Data privacy is more important than ever before. Data is running the world and with great power, comes great responsibility. January 28th was Data Privacy Day and reiterates the importance of keeping our data safe, as it is meant to. We go to great lengths to ensure that our homes, electronics, and personal belongings are safe and sound but are we thinking along the same lines when it comes to our data? It’s high time that we do because organizations are collecting our data every second of every day and in most cases, we can’t do much about it. The other major concern is if the data is being secured by the organizations collecting them. We’ve witnessed multiple instances of data leaks by major companies in the past couple of years. Let’s educate ourselves and look at some major data breaches that over the years have left the general public shell-shocked.
Yahoo, one of the pioneers of the Internet era, revealed in 2016 that it was the victim of a data breach that occurred in 2014 which compromised the names, email addresses, phone numbers, and dates of birth of 500 million users. If that wasn’t bad enough, Yahoo dropped another bombshell a year later citing that a breach in 2013 had compromised all 3 billion user accounts on its server. This was done by a different set of hackers who stole personal details like names, passwords, email addresses, dates of birth, and security questions and answers. Yahoo was in the process of being acquired by Verizon when these breaches were revealed. The revelations certainly had an impact, as a company that was once valued at a $100 billion was sold for $4.48 billion.
One of the biggest ridesharing services, Uber Technologies Inc, discovered a major breach in 2016 which disclosed the personal information of approximately 57 million users and drivers. Uber further made a mess of the already damaging situation by the way it handled the whole fiasco. The breach wasn’t disclosed until a year later. To make matters worse, it was revealed that Uber had paid off the two hackers with $100,000 to destroy the data with no confirmation that it was actually done. The hackers gained access to Uber’s AWS account credentials when they hacked into its Github account. The weak security was the reason that all the data was compromised with such ease and Uber paid for it in terms of reputation and fines.
Equifax, one of the major credit reporting agencies, exposed sensitive information (social security numbers, driver’s license numbers, dates of birth, and addresses) of 143 million users in 2017. The hackers gained entry through a consumer complaint web portal and then gained access to connected servers. The usernames and passwords were stored in plain text which gave them access to more systems. The data was accessed undetected for months and once detected, Equifax made it known to the public a month later. The security practices were weak and the negligence led to more than 40% of the US population having their personally identifiable information revealed.
Facebook experienced a major breach in April 2019 that exposed over 540 million records. Its Mexico-based partner called Cultura Colectiva was responsible for the incident. An inadequately secured AWS server exposed data that could be used to trace user details like usernames, comments, and likes. Another third-party app called ‘At the Pool’ leaked around 22,000 passwords due to an unencrypted backup of AWS. In cases like these, password reuse rears its head and becomes a menace. The stolen passwords are usually sold on the dark web where criminals use those passwords on other sites where the users have accounts. The only silver lining is that the third-party app has been out of business for the past five years.
Having strangers know a lot more than your name (even your name for that matter!) is scary and makes you wonder about the world we live in. Privacy is important to all of us but we usually don’t give it much thought given all that we have on our plate. The above incidents are a wake-up call and we realize that we have to be more proactive when it comes to protecting our data. Here’s to hoping that this Data Privacy Day taught us to be more cautious and vigilant in cyberspace.