million users’ data became vulnerable due to the breach, including 6.4 million records containing data from users contacts. In all, the breach exposed more than 373 million records that had been scraped from users’ phones or synced from a linked Google account.
- Anonymous dismantled a fifth of the dark web. The hacker group known as Anonymous compromised roughly 10,600 dark web sites hosted via Tor software, a platform commonly used on the dark web. Many people would view the hack as a public service, as the Anonymous-affiliated hackers said more than half the data on the targeted servers involved child pornography. Nonetheless, the scope of the hack proves just how vulnerable the web is.
- Hack of adult online community outs swingers. A website that proclaimed to be the world’s largest community for sex and swinging failed to secure the personal data of 400 million user accounts. Exploiting the site’s out-of-date and lax data protection measures, hackers were able to access personal information such as users’ IP addresses, emails, and log-in credentials. The leak was especially jarring for former users who believed they had deleted their accounts, only to find that while their profiles weren’t live, they hadn’t yet been wiped from the database.
These breaches are a little more off-the-wall than, say, the Equifax breach or the Sony and WannaCry attacks. But they’re worth heeding because they drive home the fact that more often than not, our data is at risk of being exposed.
As we integrate more IoT devices into our homes and depend on wearables and other technology, we’re generating incredible amounts of data. Without the right security measures in place, all of that information puts us at risk having our identities stolen and our most personal data revealed. It’s worth remembering that even as tech helps connect us in new and innovative ways, it also forces us to take greater responsibility for our digital lives.