2006 – The Stuxnet Attack
One of the earliest and most famous zero-day attacks was against Iranian nuclear facilities. The attack was supposedly orchestrated by the US National Security Agency (NSA) and was unique in that it sped up centrifuges to damage nuclear hardware.
2013 – The Yahoo Attack
The personal identifying information (PII) of more than 3 billion Yahoo accounts was hacked in 2013 — but wasn’t revealed until 2016. Verizon was acquiring Yahoo News as news of the zero-day attack broke, and this negatively affected the purchase price.
2014 – The Sony Entertainment Attack
In 2014, hackers broke into Sony Entertainment’s network, accessing business communications, business plans, and unreleased movies. At the time, this was a historical, high-profile corporate attack.
2016 – The Democratic National Committee (DNC) Attack
One of the most widely reported and politically impactful attacks occurred in 2016 when hackers gained access to over 19k emails and 8k attachments from the DNC. The DNC servers had up to six vulnerabilities that were prone to exploitation. There has been speculation that a foreign government actor may have orchestrated this attack to influence American elections.
2017 – The MS Word Attack
A trojan horse named Dridex delivered via MS Word email attachments wreaked havoc in 2017 after millions of users fell prey to the attack.
2018 – The Marriott International Attack
As early as 2014, hackers compromised Marriott’s Starwood reservation database and gained access to personal identifying information (PII), credit card numbers, and preferences. The NY Times reported that a Chinese intelligence group was behind the attack.
2019 – The Alibaba Attack
Hackers accessed customer data from more than 1.1 billion Alibaba accounts via their TaoBao website. The hackers were crawling this data for more than eight months before the vulnerability was discovered.
2019 – The Facebook Attack
Hackers breached more than 540 million Facebook user accounts and stole personal identifying information (PII), comments, likes, and more by exploiting Amazon S3 buckets.
2021 – The LinkedIn Attack
More than 90% of LinkedIn’s users — some 700 million — had their personal information stolen and posted to the dark web by hackers who exploited LinkedIn’s API. Research in the UK shows that cybercriminals can use this stolen data in sophisticated social engineering attacks.