When you sign up for a service, you give away your personal data such as name, email address, and perhaps more like your phone number or address. This kind of digital information shared online is highly interesting to cybercriminals for various reasons: an email address can be used to initiate a phishing attack to extract sensitive data, a saved credit card number to empty your bank account, and so on. In other words, every time you hear about a data breach, it means bad news for all the users of that hacked service, because customer data has become extremely valuable in the digital era.
Data breaches occurred frequently in 2018, enough to be part of the weekly news cycle. The number of victims is measured in billions and you may even be one of them. For example, a massive Facebook loophole allowed third-party services to access user data. Does this sound familiar? Yes, this was the Cambridge Analytica scandal, which kick-started the year and gave weight to data breaches.
Timeline of Major Data Breaches in 2018
The Cambridge Analytica scandal set the tone for 2018: first disclosed to the public on March 17, the misuse of 87 million Facebook users’ data triggered an uproar among internet citizens and instigated the #DeleteFacebook movement. While this wasn’t an actual data breach, it should still be counted as the software developed by Cambridge Analytica used a loophole in Facebook’s API that allowed third-party developers to access customer data from everyone in users’ friends networks on the popular social media platform.
Orbitz announced that an attacker had gained access to a legacy system that compromised customer data such as names, addresses, phone numbers, email addresses, and payment card information.
The biggest data breach of the year was publicly disclosed in this data and affected 1.1 billion users. India’s state-owned ID database Aadhaar had been leaking details of every system user, with security researchers revealing the fact to the media after nothing was done to secure the leak caused by a weak endpoint API. What caused security experts to take this action was the irresponsible handling of 1.1 billion users’ data containing the names, the unique 12-digit identity numbers, bank details, and other private information of almost every registered user.
Under Armour, the creator of the MyFitnessPal, disclosed a data breach affecting 150 million customers. The hackers accessed usernames, email addresses, and encrypted passwords.
Twitter invited all of its users to change their passwords after discovering a bug that stored unmasked passwords in an internal file.
An internal security tool alerted Marriott about an attempt to access the Starwood guest reservation database. The company learned that it had been leaking user data since 2014, and the estimated number of affected customers reached 500 million. The company later confirmed in 2019 that, after investigation, approximately 8.6 million unique card details and 20.3 million unique passport numbers were leaked in encrypted format. However, an additional 5.25 million passport numbers were leaked unencrypted.
Quora reported that a malicious third party accessed its systems but provided no other details. Roughly 100 million users were affected by the breach.
While the initial report came in October, a second data breach that exposed the personal information of 52.5 million Google+ accounts for six days to third-party Google+ apps was disclosed by the search giant on this day in December. This prompted Google to close down its poorly performing social media platform months earlier than originally expected.
What to Expect in 2019
In light of the above, it’s easy to expect data breaches to increase in 2019. The reason is very simple: any company can be breached, especially if its security policy doesn’t involve the use of two-factor authentication. If you don’t want to live in the woods away from such risks –there will be other, different threats in the forest, by the way – and want to enjoy the convenience of internet-based services, then it’s necessary to be prepared. In other words, always assume that your data might be exposed.
The best way to protect your data is to avoid giving it away on every platform. Use web services wisely and, more importantly, secure your online account with a secure password generated by a password manager. If you are using a password management service, it will help you create unique passwords for every account being used, warning you if a password reset is required due to a data breach.
Best Password Managers of 2019
|Editor's Choice 2019|