Hacking – 40 Statistics and Facts

People have been trying to find out ways to cheat systems for as long as they have existed. Hackers can be found in all walks of life. Some roam around on streets and use social engineering to reap monetary benefits, and then some do it from the comfort of their room on a computer.

In this article, we will familiarize you with some of the noticeable facts and incidents related to cyber hacking. The world of hacking is full of secrets and mysteries, and it is quite likely that what we present in this article might just be the tip of iceberg.

We still don’t know if the correct question to ask is, “how many have been hacked?” or “how many know they have been hacked?”

The numbers don’t lie

Let us begin with some stats. Numbers are always a great mean to understand the gravity of the situation, and here are some which might leave your jaws wide open.

1. There is a hacker attack every 39 seconds: Ok. That’s too many too fast.

A study at the University of Maryland came up with the figure. These are mostly brute force attacks that attempted to take advantage of weak passwords.

(Source: Security Magazine)

2. 58% of hackers are self-taught: Hacking is more about finding loopholes and chinks in the armor, and there is only so much that one can learn about it. Another interesting stat from the HackerOne report is that more than 50% of hackers learn to do it by themselves.

(Source: HackerOne)

3. China was the biggest loser to cybercrime in 2017 when it comes to money: The country with the supposedly most robust firewall was the biggest victim of cybercrime in the year 2017. They reported a $66.3 billion loss while the next biggest loser Brazil lost almost one-third of it. The United States and India were the next close followers.

(Source: Statista)

4. People lost $172 billion to cybercrime in 2017: It’s more than just a billion-dollar industry. With almost a billion people getting affected by cybercrimes, the average loss to each victim turned out to be $142. The stats also point towards the fact that hackers are now trying to go after smaller victims, as they have fewer means to defend themselves against the attacks.

(Source: Norton Cyber Security report 2017)

5. At least 36% of internet users have experienced getting hacked: You might be the next. 51% of participants of the survey were sure that they have never been hacked, but it is the remaining portion which posed some serious questions.

(Source: Statista)

The rise of bug bounties

Organizations and governments around the world are trying to find out ways to deal with the epidemic of cyberattacks. Since it’s next to impossible to create a system immune to cyberattacks, organizations are trying to find out their flaws before a cybercriminal does.

A significant part of providing cybersecurity is to find out the ways a system can be compromised and then plug the holes. Companies are now paying bounties to those who help them identify the shortcomings in their system.

The ethical hacking community is benefitting a lot from such bounty programs and in turn, helping companies become safer on the internet. Here are a few facts related to ethical hacking and bounty programs.

6. $11.7 million was awarded as bug bounty in 2017: Organizations are now inviting hackers from around the world to find weaknesses in their cybersecurity structure. They award a good sum of money to those who help them strengthening the cybersecurity. More and more hackers are now trying to secure bug bounties, as it’s legal and pays well too. Organizations across the world paid $11.7 million in bug bounties in 2017.

(Source: HackerOne)

7. The time is ripe to become a hacker: Cybersecurity jobs are expected to increase at a rate of 18% between the years 2014 and 2024. It means there will be a lot more jobs for ethical hackers. Cybersecurity is among the fastest-growing industries, and it would be a smart bet to be a part of it.

(Source: Tech.Co)

8. India has the highest share of ethical hackers in the world: About 23% of the users registered on HackerOne are Indians. The spot is closely contested by the USA with a share of 20%. Russia, Pakistan, and United Kingdom are the other big players.

(Source: HackerOne)

9. A bug bounty hunter usually makes 2.7 times the median software engineer salary in their country: It’s not much difficult to make money if you are good enough hacker, and I am not talking about the unlawful ways. Cybersecurity or ethical hacking is already proving to be a much beneficial career rather than conventional jobs in the field of computer science. The ethical hackers in India earn 16 times more than the median software engineer salary in the country.

(Source: HackerOne)

10. The United States accounts for 83% of all the bug bounties paid across the world: The fact that the country houses some of the biggest software companies in the world might have something to do with this. Or it can be just that they are more receptive to the concept of bug bounty. Whatever the reason may be, they are attracting and rewarding a lot of bug bounty hunters.

(Source: HackerOne)

11. Intel and Microsoft pay up to $250,000 for bug bounty, while Google and Apple are at $200,000: It’s only natural that the bigger players are paying the highest. A chink in the armor of any of these giants can have severe repercussions for people around the globe.

(Source: HackerOne)

The peculiar ways of hackers

The entertainment industry has painted hackers with an image of social misfits, who wear black hoodies while working on their computers and are continuously hammering down the keys on their keyboards.

While there might be a few hackers who fit the description given above, most of them are just like you and me with a little higher level of curiosity.

Most hackers enter into the world of cybercrime to make more money, and some do it just for fame or to have fun. These incidents and facts will help you understand this breed a bit better.

12. 25% of hackers are college-students: It should come as no surprise that it is mostly young people, who are into hacking. A significant portion of them comprises of college students. Most of them are usually enrolled in courses related to computer sciences, which helps them hone their skills.

(Source: HackerOne)

13. FBI found it difficult to hire cybersecurity professionals as a lot of them like marijuana: Yeah, true. Back in 2014, FBI came across an unusual roadblock. Many of the top candidates for cybersecurity position liked smoking weed, and the hiring policy wouldn’t let them in.

(Source: Wall Street Journal)

14. They put a hacker into prison, who then hacked into the prison’s computer system: In an interesting turn of events, a hacker serving his sentence in prison, was enrolled for an IT class. The hacker used the opportunity to hack into prison’s system.

(Source: Mail Online)

15. Stephen Wozniak was expelled from university for hacking into the university computer system and sending prank messages: The late founder of Apple Inc. was a hacker at heart. He breached into his university’s computer system and sent out prank messages.

(Source: CU Independent)

16. Kevin Mitnick was kept in solitary confinement for one year as authorities feared that he could whistle into payphones to launch nuclear missiles: Sounds like a superpower to me. Kevin Mitnick, who was once in FBI’s most wanted list for cybercrime, had to serve one of his five years in prison because of such an apprehension.

(Source: YouTube)

17. The first juvenile incarcerated for cybercrime in the US caused a 21-day shutdown at NASA: A prodigy?

The case was reported back in 2000. The boy was lucky that he wasn’t an adult at the time of committing the crime; else, the punishment could’ve been a lot severe. He got away with six months of juvenile detention, which could’ve otherwise been ten years.

(Source: AP News)

18. Gary McKinnon would hack into US defense websites and leave the message “your security is crap.”: The actions of McKinnon were described as the biggest military hack of all time by US lawyers. McKinnon said that he did all of it to unearth the mysteries related to UFOs.

There was a long tussle between the US authorities and McKinnon’s lawyers for his extradition. He was later diagnosed with Asperger’s syndrome, which helped his case a lot.

(Source: The Guardian)

19. A Bangladeshi hacker compromised 700,000 websites at once: A hacker going by the name TIGERM@TE once hacked 700,000 websites hosted on the InMotion hosting network. In a conversation with an organization, he claimed that it was not just a server hack, but the whole data center got hacked.

(Source: The Hacker News)

20. The hacker did the job so well that it took LinkedIn four years to know about it: A hacker who goes by the name Peach put out account details of 167 million LinkedIn users up for sale on a darknet marketplace in 2016. The hack took place four years after the LinkedIn breach of 2012. It means LinkedIn would’ve never known about the incident if the data wasn’t put up for sale on the dark web.

(Source: Vice)

21. Vladimir Levin robbed $10 million from Citibank: It happened back in 1995 when electronic transfers weren’t that mainstream. A Russian hacker got into the servers of Citibank and diverted wire transfers to his accounts. Hackers are always known to be one step ahead of cybersecurity agencies, and this was one great example of it.

(Source: Los Angeles Times)

22. When 15-year-old ‘Mafiaboy’ took down Amazon, Yahoo, and other multinational companies: Michael Calce, known as Mafiaboy in the online world, was only a high-school student when he took down the websites of some of the biggest companies in the world. CNN, Dell, eBay, Yahoo, Amazon, and E*Trade were the victims of a DDoS attack that took down their websites. Calce got away with only 8 months of detention, as he was only a minor. He is now a white hat hacker helping companies find flaws in their cybersecurity mechanisms.

(Source: npr)

23. A German teenager brought down systems across the globe from his bedroom: Sven Jaschan created a virus called Sasser. The worm took down systems working on Windows 2000 and Windows XP. Given the popularity of Windows, it was only natural that virus had some devastating impact. Hospitals, government offices, rail networks, postal systems, defense agencies, and airline companies were among the victims of the virus. Since he was only a minor at the time of launching the virus, he got away with very few repercussions of these actions.

(Source: The Guardian)

24. “I wanted to see how much my computer programming skills had improved since the last time I was arrested.”: This is what Masato Nakatsuji told police when he was caught for spreading a virus that replaces all the files on a drive with images of sea urchin, octopus, and squid. He obfuscated the virus as a music file, which would wreak havoc on your computer once you open the file. The estimated number of systems affected by the virus are somewhere between 20,000 to 50,000.

(Source: Wired)

25. The Anonymous group: Hackers often work in groups. Some do it for money, some do it just for fun, and some do it for the right reasons. Or at least that’s what they think. Anonymous is probably one of the most popular hacktivist group known to people around the world. They have often stepped up for social causes against authorities and corporations. The group has been successful in keeping itself away from any individual identity. It is highly decentralized and still going strong even after arrests of multiple hackers related to the group.

(Source: The Guardian)

The head-turning hacks

Cyberattacks have now become a very common instance. They keep making the news now and then. But there are few which seem more attention-worthy than others. It can be the severity of the attack, the funny side of it, the brilliance of it, or even its reach can make it stand out from the rest.

Here are a few such hacking incidents worth your attention.

26. Russian hackers broke into JP Morgan and stole information of millions of users and businesses: They hacked into the biggest bank of the United States and got their hands of information on financial details of millions of users and businesses. The hackers would later leverage all this information to carry out scams. It is the largest known attack on a US bank.

(Source: Bloomberg)

27. They used a digital weapon to take down Iran’s atomic power plant: Stuxnet was allegedly developed by the US and Israel to cause some physical damage, which is usually not the case with computer malware. They injected the worm into the plant’s system with USBs. And once it got into the systems, it made the uranium centrifuge to spin too fast, which ultimately led to failure.

(Source: CSO)

28. Hack of the century: Sony fell victim to a huge cyber attack before the release of a movie called ‘The Interview.’ The movie is based on killing the North Korean leader. There were no surprises when the attack was linked to North Korea. The attack downloaded and deleted files from computers and servers in Sony’s network. The hackers released a lot of Sony’s data on online platforms including the Social Security numbers of 47,000 employees. Anyone logging into the network would face gunshot sounds, zombies, and threatening messages. It spread across continents and took down almost half of Sony’s data.

(Source: Fortune)

29. Hackers from MI6 replaced bombs with cupcakes: We all know hackers are creative people, and they often come with a dash of humor, even if they are working with one of the biggest spying agencies of the world. In one such case, MI6 hackers replaced bomb-making tutorials with cupcake recipes on al-Qaeda’s website. And it was a recipe for not just any cupcakes. It was for the world’s best cupcakes.

(Source: The Telegraph)

30. FBI’s most-wanted cyber criminals: Bjorn Daniel Sundin and Shaileshkumar P. Jain are at the top of FBI’s list of most-wanted cyber criminals. They made users from across 60 countries purchase one million bogus software products by publishing fake advertisements on legitimate websites. The estimated loss is $100 million, and there is a $20,000 bounty on each of them.

(Source: Federal Bureau of Investigation)

31. Allegedly, North Korea has an army of hackers: The country with only two internet connections with the outside world has now become a hacking superpower. North Korea is often held responsible for cyberattacks around the world. It targets banks, bitcoin exchanges, rail networks, and so on. Cybersecurity experts across the world consider them a serious threat.

(Source: South China Morning Post)

32. Operation Shady Rat: It is one of the most controversial cyber attacks of all time. No one seems to be sure of the extent of damage by this attack, and it is mere speculation of who could be behind this attack. Operation Shady Rat is a prime example of how the world is entering an era of cyberespionage.

It is a series of attacks directed at various government and civil organizations across the globe to gain access to servers of these organizations and extract information stored on them. Agencies across the US, India, Taiwan, South Korea, and Canada seem to be affected by this intrusion. Other notable victims are the United Nations and International Olympic Committee.

Experts in the field are suggesting that China might be behind this attack. It all seems coherent with the nation’s resources, potential gains, and their usual approach to cyber warfare. Some also deem Operation Shady Rat as the biggest cyber-attack of all time.

(Source: Naked Security, Symantec, Wired)

33. Mt. Gox exchange robbery: One of the arguments in favor of cryptocurrency has been that it is much more secure than the conventional form of money. However, the world’s biggest exchange for digital currency fell prey to the biggest digital robbery ever.

Mt. Gox lost around 740,000 bitcoins to a cyber hack. It is 6% of total bitcoins in existence and currently valued at around $6.2 billion. It wasn’t an overnight event. The hackers were on it for a couple of years. The slowly but steadily stole away digital currency from the exchange without letting anyone know about it.

(Source: Blockonomi)

34. They turned Burger King into McDonald’s: Not all cyberattacks are for monetary reasons. Sometimes the hackers do it for fun or to check if they can do it. The Twitter community got confused when the official Burger King twitter account changed to McDonald’s. A series of strange tweets then followed it. The hackers somehow ended up doing more good than bad to Burger King as the account gained a significant number of followers after the attack.

(Source: Mashable)

Types of hackers

Not all hackers are the same. You can differentiate between them based on their motives and the ways they use to get the task done.

You must know your hackers well. Here are a few terms worth remembering.

35. Black hat hackers: These are your stereotypical hackers who don’t follow any laws. These hackers gain unauthorized access to systems and try to get some personal benefits. They are involved in data theft, illegal transactions, malware injection, and so on.

(Source: Norton)

36. White hat hackers: These also try to find a weakness in the system just like any black hat hacker. But white-hat hackers usually have permission to do so. The difference being that they come with all the necessary permissions and find anomalies to get rid of them instead of exploiting them.

(Source: Norton)

37. Gray hat hackers: These hackers keep crossing the fine line between what is ethical and what is not. They may break into systems without the necessary permission, but once they are successful, they inform about it to the concerned authority.

(Source: Norton)

38. Script Kiddies: The term is used for those hackers who take the help of already made tools to compromise systems. There are plenty of tools available out there which allow the user to identify any vulnerabilities in the system.

(Source: BestIPHider)

39. Hacktivist: Hacktivists work mostly for social causes. It can be anything ranging from fighting cybercrime to saving the environment. They often take down websites publish their agenda or message on the website instead.

(Source: United States Cybersecurity Magazine)

40. Phreaker: This might be a somewhat different class as opposed to your regular hackers. A phreaker hacks into the telecommunication networks. It can be to make free long-distance calls, to tap into phones, and for all other kinds of purposes.

(Source: Techopedia)


  1. Security Magazine
  2. HackerOne
  3. Statista
  4. Norton Cyber Security report 2017
  5. Statista
  6. HackerOne
  7. Tech.Co
  8. HackerOne
  9. HackerOne
  10. HackerOne
  11. HackerOne
  12. HackerOne
  13. Wall Street Journal
  14. Mail Online
  15. CU Independent
  16. YouTube
  17. AP News
  18. The Guardian
  19. The Hacker News
  20. Vice
  21. Los Angeles Times
  22. npr
  23. The Guardian
  24. Wired
  25. The Guardian
  26. Bloomberg
  27. CSO
  28. Fortune
  29. The Telegraph
  30. Federal Bureau of Investigation
  31. South China Morning Post
  32. Naked Security, Symantec, Wired
  33. Blockonomi
  34. Mashable
  35. Norton
  36. Norton
  37. Norton
  38. BestIPHider
  39. United States Cybersecurity Magazine
  40. Techopedia