Trust is good, but control is even better
Identity theft is at an all-time high. Not even the large, well-known online services seem to be immune to hacks, as recent data breaches at Reddit, Twitter and LinkedIn show. In this blog post, we will take an in-depth look at some of the largest data breaches of all time and find out how to make sure cyber criminals don’t take advantage of your data.
The Leaked Online Identity Problem
Your online digital identity is only as safe as the protection measures of the services you trust. Unfortunately, users are discovering time and time again that their trust is betrayed. Some services are simply not big enough to be able to invest time and budget in cyber security. And even for those that do, there is no hacker-proof business model. Some online services claim they provide secure services, but there is always a chance of an undiscovered loophole or a component that can be hacked by savvy cyber criminals.
Case 1: Reddit Data Breach
While many of the well-known online services spend a considerable chunk of their budget on preventing hacks from happening, at the same time they are also a very attractive target for cyber criminals. The more popular an online service is, the more valuable its data are . Case in point: Reddit, a social media platform with over 300 million users, was targeted earlier this year. The internal two-factor authentication system was bypassed by unknown cyber criminals, after which they gained access to an internal database backup as well as user passwords. Even though Reddit claims the passwords were salted and hashed (preventing attackers from accessing them directly as plain text), they recommended that all affected users should change their password.
Case 2: Twitter Vulnerability
Reddit is not the only large social media service that got hit by an embarrassing data breach. Earlier this year, Twitter had to admit that a bug had put the data of all of its 330 million users at risk. Even though the service had measures in place to mask passwords by using a hashing algorithm, it turned out a log file displayed all user passwords in plain text. As with the Reddit hack, Twitter also could not guarantee that the passwords would not be abused, recommending a password change to all 330 million victims.
Case 3: LinkedIn Data Breach
Both Twitter and Reddit were forthcoming and transparent: they informed the users who were affected to make sure they had the chance to take countermeasures. Unfortunately, that is not always the case. Professional social network LinkedIn was hacked in 2012. A large number of passwords was stolen, but at the time, the company only published minimal information about what happened. Early reports claimed that 6.5 million accounts were compromised. In 2016, media discovered that actually a staggering 117 million users were affected, some of which were still using the same, hacked vulnerable password for other services, four years after it had been compromised.
The Situation is out of Control
Since mid of December 2018, the situation seems to be not anymore under control. Breaches such as Collection #1 – 773M password megabreach, Collection #2-5 dump leaks 2.2bn usernames and passwords and Breach of ‘Verifications.io’ exposes 763 million records generated extreme fear and uncertainness for many people. However, a deeper analysis of most of the recent data breaches shows once again that the records of a data breach need to be carefully analyzed for fake records and outdated credentials that have been already publicly available.
Effective Countermeasures Against Pawned Digital Identities
Along to the quality of the identity data that becomes public every day, it is crucial to increase the overall awareness about the topic. If even the large, well-known online services cannot guarantee that they protect your digital identity, it is better to take matters into your own hands. Rather than not using the services at all, make sure you enable all enhanced security that they offer, such as two-factor authentication. Take care to choose a strong password to make sure that cyber criminals cannot take over your identity by simply guessing.
Finally, ensure that you are immediately informed if your digital identity is breached. By using BULIDSEC Email Identity Guard, you are notified if your email address is part of a data breach and the containing record is not a fake, making sure you can quickly take countermeasures to minimize impact.