The Worst Hacks of 2017 — So Far…

Last year, we saw cyberattacks on Mark Zuckerberg, Olympic athletes and the DNC. We don’t know what people or companies hackers will hit in 2017, but we don’t need to wait long for another reminder to protect our privacy and be cautious of our online actions.

At the beginning of the year, hackers launched a major phishing scheme accessing the accounts of hundreds of Gmail users and their contacts. Also this year, we’ve seen hacking group OurMine make its 2017 debut by breaking into the WWE’s Twitter accounts and CNN’s Facebook pages.

Related: From the DNC to Mark Zuckerberg — Here Are the Worst Hacks of 2016

In one of the biggest hacks yet this year, hundreds of Twitter accounts worldwide have fallen victim to Turkish hackers, posting derogatory political messages in the midst of discord between the Turkish government and the Netherlands and Germany.

Check out the worst hacks of 2017 — so far.

If you visited a Chipotle restaurant between March 24 and April 17 this year, your credit card information may be subject to hackers. On May 26, Chipotle announced that it discovered malware behind a hack earlier this year. The fast-casual company said that “most” of its locations were affected, and in order to find out if your information was subjected, Chipotle has released a locator tool that lets customers check if the location they visited was a victim of the attack.

“The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device,” the company said in a statement.

The company isn’t legally required to offer customers any credit protection from hacks, so it recommends filing a police report, contacting the FTC or freezing your account, reports the Verge. 

On May 15, hackers threatened Disney that it would release one of its upcoming movies unless the company pays a hefty ransom in Bitcoin.

The hackers were threatening to release 20-minute chunks of an unnamed film, which Deadline reported to be Pirates of the Caribbean: Dead Men Tell No Lies, which hit theaters on May 26.  

However, Disney held its ground. CEO Bob Iger said the company will not be paying the ransom and is working with federal investigators.

On May 25, it was reported that the hack was a fake threat. “To our knowledge we were not hacked. We had a threat of a hack of a movie being stolen. We decided to take it seriously but not react in the manner in which the person who was threatening us had required,” Iger told Yahoo Finance.

The global ransomware attack “WannaCry” hacked thousands of Windows-based computers in mid-May. The cyber attack gated off users’ files and demanded them to pay in Bitcoin in order to get them unlocked.

According to European law enforcement agency Europol, more than 200,000 computers in more than 150 countries were victims of the hack. Victims include U.K. hospitals, FedEx and Russian Railways.

On the eve of the French presidential election, President-Elect Emmanuel Macron was targeted by a “massive and coordinated” hacking attack. Tens of thousands of emails and other documents — many of which were fake — were released overnight in an alleged attempt to impact the election results in support of Marine Le Pen.

“You will find jokes, you will find tens of thousands of invoices from suppliers … and you will find hundreds of exchanges on the manifesto, on organising events. In fact, all that makes a campaign,” Mounir Mahjoubi, head of Macron’s digital team, told Radio France. “There are files that have been added to these archives … fake emails that have been added.”

The hack has been linked to Russian cybersecurity research firms that reportedly attacked Hillary Clinton’s campaign shortly before the U.S. election.

False alarm, Dallas. On the night of April 7, around a quarter before midnight, all of the city’s 156 emergency weather sirens went off. There was no emergency. Blaring for an hour and a half to the city’s 1.3 million residents, city officials eventually turned off the system altogether. As it turns out, city officials ruled out a glitch in the system and named the event a hack.

“It does appear at this time it was a hack,” city spokeswoman Sana Syed shared at a news conference the following day. “And we do believe it came from the Dallas area.” Although the culprit has yet to be found, Dallas’ Mayor Mike Rawlings said the city “will work to identify and prosecute those responsible.”

Ever wonder what the end of the world feels like? #dallas #sirens pic.twitter.com/dvokKWkZ6N

— ManicPixieDreamGay (@deadlyblonde) April 8, 2017

Video game retailer Gamestop announced on April 7 that its online payment platform fell victim to hackers. Data from customer cards — including card number, expiration date, name, address and alarmingly, the three-digit security code — used to purchase items from Gamestop.com appeared to be for sale online.

In a blog post, security expert Brian Krebs shared that “Gamestop.com was likely compromised by intruders between mid-September 2016 and the first week of February 2017.”

Watch out: hackers have discovered a highly-effective phishing scheme that’s fooled users into forfeiting their login credentials. The hacker — usually disguised as a close email contact — is found to be sending emails with a “PDF” attachment. Upon clicking the attachment, which is not actually a PDF but appears like one, victims are led to a fake Gmail login page.

Don’t be fooled by this seemingly identical page. If you look at the browser’s URL, you’ll smell the phishy business.

The address bar says “data URI” at the beginning of it, identifying it as an imposter. Most people haven’t noticed though, instead submitting their sign-in information, essentially handing the hacker access to their accounts and all of their trusted contacts.

This is the closest I’ve ever come to falling for a Gmail phishing attack. If it hadn’t been for my high-DPI screen making the image fuzzy… pic.twitter.com/MizEWYksBh

— Tom Scott (@tomscott) December 23, 2016

Last year, hacking group OurMine was the leader of some big-time, harmless hacks. As a means to promote its cyber security services, the company broke into social media accounts of big names such as Mark Zuckerberg, Marissa Mayer and Jack Dorsey.

The group recently hit its first big victim of 2017: the WWE. On Jan. 28, Twitter accounts of WWE and its affiliates were hacked, such as WWE Universe, WWE NXT, wrestler John Cena, WrestleMania, Summer Slam and the WWE itself, reports Mashable. The WWE’s Tumblr page was also compromised.

Per usual, the company didn’t break into these accounts — which happened to all be linked through the WWE’s main account —  for malicious reasons. OurMine broke in and informed the company how unsecure its accounts are, and offered its commercial services to help. “We’re just testing your security,” posted the company — which seems to be its well-known tagline.

Hacking group Our Mine was feeling ambitious over the Jan. 28 weekend. A day after breaking into WWE’s accounts, the cyber security company went for its next victim: CNN. On Jan. 29, the main CNN facebook page, along with CNN International and CNN Politics were hacked.

These hacks appeared harmless: OurMine simply posted that it was just testing the security of the accounts and left its logo.

Indian airline IndiGo fell victim to cyber attacks twice. Most recently, the company’s Twitter account, which previously had more than 100,000 followers, got hijacked by someone who changed the handle to @activevibezzz1. Sadly, the company is having issues launching a new account too — after its Twitter name was changed, its old handle name @IndiGo6e was up for grabs and someone quickly took ownership of it.

Less than a week before this incident, a hacker broke into the company’s Twitter and began posting offensive tweets.

From Duke University to Justin Bieber to the Atlanta Police Department, Twitter accounts worldwide are being hijacked, with the hackers spreading a political message.

In the midst of Turkish President Recep Erdogan’s diplomatic feud with the Netherlands and Germany, pro-Turkey hackers have been posting on various accounts referring to the upcoming April 16 elections, when a referendum will be held in Turkey that could give Erdogan more power.  

Clearly pro-Erdogan, the hackers are breaking into accounts, posting tweets in Turkish, displaying the swastika, referring to Adolf Hitler and using the hashtags #Nazihollanda and #Nazialmanya, which translates to “Nazi Holland” and “Nazi Germany.” The tweets also link to a video of Erdogan.

A bunch of Twitter accounts including @Forbes have been hacked pic.twitter.com/53Z9nUsRRO

— Arjun Kharpal (@ArjunKharpal) March 15, 2017

Nobody is safe, even Justin Bieber’s Japanese account got hacked pic.twitter.com/urlSw4yaOy

— Arjun Kharpal (@ArjunKharpal) March 15, 2017

It’s suspected that the hackers took advantage of a vulnerability in the third party Twitter analytics app Twitter Counter, which many organizations, businesses and people use. The hack seems to have hit nearly every industry — media outlets, sports leagues, government departments, universities, fast food chains, celebrities and major brands have fallen victim. Forbes, BBC, Duke University, Justin Bieber’s Japanese account, UNICEF USA, U.K. Department of Health, Atlanta Police Department, Sprint and Nike Spain, to name a few, have fallen victim to the hack.