💾 Archived View for galaxyhub.uk › news › tech › 2024 › May › data-breach.gmi captured on 2024-08-18 at 17:16:00. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-05-10)
-=-=-=-=-=-=-
╭━━━┳━━━┳╮╱╱╭━━━┳━╮╭━┳╮╱╱╭╮╭╮╱╭┳╮╱╭┳━━╮ ┃╭━╮┃╭━╮┃┃╱╱┃╭━╮┣╮╰╯╭┫╰╮╭╯┃┃┃╱┃┃┃╱┃┃╭╮┃ ┃┃╱╰┫┃╱┃┃┃╱╱┃┃╱┃┃╰╮╭╯╰╮╰╯╭╯┃╰━╯┃┃╱┃┃╰╯╰╮ ┃┃╭━┫╰━╯┃┃╱╭┫╰━╯┃╭╯╰╮╱╰╮╭╯╱┃╭━╮┃┃╱┃┃╭━╮┃ ┃╰┻━┃╭━╮┃╰━╯┃╭━╮┣╯╭╮╰╮╱┃┃╱╱┃┃╱┃┃╰━╯┃╰━╯┃ ╰━━━┻╯╱╰┻━━━┻╯╱╰┻━╯╰━╯╱╰╯╱╱╰╯╱╰┻━━━┻━━━╯
░░░░░░░░░░░░░
It seems like a day doesn't pass without a new data breach. Take the iOS debacle back in March, for instance, where it was reported that the iOS X app was sharing crash reports with the platform even if users had opted out. It's a bad look but, with so many of these occurrences popping up, it's easy to become numb to the news.
It doesn't help that it's hard to visualize where we, the individuals, come into the equation; sure, it's our data being stolen and leaked, but the press often focuses on the business side of things, which can lead to a personal sense of detachment about the consequences of breaches.
data breach happens when personal data is unlawfully disclosed, accessed, lost, altered, or destroyed via a cyber attack or other nefarious means, like phishing scams. They can be accidental or calculated attacks, and range massively in scale. According to the 2024 Verizon Data Breach Investigations Report, 68% of data breaches involved a non-malicious human element—like someone falling victim to a scam or social engineering tactic.
Some data breaches are purely accidental (which doesn't take the sting out of being involved in one, of course). If a co-worker checks out a file on your computer without having the right authorization, that's a breach, even if they don't blab about what they saw.
Of course, some employees do this sort of underhanded snooping on purpose, either to hurt the companies they're working for or to make a bit of money by selling what they find (like identifiable information or intellectual property) to brokers.
Criminals outside of a business aim for data, too, and these are the stories that most often make the news. They'll employ a variety of techniques to get what they want—and can plan their digital heists months in advance. Criminals keep an eye on their target business, watching for vulnerabilities, overdue updates, or employees who might just be susceptible to a phishing attack.
Then, when the criminals worm their way into the corporate network, they can rifle around for the juiciest files and data like your name, address, email, phone number, and even your recent purchases, which they'll sell to interested brokers.
Click into any news story about a data breach and you'll often see how the company has been impacted. Maybe they've lost millions of dollars, been lumped with a lawsuit, or are implementing new security measures. The cost to us mere mortals tends to get glossed over.
The truth is that, armed with your login details, a cybercriminal can wreak havoc.
Even though I, and other privacy advocates, beg on our hands and knees for folks to use different passwords for different accounts, lots of people don't. You're making a hacker's day, though, because the first thing they'll do if they get hold of your password through a breach is check to see if it'll work on other sites, too. It's called credential stuffing—and it can escalate the impact of a breach.
So, you might not be overly concerned if you receive an alert about an ancient Facebook account being involved in a breach, but if you've used the same password for years, that old account could lead criminals right into your banking apps.
Criminals that wiggle their way into your email account can change the password without you realizing it right away, and then do their best to force access to your other accounts.
One of the most devastating consequences of a data breach is identity theft. It's wickedly easy for a criminal to pretend to be you online, and if a breach has informed them of your personal information (like your name, address, and date of birth), they pretty much have all the tools they need to dupe security questions, embroil you in legal trouble, take out dodgy loans in your name, and buy all sorts of expensive stuff for themselves that you'll pay for.
If you're doing your daily scroll through X, Facebook, or Reddit and notice that a service you use has been involved in a data breach—don't panic. There are a few things you can do to (hopefully) get ahead of the criminals behind the attack.
Take a look at the story to get a sense of how serious the breach was, but remember, sometimes a company won't share all the details of the incident, either to save face or because the scale is currently unclear.
Then, it's time to brush up on your digital privacy habits: