• United States



John McAfee ranks the biggest hacks ever

Aug 03, 20174 mins
CyberattacksCybercrimeData and Information Security

Tech pioneer explains the most damaging and noteworthy cyber attacks of all time.

cyber attack virus meltdown
Credit: thinkstock

Cybersecurity luminary John McAfee was asked to share the 10 biggest hacks ever with CSO.

Below is McAfee’s list and commentary, which he provided in an email exchange this morning.

McAfee’s Top Hacks

1. Stuxnet (2010)

Carried out by at least one Nation State, Stuxnet was, at the time, the most sophisticated hack to have hit the world stage. Able to determine its exact location and environment, it destroyed a sizeable number of Iran’s nuclear centrifuges. Had it gone wrong, it could have indiscriminately destroyed centrifuges around the world.

2. U.S. Office of Personnel Management hack (2015)

Certainly the largest espionage coup of all time, unknown actors walked off with detailed records of every employee and consultant of the U.S. government for the past 50 years, including all top-secret cleared employees. The OPM hack had been in progress for two years before it was discovered.

3. FBI hack by a 15-year-old boy (2016)

A 15-year-old, in November of 2016, hacked the FBI and released detailed information about every undercover FBI officer in America. The data was released on the Dark Web. The notable and relevant point about this hack was the lack of sophistication and training on the part of the hacker. The (allegedly) most secure system within the U.S. government being vulnerable to a rank amateur hacker certainly ranks this among the great hacks.

4. The DNC hack (2016)

Stemming from a trivial phishing hack, the hack on the Democratic National Committee (DNC) importance grew in direct proportion to its lack of understanding. I rank this as an important hack because it demonstrates how our government’s and public’s ignorance of the reality of hacking can be politically used to manipulate opinion and place blame. The totally false attribution of blame to the Russian State reached to the levels of the halls of Congress.

5. The Conficker worm (2008)

The Conficker hack, first perpetrated in 2008, has not done the damage that more recent hacks have achieved, but it is notable in that it refuses to die. It is still replicating itself from one machine to another, turning each one into a zombie bot or into a keylogger that steals credit card information. The continued existence of this worm should be absolute proof to all that our existing antivirus paradigm (which I created) is no longer functional at any level.

6. The Home Depot hack (2014)

This hack achieved the largest retail credit card breach in human history. Once they breached the first Home Depot store, the hackers worked their way throughout the continent. They monitored the payment transactions on over 7,000 of The Home Depot self-serve checkout registers and skimmed credit card numbers as customers paid for their purchases. This hack is noteworthy because it gained access, within less than a day, to over 50 million credit cards.

7. The eBay hack (2014)

Many people downplayed this eBay hack, since no apparent financial or other objective damage was done. Yet, in my mind, this is one of the worst hacks in history. What was stolen was the personal information of 145 million eBay users. This is eight times the number of people compromised in the OPM hack and five times the exposure created by the Ashley Madison hack, which led to the suicides of dozens of people. We must wake up to the dangers imposed by the theft of our personal information.

8. J.P. Morgan Chase & Co. hack (2014)

This hack of the largest bank in America took the personal financial information of more than 75 million customers of the bank. What puzzled investigators was that the hackers had breached an access level that would have allowed them to have stolen billions if they had chosen, yet they did not. To me, this is no mystery at all. Combining this hack with just one or two others (The Panama Papers hack, and the OPM hack, for example) might certainly prove many times more valuable in influence through blackmail and other avenues. We must learn to think in bigger terms when we assess the damage of a given hack.

9. The LinkedIn hack (2012)

The notability of this hack is that more than 160 million records of personal information was stolen in a hack that began in 2012. It was not discovered for four years. If this is not the nail in the coffin of the antivirus paradigm, then please, tell me what that nail would be.

Visit to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.