Top 5 Brute Force Attacks

January 25, 2017

Password hacking has been around for quite some time. In fact, one could argue most of the tools and methods used to crack passwords have not changed all that much in recent years. Brute-force attacks remain the most popular –  and successful – attack vectors to obtain login information. Several of these attacks have proven to be quite successful over the past few years, affecting millions of consumers around the world.

#5 2013 WordPress Brute-force Attack Wave

wordpress logo

Popular DDoS protection provider Cloudflare noted a significant increase in brute-force attacks against WordPress platforms back in 2013. In fact, CloudFlare blocked as many as 60 million brute-force requests in one hour on April 13, 2013. This large-scale coordinated attack was one of the largest in recent history, luckily very few sites were compromised in the process.

#4 Club Nintendo (July 2013)

club nitendo logo

Nintendo has always been a popular company among gaming enthusiasts. Club Nintendo is a community membership site, where millions of users discuss everything related to their favorite company. In July of 2013, evidence surfaced of Club Nintendo suffering a major brute-force attack, which affected 25,000 forum members. It took hackers over 15 million brute-force attempts to crack these accounts. All affected accounts were promptly suspended until access had been restored to the rightful owners.

#3 US Utility’s Control Systems (2014)




To this date, it remains unclear which US utility company was compromised during this brute-force attack in 2014. According to Homeland Security, criminals were unsuccessful in gaining access to critical systems. However, that does not mean this attack should be overlooked by any means, as it highlights the dire need for better cyber security precautions in the utility industry. This particular attack was likely executed through an online portal which grants access to basic control systems.

#2 Alibaba’s TaoBao (2015)

alibaba logo

In February of 2016, it became clear the popular e-commerce platform TaoBao was affected by a massive brute-force attack. This platform, owned by the Alibaba group, saw close to 21 million user accounts getting compromised. This attack took place between October and November of 2015. A database containing 99 million usernames and passwords was used to brute-force existing TaoBao accounts. One in five of these attempts was successful, which highlighted how often people reuse bad passwords.

#1 GitHub

github logo

Perhaps the largest brute-force attack to be recorded in recent history affected GitHub in 2013. This particular brute-force password-guessing attack proved to be quite successful, as several accounts were compromised in the process. Even though GitHub stores passwords securely, criminals managed to compromise some accounts with relative ease.

During the attack, researchers identified brute-force login attempts being executed from close to 40,000 unique IP addresses. It remains unclear where the list of “weak” passwords came from. However, it is evident the attacks used a list of usernames and passwords they obtained through a different hack. It remains unclear how many accounts have been affected by this 2013 brute-force attack, as GitHub never officially disclosed that information.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

About The Author

Jdebunt

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.