Some Data Breaches Are Reported Years Later. Here's How You Can Protect Yourself Now

Data Breaches Undisclosed for Years

You hear of hacking incidents every day, and you're rightfully worried that one day, you might end up in the crooks' sights. You want to know what the various service providers do to protect your privacy, and you ask politely. What sort of response are you likely to get?

Well, the vendor will probably try to assure you that your security is very important and that the company wants to be very honest and transparent with you. The thing is, sometimes, when online service providers say that they want to be honest and transparent, they aren't very honest or transparent.

When vendors cover up hacking incidents

Take Uber as an example. In 2016, a hacker attacked the ride-sharing service and made off with the personal information of about 57 million users. Then, the crook got in touch with the company and tried to extort some money from the management team. This, it turned out, was a good move. The hacker pocketed $100 thousand in exchange for the promise to delete the stolen database and not to do that again. As for Uber's now-former management, they swept the whole thing under the rug and pretended that nothing had happened.

In November 2017, Dara Khosrowshahi, Uber's new CEO finally broke the news, and the company braced itself for the legal action that was coming. In September, Uber settled a dispute with the US government for $148 million, but plenty more class action lawsuits are still ongoing, so the damage will likely be much bigger.

When vendors have no idea that they've been hacked

The sums Uber will need to pay are vast, and that's because by covering up the breach, the former management team put quite a lot of people at risk. Sometimes, however, timely disclosure simply isn't possible because the hacked organizations aren't aware of the incident at all.

Take the Myspace breach which according to the experts happened in 2008. If you are one of the hundreds of millions of people who used Myspace at the time, you will probably remember that a data breach was never mentioned. That's because only the hackers that actually broke in knew about it. It wasn't until 2016 when they started offering the data for sale that the rest of the world learned about the incident.

Once again, millions upon millions of people were left vulnerable for years, but in this case, Myspace didn't cover up the breach intentionally. They just didn't know about it.

This lack of knowledge could be the result of a variety of different things, but in most cases, we're talking about a nonchalant attitude towards security. Unfortunately, there's not much you can do about that. Vendors will continue to set up their systems in an unsecure way, and when they do, you usually don't have any indicators of the things they've done wrong. That's why, it's important to ensure that in case your data does get exposed, the damage is as limited as possible.

Prepare for the worst

In today's online ecosystem, every user, regardless of where they live, what they do on the internet, or how much money they have in the bank, is a potential target. In fact, when we talk about data breaches, we're talking about millions of people falling victims in a split second, and because these incidents are so common, you're better off assuming that sooner or later, you will be affected. Needless to say, you must be prepared.

Change passwords regularly

This piece of advice has caused some controversy in recent years. Many people reckon that if your password isn't exposed, there's no point in changing it. Yet, as we established already, sometimes, your login credentials are out there, and you just don't know about it.

Obviously, even a strict password changing schedule can not guarantee that you'll stay out of trouble. If, for example, you simply add a "1" to the end of your previous password, you're not doing much to stop the hackers. And while the crooks do sometimes sit on the data for months or years on end, often, they abuse it the moment they get their hands on it.

Nevertheless, if there's even a small chance of helping you stay safe, it's worth doing it, and in some cases, changing your password regularly can keep you out of trouble. Just make sure that every new password is as complex and as random as possible.

Use unique passwords for all your accounts

In an ideal world, password reuse wouldn't be that big of a problem. In an ideal world, every single service provider would salt our passwords before hashing them with a strong algorithm. This would ensure that if the hackers do somehow manage to break a service provider's defenses, they wouldn't be able to get the plaintext password. And because of the salt, they wouldn't be able to use the hash value to try and guess what it is. This is what would happen in an ideal world, but unfortunately, as we all know, we don't live in an ideal world.

Hundreds of incidents have taught us that you just can't trust service providers to keep your passwords safe. Earlier this week, for example, we learned that eight adult websites were hashing passwords with an algorithm that's a whopping 40 years old. Far too often, if a website is breached, your password is easily recoverable, and if it's used to protect multiple accounts, it gives crooks the ability to do a lot more damage than they normally would.

Unique passwords are the only way of ensuring that even if one of your accounts gets compromised, the rest will remain safe. Doing this isn't as hard as it sounds if you have the right tools. With Cyclonis Password Manager, you can create unique, complex passwords for all your accounts at the click of a button. Better still, you don't need to worry about remembering them because they will all be encrypted and put in your personal vault. To learn more about Cyclonis Password Manager, click here.

October 24, 2018

Leave a Reply