This article examines the extent to which international law protects international organizations (IOs) from hacking operations committed by States. First, it analyzes whether hacking operations undertaken by member States and host States breach the privileges and immunities granted to IOs by their constitutive treaties, headquarters agreements, and conventions on privileges and immunities concerning the inviolability of their premises, property, assets, archives, documents and correspondence. The article also explores the question of whether hacking operations carried out by non-member States breach these provisions on the basis that they have passed into customary international law or because they attach to the international legal personality of IOs. Second, the article considers the question of whether hacking operations breach the principle of good faith. In this regard, it discusses the applicability of the principle of good faith to the relations between IOs, member States, host States and non-member States, and then considers how hacking operations impinge on a number of postulates emanating from good faith such as the pacta sunt servanda rule, the duty to respect the legal personality of IOs, the duties of loyalty, due regard and cooperation, and the duty not to abuse rights. Finally, the article examines the question of whether the principle of State sovereignty offers IOs indirect protection insofar as hacking can breach the sovereignty of the host State or the sovereignty of the State on whose cyber infrastructure the targeted data is resident.