> series: anatomy_of_a_breach —— part: 096 —— year: 2016 —— verdict: billions_botnets_and_election_interference<span class="cursor-blink">_</span>_
2016 closed with a disclosure that surpassed everything that came before: on 14 December, Yahoo announced that a separate breach — distinct from the 500 million accounts disclosed in September — had compromised approximately one billion user accounts in August 2013. In 2017, Yahoo would revise this figure to all three billion accounts — making it the largest data breach in history. In the same month, Adult Friend Finder disclosed that 412 million accounts across its network had been compromised, with passwords stored using weak SHA-1 hashing.
The Yahoo and Adult Friend Finder disclosures capped a year of record-breaking scale. The Bangladesh Bank SWIFT heist stole $81 million. The Panama Papers leaked 11.5 million documents. The mega-breach data dumps put 542 million credentials on the dark web. Russia hacked the DNC to influence a presidential election. The Shadow Brokers stole NSA cyber weapons. The Mirai botnet used IoT devices to take down Twitter, Netflix, and Reddit. And in the UK, Tesco Bank lost £2.5 million from 9,000 customer accounts. Every previous ceiling — in breach scale, in geopolitical impact, in financial theft — was broken.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call| # | Breach | Key Lesson |
|---|---|---|
| 085 | Bangladesh Bank SWIFT | $81M stolen through the global banking backbone. A typo saved $870M. |
| 086 | Hollywood Presbyterian | Hospital pays $17K Bitcoin. Ransomware hits healthcare — WannaCry is 15 months away. |
| 087 | Panama Papers | 11.5M documents via unpatched WordPress. World leaders exposed. A law firm destroyed. |
| 088 | Philippines COMELEC | 55M voters' fingerprints and passports. Election security under existential threat. |
| 089 | Mega-Breach Data Dumps | Myspace 360M + LinkedIn 117M + Tumblr 65M. 542 million credentials for sale. |
| 090 | DNC Hack / Russia | Two Russian intelligence agencies. WikiLeaks. An election influenced. Phishing started it. |
| 091 | Credential Stuffing Epidemic | TeamViewer, GoToMyPC, dozens more. 542M credentials weaponised. MFA is the only answer. |
| 092 | Shadow Brokers | NSA's own tools stolen and auctioned. EternalBlue is coming. Patch or perish. |
| 093 | Yahoo 500M | Disclosed two years late. $350M off the acquisition price. Cyber due diligence is essential. |
| 094 | Dyn / Mirai Botnet | 100K webcams take down Twitter and Netflix. 62 default passwords. IoT is a weapon. |
| 095 | Tesco Bank | UK: £2.5M stolen, 9K accounts, £16.4M FCA fine. 'Largely avoidable.' |
| 096 | Yahoo 1B + AFF 412M + Review | Yahoo: 1 billion (later 3B). AFF: 412M. Every record broken. Every ceiling shattered. |
With 96 articles spanning eight years, this series has documented the complete transformation of cyber risk from an IT concern to a geopolitical, economic, and existential threat. From HMRC's lost CDs to Yahoo's three billion accounts, from Gonzalez's SQL injections to the NSA's stolen cyber weapons. The series continues into 2017 — the year WannaCry will devastate the NHS, NotPetya will cause $10 billion in global damage, and the Equifax breach will expose 147 million Americans. Everything that 2016 foreshadowed is about to arrive.
Penetration testing. Cyber Essentials. SOC in a Box. UK Cyber Defence. Eight years of evidence. One conclusion. The time to prepare was before the next headline. The next best time is now.
<a href="/penetration-testing">Test</a>. <a href="/cyber-essentials">Certify</a>. <a href="https://www.socinabox.co.uk">Monitor</a>. <a href="https://www.cyber-defence.io">Respond</a>. Because 2017 will be worse.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call