TechCrunch just published their midyear roundup of the worst hacks and breaches of 2026, and if you read through it, the thing that stands out isn't how sophisticated the attacks were. It's how many of them came down to basics that weren't handled.
Passport scans and driver's licenses are sitting exposed on the open web because of simple misconfigurations. Over two million identity documents were leaked across hotel check-in systems, money transfer apps, and visa services. Not zero-days, not nation-state toolkits, just stuff left unsecured that shouldn't have been.
Open source supply chain attacks hit some major names this year, including security tools themselves. Backdoored packages made it into pipelines, auto-updates pulled down malware, and stolen credentials from compromised developer machines spread downstream into companies like OpenAI and Vercel. The pattern is always the same: compromise one trusted dependency, and you get access to everyone who consumes it.
The ShinyHunters crew didn't even need anything technical for most of their hits. Voice phishing. Calling up companies pretending to be IT support or a locked-out employee. That's how they got into Instructure and stole data on 30 million students. When the company didn't pay, they broke in again and defaced login pages during finals week.
And then there's the critical infrastructure side. Water treatment plants, power grids, and dams are all getting targeted across Europe and now the US. These aren't theoretical risks anymore; one attack in Norway caused a dam to physically spill water.
As developers, we tend to think of security as something the security team handles. But half of these breaches touch code we write, dependencies we pull in, infrastructure we configure, and pipelines we build. The supply chain attacks, especially, are a developer problem first and a security problem second.
The full list is worth reading: https://techcrunch.com/2026/06/07/the-worst-hacks-and-breaches-of-2026-so-far/
What's your team actually doing differently this year? Or is the answer honestly "not much"?
Top comments (0)