Skip to content

How the Biggest Hacks of the 2010s Compromised User Security


The 2010s was one of the worst decades from a cybersecurity standpoint. Some breaches were geopolitical, going after nation-states. But many affected individuals and their data. Here’s a list of some of the biggest hacks of the 2010s that compromised user security and changed the way we think about cybersecurity.

The Democratic National Committee

The 2016 hack of DNC chairman John Podesta made headlines around the U.S. presidential election that year. It’d still talked about years later. The result of the hack was the publication of emails and documents from the DNC’s servers, which many believe disrupted Hillary Clinton’s presidential campaign. It also exposed the personal information of several politicians.

Sony Playstation

In 2011, a hacker stole personally identifiable information and financial details of 77 million Sony Playstation Network users. At the time, this was one of the biggest hacks in the world and it cost Sony PSN major profits. The big takeaway from this hack was the sheer amount of damage that ensues when a company doesn’t take cybersecurity seriously.


In 2013, retail giant Target announced that their network was compromised and 40 million credit and debit card accounts were exposed. In the years after, hackers would start setting up “card shops” with stolen credit and debit card information with cloned cards to empty users’ bank accounts.

North Korea’s Sony Pictures attack

In 2014, Sony suffered another cyber attack, but this time for Sony Pictures. North Korea really didn’t want the film The Interview, a comedy about an assassination plot against leader Kim Jong-un, to come out. So North Korean hackers destroyed Sony’s internal network, leaked studio data, and released private emails online. This incident showed cybersecurity experts what North Korean hackers were capable of, and the country has become one of the most active in cyber-espionage today.


We’re still not sure who or what was behind the 2017 Equifax hack, but the breach exposed the financial data of more than 145.5 million people in the U.S., U.K., and Canada. What we do know is that the hack of one of three major consumer credit reporting agencies in the U.S. was caused by Equifax failing to patch a critical server.

Yahoo! breaches

Yahoo! had a tough decade. The company announced that up to 3 billion records were hacked as of 2016 — making it the largest data breach in history (so far). The breaches dated from 2013 and 2014 and the company agreed to pay $117.5 million to settle a class-action lawsuit in 2019.

Snowden leaks

The 2013 revelations of former NSA employee Edward Snowden — that the U.S. and its Five Eyes partners had a global surveillance network — encouraged countries like Russia and China to ramp up their own cyber-espionage efforts.


In 2014, a small group of hackers tricked celebrities into entering their Gmail or iCloud passwords through spear-phishing. With access to the accounts, hackers revealed nude images and videos of these stars online. Celebgate, also known as The Fappening, reiterates the importance of paying attention to bogus password reset emails.

Ashley Madison

The 2015 Ashley Madison data breach was unlike other breaches because of the nature of the site. It was a dating website for people wanting to have an affair. After the leak, some users encountered extortion attempts and some even committed suicide. While it may not have been one of the biggest data breaches of the 2010s, it was a very damaging data breach for users whose information was exposed.

Stuxnet and Shamoon

The 2010 Stuxnet attack wasn’t against individuals, but it was still a huge cybersecurity event. Stuxnet revealed that the U.S. and Israel were using sophisticated malware to sabotage Iran’s nuclear enrichment program. Why was Stuxnet such a big deal? It was the first time, outside of a movie, that malware was used to destroy physical objects, in this case Iran’s uranium-enrichment centrifuges.

It also sparked Shamoon two years later, when the Iranian government created their own cyber-weapon. Shamoon destroyed 35,000 workstations on the Saudi Aramco network, the national oil company of Saudi Arabia.

These incidents in the early years of the decade upped the ante with the use of cyberwarfare by nation-states.


The 2010s was the decade of IoT (Internet of Things) devices — and IoT hacks to go along with them. 2016 saw the introduction of Mirai, a malware that targets IoT devices. Mirai launches DDoS attacks and quickly became one of the most well-known malware globally. After Mirai, many people realized that their thermostats conveniently connected to the Internet might pose.


Retailer Under Armour suffered a data breach on its food and nutrition app, MyFitnessPal in 2018. The breach exposed the usernames, passwords, and associated email addresses of 150 million users.


In 2018, Marriott hotels announced a data breach of their Starwood properties, totaling 383 million hacked records. Names, addresses, and passport numbers of hotel guests were accessed due to the Starwood guest reservation system. Marriott confirmed that the hacking may have been ongoing since 2014.

The U.S. Office of Personnel Management

The OPM was attacked by Chinese hackers in 2015 in a hack sanctioned by the Chinese government. They got away with 21.5 million records of U.S. government employees. A simultaneous attack on Anthem resulted in 78.8 stolen medical records. With the two hacks’ combined data, the Chinese government could have identified and exposed CIA agents.

The 2010s saw many more hacks and data breaches than are mentioned on this list. Choosing hacks to feature here was difficult, not for the scarcity of information but because there were hundreds of major breaches during this decade to choose from. The light these hacks shone on poor cybersecurity will hopefully convince companies, corporations, and governments to take better care of their data in the future.

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety

How DNSBLs Work: Avoid Getting Blacklisted

When you open your email client, type a message, and hit “send” it seems so easy. You…

[Read More]
Stuart Madnick has been in cybersecurity since 1974 and knows a lot about the costs of cyberattacks.

The Cost of Cyberattacks: Minimizing Risk, Minimizing Damage

Most of us view the internet as a useful and benign tool. But in many ways, it’s…

[Read More]

How to Keep Your YouTube from getting Demonetized

You finally did it–you hit all of the markers for acceptance in the YouTube Partner program, and…

[Read More]

How to Stay Out of Facebook Jail

Many of us have been there before–behind the proverbial bars of social media punishment. We’re left shocked…

[Read More]
Lisa Plaggemier's job is to promote cyber security awareness.

Cyber Security Awareness for Everyone

You can do anything on the internet – shop, bank, meet your future spouse, become famous, and…

[Read More]

Cyberbullying Prevention: What Parents Can Do

It’s very easy for anyone to create a fake online profile and say or do mean things…

[Read More]