The Largest Data Breaches & How to Keep them from Taking you Down

Posted by James on 1/15/19 12:40 PM

The Largest Data Breaches and How to Keep them from Taking you Down

As data breaches are becoming more and more prevalent it’s hard to not become immune to them. Companies we know and trust are getting hacked right and left and, for many, it seems like there’s little we can do about it besides become a hermit and take ourselves off the grid entirely. But, that’s not the case and it’s poor judgment to ignore the possibility of hacks. While data hacks are increasing frequency in North America, there are some things you can do to keep them from affecting you or at least lessen the blow.


The worst hacks to date

Yahoo

Can’t live with ‘em; can’t live without ‘em. Yahoo, who you know as a search engine, email service, and more, has 3 billion users, and all 3 billion accounts were compromised in 2013. The worst part about this hack (Scratch that, there are several worst parts) is that they didn’t announce it until 2017. The other worst part is that they were using outdated, easy-to-crack encryption. So names, birthdates, phone numbers, passwords, and security questions were all accessed by the Russian government. Entire copies of Yahoo’s user records were sold on various occasions. A company this size shouldn’t be able to let a hack of this grandeur happen—especially with the money and resources they have.

Marriott International

The second largest hack in history and we were lucky enough for it to happen this year! If you stayed in one of the 7,000 hotels across the world owned by Marriott International between 2014 and 2018 Marriott, you could be one of the 500 million guests who lost their personal information. They have no excuses. The faucet shouldn’t leak for 4 years—it should have been caught ages ago.

FriendFinder Networks

Possibly on the sketchier side by nature, the world’s largest sex and swinger community lost 20 years of information in 2016 due to poor security. They had stored plain text passwords, weak SHA1-encrypted passwords, user logins for a site they didn’t even run anymore, and the login info for 15 million accounts that had been deleted. Their negligence led to 412 million accounts being exposed. Not a sexy move.

Adobe Systems

Adobe has created fantastic software for professionals ranging from creative to marketing to document management solutions with tools like Photoshop, Lightroom, Acrobat Reader, and a handful of others. In 2013 they lost information 152 million people entrusted to them—including payment card and contact information. An attorney general declared that by storing payment information on public-facing servers, Adobe did not employ reasonable security measures and they were consequently issued a large fine. Way to hold them accountable!

eBay

eBay has been a great platform on which many people have been successful selling items of various sorts—personal information wasn’t supposed to be one of them… but in 2014 that’s what happened. Hackers used the credentials of 3 eBay employees to gain access to eBay’s system and stole 145 million people’s email addresses, encrypted passwords, and other contact information.

Equifax

Any finance-related company should be as secure as a vault, amiright? Apparently Equifax missed that memo. Their security wasn’t great and in 2017 they lost the personal information of 143 million people. This included personal financial history, social security numbers, passports, drivers’ licenses, and credit card numbers. As if the loss of the information weren’t bad enough, Equifax didn’t handle the situation very well: consumers weren’t told for over a month; executives sold stock before notifying the public of what happened; and the subsequent customer support didn’t work very well. Epic fail, Equifax.

Under Armour

While all you think about in regards to Under Armour’s app myFitness Pal is the number of calories it’s tracking, the number of steps you are taking, and other related values, it’s got other data too: usernames, passwords, and email addresses—150 million of which were lost in 2018. No company is immune to these hacks, if there is money to be made off the data a company will be a target. Even the most friendly seeming apps can be attacked.

Quora

The community Q&A site where everyone is an expert in their own field has contributors from all over the world. As one of the more recent hacks, they lost the data of 100 million of their community members in 2018. This included names, email addresses, hashed passwords, direct messages, and more. Kudos to them, though; they held to the rules set forth by Europe’s newly instated GDPR, and notified everyone of the hack within 3 days, which helped them avoid fines.

For those 6 hacks alone that’s 4.6 billion accounts that were hacked when we entrusted our personal information to large corporations.

How to know if you’ve been hacked

Hackers are sneaky beasts and don’t make it easy for you to know they’ve been at work with your accounts. By flying under the radar they can keep doing their thing without you knowing. There are some tip-offs you can keep your eye out for, though.

  1. Why isn’t my password working?! You know you’re entering the right password, but for some reason it’s not working. That can only mean one thing: your password has been changed and it wasn’t you that changed it.
  2. I didn’t send that! There are messages in your sent folder that you didn’t send. That means someone else has access to your account. But even if you don’t see messages in your sent folder from someone else doesn’t mean it’s not happening, the hacker could just be deleting them after he sends them—so judge with caution.
  3. Weird messages in your inbox. Emails like password reset requests are in your inbox, but you don’t remember trying to change your passwords. Or there may be some emails that imply a current business relationship with you, but something just seems weird.
  4. Your account is being accessed from different locations. On your different social media accounts and Gmail you can view IP addresses and locations that are accessing your accounts. See a location you know you weren’t at? It’s time to change your passwords.
  5. Your friends tell you you’re sending spam. Similar to seeing messages in your sent folder that you know you didn’t send, sometimes your friends or colleagues will tell you junk is being sent from your account.
  6. Unauthorised charges on your cards. Check your financial statements and make sure you were the one to make all of them. If there’s an expense on there that you don’t recognise, it’s time to call your financial institution and cancel the card.
  7. haveibeenpwned.com . This site monitors hacker sites and hacked information that has been released publicly. It’s really easy to use. In fact, I tested it out to be sure. You just enter your email address and it almost instantaneously tells you which lists your email address has been found on and which hacks it has been associated with. My email address was found in relation to Edmodo, Tumblr, and bitly hacks dating to 2013, 2014, and 2017. Eeks!

While companies may keep many passwords encrypted via SHA-1, this hash algorithm is notoriously weak and could be meaningless if hackers got access to the hash dictionary. When LinkedIn experienced their big hack, over 60% of the stolen hashed passwords were broken into within 2 days of the breach.

How to protect yourself from data breaches and their ramifications

Hackers are pretty crafty and you might not always be able to outrun them, but there are some things you can do to protect yourself and make yourself a little less prone to hacks and minimise their effects if they do happen to you.

  1. Manage and change your account passwords. Your passwords should be unique and have a combination of letters (both uppercase and lowercase), numbers, and symbols. By having a different password for your different accounts it means that if your password is identified for one account the hackers won’t be able to use it on your other accounts, as well. It’s hard to remember all these different passwords so using a master password keeper can come in handy. You can use a local password keeper or one in the cloud depending on your preferences. Some good options are: Roboform, LastPass, and 1Password.
  2. Monitor your credit. Be quick to spot changes or irregularities in your credit reports; then notify your credit card company and put freezes on your accounts if and when you do spot a problem. The earlier you find the problem the less damage will be done and the less you have to fix. Companies like Credit Sesame and Credit Karma monitor your credit reports from all 3 major credit bureaus and alert you if there is a change in your credit report so you can jump on to fixing it.
  3. Guard your information. There’s no sense in giving away your information! Some ways you can make sure you are keeping your information to yourself are: 1) Shred documents that have personal identifiable information on them. 2) Don’t follow links in emails, rather type in the URLs directly in your web browser. This will keep you from landing on a site that was only built with the intent to trick you into giving them your personal information. 3) Use credit cards instead of debit cards as they are generally more immune to fraud.
  4. File your taxes early. One method fraudsters will use is filing a tax return in your name as a way to get your refund. The earlier you file your taxes the more you hedge yourself from someone else filing them for you.

SingleSource to protect you

As a blockchain-based tool, SingleSource protects consumers by giving them power over their own information. It allows consumers to decide who can and can’t see what data—reducing the risk of identity fraud.

Modern financial institutions have worked hard to reduce fraud risk, but that means pending transactions take days or even weeks to complete. People don’t have time for that anymore. They want faster or instantaneous transactions. Blockchain allows this.

When personal data is stored in decentralised databases instead of one central place, large hacks like the worst we mentioned above won’t happen, and fewer successful hacks will happen at all because the effort will be far less valuable.

With smart contracts transactions can be automated and verified; this means there is a much lower risk of fraud when doing business whether it be buying or selling. Smart contacts remove any lack of trust you may have and lowers the cost of transactions by making them less time-consuming to review.

SingleSource will make long-term identity protection and management far easier and more reliable giving you the peace of mind you’ve never been able to have with centralised systems.

Read about blockchain for ID management

Topics: Blockchain technology, Fraud prevention, Digital identity

Recent Posts

Subscribe here