Hacking – 40 Statistics and Facts

People have been trying to find out ways to
cheat systems for as long as they have existed. Hackers can be found in all
walks of life. Some roam around on streets and use social engineering to reap
monetary benefits, and then some do it from the comfort of their room on a

In this article, we will familiarize you
with some of the noticeable facts and incidents related to cyber hacking. The
world of hacking is full of secrets and mysteries, and it is quite likely that
what we present in this article might just be the tip of iceberg.

We still don’t know if the correct question
to ask is, “how many have been hacked?” or “how many know they have been

The numbers don’t lie

Let us begin with some stats. Numbers are
always a great mean to understand the gravity of the situation, and here are
some which might leave your jaws wide open.

1. There is a hacker attack every 39
Ok. That’s too many too fast.

A study at the University of Maryland came
up with the figure. These are mostly brute force attacks that attempted to take
advantage of weak passwords.

(Source: Security Magazine)

2. 58% of hackers are self-taught: Hacking
is more about finding loopholes and chinks in the armor, and there is only so
much that one can learn about it. Another interesting stat from the HackerOne
report is that more than 50% of hackers learn to do it by themselves.

(Source: HackerOne)

3. China was the biggest loser to
cybercrime in 2017 when it comes to money:
The country with the supposedly
most robust firewall was the biggest victim of cybercrime in the year 2017.
They reported a $66.3 billion loss while the next biggest loser Brazil lost
almost one-third of it. The United States and India were the next close

(Source: Statista)

4. People lost $172 billion to
cybercrime in 2017:
It’s more than just a billion-dollar industry. With
almost a billion people getting affected by cybercrimes, the average loss to
each victim turned out to be $142. The stats also point towards the fact that
hackers are now trying to go after smaller victims, as they have fewer means to
defend themselves against the attacks.

(Source: Norton Cyber Security report 2017)

5. At least 36% of internet users have
experienced getting hacked:
You might be the next. 51% of participants of
the survey were sure that they have never been hacked, but it is the remaining
portion which posed some serious questions.

(Source: Statista)

The rise of bug bounties

Organizations and governments around the world are trying to find out ways to deal with the epidemic of cyberattacks. Since it’s next to impossible to create a system immune to cyberattacks, organizations are trying to find out their flaws before a cybercriminal does.

A significant part of providing
cybersecurity is to find out the ways a system can be compromised and then plug
the holes. Companies are now paying bounties to those who help them identify
the shortcomings in their system.

The ethical hacking community is
benefitting a lot from such bounty programs and in turn, helping companies
become safer on the internet. Here are a few facts related to ethical hacking
and bounty programs.

6. $11.7 million was awarded as bug
bounty in 2017:
Organizations are now inviting hackers from around the
world to find weaknesses in their cybersecurity structure. They award a good
sum of money to those who help them strengthening the cybersecurity. More and
more hackers are now trying to secure bug bounties, as it’s legal and pays well
too. Organizations across the world paid $11.7 million in bug bounties in 2017.

(Source: HackerOne)

7. The time is ripe to become a hacker: Cybersecurity
jobs are expected to increase at a rate of 18% between the years 2014 and 2024.
It means there will be a lot more jobs for ethical hackers. Cybersecurity is
among the fastest-growing industries, and it would be a smart bet to be a part
of it.

(Source: Tech.Co)

8. India has the highest share of
ethical hackers in the world:
About 23% of the users registered on
HackerOne are Indians. The spot is closely contested by the USA with a share of
20%. Russia, Pakistan, and United Kingdom are the other big players.

(Source: HackerOne)

9. A bug bounty hunter usually makes 2.7
times the median software engineer salary in their country:
It’s not much
difficult to make money if you are good enough hacker, and I am not talking
about the unlawful ways. Cybersecurity or ethical hacking is already proving to
be a much beneficial career rather than conventional jobs in the field of
computer science. The ethical hackers in India earn 16 times more than the
median software engineer salary in the country.

(Source: HackerOne)

10. The United States accounts for 83%
of all the bug bounties paid across the world:
The fact that the country
houses some of the biggest software companies in the world might have something
to do with this. Or it can be just that they are more receptive to the concept
of bug bounty. Whatever the reason may be, they are attracting and rewarding a
lot of bug bounty hunters.

(Source: HackerOne)

11. Intel and Microsoft pay up to
$250,000 for bug bounty, while Google and Apple are at $200,000:
It’s only
natural that the bigger players are paying the highest. A chink in the armor of
any of these giants can have severe repercussions for people around the globe.

(Source: HackerOne)

The peculiar ways of hackers

The entertainment industry has painted
hackers with an image of social misfits, who wear black hoodies while working
on their computers and are continuously hammering down the keys on their

While there might be a few hackers who fit
the description given above, most of them are just like you and me with a
little higher level of curiosity.

Most hackers enter into the world of
cybercrime to make more money, and some do it just for fame or to have fun. These
incidents and facts will help you understand this breed a bit better.

12. 25% of hackers are college-students:
It should come as no surprise that it is mostly young people, who are into
hacking. A significant portion of them comprises of college students. Most of
them are usually enrolled in courses related to computer sciences, which helps
them hone their skills.

(Source: HackerOne)

13. FBI found it difficult to hire
cybersecurity professionals as a lot of them like marijuana:
Yeah, true. Back
in 2014, FBI came across an unusual roadblock. Many of the top candidates for
cybersecurity position liked smoking weed, and the hiring policy wouldn’t let
them in.

(Source: Wall Street Journal)

14. They put a hacker into prison, who
then hacked into the prison’s computer system:
In an interesting turn of
events, a hacker serving his sentence in prison, was enrolled for an IT class.
The hacker used the opportunity to hack into prison’s system.

(Source: Mail Online)

15. Stephen Wozniak was expelled from university
for hacking into the university computer system and sending prank messages:
late founder of Apple Inc. was a hacker at heart. He breached into his
university’s computer system and sent out prank messages.

(Source: CU Independent)

16. Kevin Mitnick was kept in solitary
confinement for one year as authorities feared that he could whistle into
payphones to launch nuclear missiles:
Sounds like a superpower to me. Kevin
Mitnick, who was once in FBI’s most wanted list for cybercrime, had to serve
one of his five years in prison because of such an apprehension.

(Source: YouTube)

17. The first juvenile incarcerated for
cybercrime in the US caused a 21-day shutdown at NASA:
A prodigy?

The case was reported back in 2000. The boy
was lucky that he wasn’t an adult at the time of committing the crime; else,
the punishment could’ve been a lot severe. He got away with six months of
juvenile detention, which could’ve otherwise been ten years.

(Source: AP News)

18. Gary McKinnon would hack into US
defense websites and leave the message “your security is crap.”:
actions of McKinnon were described as the biggest military hack of all time by
US lawyers. McKinnon said that he did all of it to unearth the mysteries
related to UFOs.

There was a long tussle between the US
authorities and McKinnon’s lawyers for his extradition. He was later diagnosed
with Asperger’s syndrome, which helped his case a lot.

(Source: The Guardian)

19. A Bangladeshi hacker compromised
700,000 websites at once:
A hacker going by the name [email protected] once hacked
700,000 websites hosted on the InMotion hosting network. In a conversation with
an organization, he claimed that it was not just a server hack, but the whole
data center got hacked.

(Source: The Hacker News)

20. The hacker did the job so well that
it took LinkedIn four years to know about it:
A hacker who goes by the name
Peach put out account details of 167 million LinkedIn users up for sale on a
darknet marketplace in 2016. The hack took place four years after the LinkedIn
breach of 2012. It means LinkedIn would’ve never known about the incident if
the data wasn’t put up for sale on the dark web.

(Source: Vice)

21. Vladimir Levin robbed $10 million
from Citibank:
It happened back in 1995 when electronic transfers weren’t
that mainstream. A Russian hacker got into the servers of Citibank and diverted
wire transfers to his accounts. Hackers are always known to be one step ahead
of cybersecurity agencies, and this was one great example of it.

(Source: Los Angeles Times)

22. When 15-year-old ‘Mafiaboy’ took
down Amazon, Yahoo, and other multinational companies:
Michael Calce, known
as Mafiaboy in the online world, was only a high-school student when he took
down the websites of some of the biggest companies in the world. CNN, Dell,
eBay, Yahoo, Amazon, and E*Trade were the victims of a DDoS attack that took
down their websites. Calce got away with only 8 months of detention, as he was
only a minor. He is now a white hat hacker helping companies find flaws in
their cybersecurity mechanisms.

(Source: npr)

23. A German teenager brought down
systems across the globe from his bedroom:
Sven Jaschan created a virus
called Sasser. The worm took down systems working on Windows 2000 and Windows XP.
Given the popularity of Windows, it was only natural that virus had some
devastating impact. Hospitals, government offices, rail networks, postal
systems, defense agencies, and airline companies were among the victims of the
virus. Since he was only a minor at the time of launching the virus, he got
away with very few repercussions of these actions.

(Source: The Guardian)

24. “I wanted to see how much my
computer programming skills had improved since the last time I was
This is what Masato Nakatsuji told police when he was
caught for spreading a virus that replaces all the files on a drive with images
of sea urchin, octopus, and squid. He obfuscated the virus as a music file,
which would wreak havoc on your computer once you open the file. The estimated
number of systems affected by the virus are somewhere between 20,000 to 50,000.

(Source: Wired)

25. The Anonymous group: Hackers
often work in groups. Some do it for money, some do it just for fun, and some
do it for the right reasons. Or at least that’s what they think. Anonymous is
probably one of the most popular hacktivist group known to people around the
world. They have often stepped up for social causes against authorities and
corporations. The group has been successful in keeping itself away from any
individual identity. It is highly decentralized and still going strong even
after arrests of multiple hackers related to the group.

(Source: The Guardian)

The head-turning hacks

Cyberattacks have now become a very common
instance. They keep making the news now and then. But there are few which seem
more attention-worthy than others. It can be the severity of the attack, the
funny side of it, the brilliance of it, or even its reach can make it stand out
from the rest.

Here are a few such hacking incidents worth
your attention.

26. Russian hackers broke into JP Morgan
and stole information of millions of users and businesses:
They hacked into
the biggest bank of the United States and got their hands of information on
financial details of millions of users and businesses. The hackers would later
leverage all this information to carry out scams. It is the largest known
attack on a US bank.

(Source: Bloomberg)

27. They used a digital weapon to take
down Iran’s atomic power plant:
Stuxnet was allegedly developed by the US
and Israel to cause some physical damage, which is usually not the case with
computer malware. They injected the worm into the plant’s system with USBs. And
once it got into the systems, it made the uranium centrifuge to spin too fast,
which ultimately led to failure.

(Source: CSO)

28. Hack of the century: Sony fell
victim to a huge cyber attack before the release of a movie called ‘The
Interview.’ The movie is based on killing the North Korean leader. There were
no surprises when the attack was linked to North Korea. The attack downloaded
and deleted files from computers and servers in Sony’s network. The hackers released
a lot of Sony’s data on online platforms including the Social Security numbers
of 47,000 employees. Anyone logging into the network would face gunshot sounds,
zombies, and threatening messages. It spread across continents and took down
almost half of Sony’s data.

(Source: Fortune)

29. Hackers from MI6 replaced bombs with
We all know hackers are creative people, and they often come with
a dash of humor, even if they are working with one of the biggest spying
agencies of the world. In one such case, MI6 hackers replaced bomb-making
tutorials with cupcake recipes on al-Qaeda’s website. And it was a recipe for
not just any cupcakes. It was for the world’s best cupcakes.

(Source: The Telegraph)

30. FBI’s most-wanted cyber criminals: Bjorn
Daniel Sundin and Shaileshkumar P. Jain are at the top of FBI’s list of most-wanted
cyber criminals. They made users from across 60 countries purchase one million
bogus software products by publishing fake advertisements on legitimate
websites. The estimated loss is $100 million, and there is a $20,000 bounty on
each of them.

(Source: Federal Bureau of Investigation)

31. Allegedly, North Korea has an army
of hackers:
The country with only two internet connections with the outside
world has now become a hacking superpower. North Korea is often held
responsible for cyberattacks around the world. It targets banks, bitcoin exchanges,
rail networks, and so on. Cybersecurity experts across the world consider them
a serious threat.

(Source: South China Morning Post)

32. Operation Shady Rat: It is one
of the most controversial cyber attacks of all time. No one seems to be sure of
the extent of damage by this attack, and it is mere speculation of who could be
behind this attack. Operation Shady Rat is a prime example of how the world is entering
an era of cyberespionage.

It is a series of attacks directed at
various government and civil organizations across the globe to gain access to
servers of these organizations and extract information stored on them. Agencies
across the US, India, Taiwan, South Korea, and Canada seem to be affected by
this intrusion. Other notable victims are the United Nations and International
Olympic Committee.

Experts in the field are suggesting that
China might be behind this attack. It all seems coherent with the nation’s
resources, potential gains, and their usual approach to cyber warfare. Some
also deem Operation Shady Rat as the biggest cyber-attack of all time.

(Source: Naked Security, Symantec, Wired)

33. Mt. Gox exchange robbery: One of
the arguments in favor of cryptocurrency has been that it is much more secure
than the conventional form of money. However, the world’s biggest exchange for
digital currency fell prey to the biggest digital robbery ever.

Mt. Gox lost around 740,000 bitcoins to a
cyber hack. It is 6% of total bitcoins in existence and currently valued at
around $6.2 billion. It wasn’t an overnight event. The hackers were on it for a
couple of years. The slowly but steadily stole away digital currency from the
exchange without letting anyone know about it.

(Source: Blockonomi)

34. They turned Burger King into
Not all cyberattacks are for monetary reasons. Sometimes the
hackers do it for fun or to check if they can do it. The Twitter community got
confused when the official Burger King twitter account changed to McDonald’s. A
series of strange tweets then followed it. The hackers somehow ended up doing
more good than bad to Burger King as the account gained a significant number of
followers after the attack.

(Source: Mashable)

Types of hackers

Not all hackers are the same. You can
differentiate between them based on their motives and the ways they use to get
the task done.

You must know your hackers well. Here are a
few terms worth remembering.

35. Black hat hackers: These are your stereotypical hackers who don’t follow any laws. These hackers gain unauthorized access to systems and try to get some personal benefits. They are involved in data theft, illegal transactions, malware injection, and so on.

(Source: Norton)

36. White hat hackers: These also
try to find a weakness in the system just like any black hat hacker. But
white-hat hackers usually have permission to do so. The difference being that
they come with all the necessary permissions and find anomalies to get rid of
them instead of exploiting them.

(Source: Norton)

37. Gray hat hackers: These hackers
keep crossing the fine line between what is ethical and what is not. They may
break into systems without the necessary permission, but once they are
successful, they inform about it to the concerned authority.

(Source: Norton)

38. Script Kiddies: The term is used
for those hackers who take the help of already made tools to compromise
systems. There are plenty of tools available out there which allow the user to
identify any vulnerabilities in the system.

(Source: BestIPHider)

39. Hacktivist: Hacktivists work
mostly for social causes. It can be anything ranging from fighting cybercrime
to saving the environment. They often take down websites publish their agenda
or message on the website instead.

(Source: United States Cybersecurity

40. Phreaker: This might be a
somewhat different class as opposed to your regular hackers. A phreaker hacks
into the telecommunication networks. It can be to make free long-distance
calls, to tap into phones, and for all other kinds of purposes.

(Source: Techopedia)


  1. Security
  2. HackerOne
  3. Statista
  4. Norton
    Cyber Security report 2017
  5. Statista
  6. HackerOne
  7. Tech.Co
  8. HackerOne
  9. HackerOne
  10. HackerOne
  11. HackerOne
  12. HackerOne
  13. Wall
    Street Journal
  14. Mail
  15. CU
  16. YouTube
  17. AP
  18. The
  19. The
    Hacker News
  20. Vice
  21. Los
    Angeles Times
  22. npr
  23. The
  24. Wired
  25. The
  26. Bloomberg
  27. CSO
  28. Fortune
  29. The
  30. Federal
    Bureau of Investigation
  31. South
    China Morning Post
  32. Naked
    Security, Symantec,
  33. Blockonomi
  34. Mashable
  35. Norton
  36. Norton
  37. Norton
  38. BestIPHider
  39. United States
    Cybersecurity Magazine
  40. Techopedia
Kim Martin Administrator
Sorry! The Author has not filled his profile.
follow me
    Like this post? Please share to your friends: