Data Stolen During 14 Data Breaches in 2020 Sold on the Dark Web

Data breaches have very much become part and parcel of internet activity in 2020. It seems that rarely a week goes by without news of a major one popping up. While the Internet is something of a murky, poorly explored zone when it comes to legislation, due to its relative novelty as well as the speed with which it develops, by this point, it is clear for all parties involved that care to think about it that this situation is unsustainable.

As a result, we’ve seen a multitude of efforts to remedy the problem. Legislators on all fronts are trying to incentivize companies to take steps to protect the information of their customers, as well as making sure that data breaches are disclosed promptly and properly. GDPR in the EU, as well as various pushes from American legislators of all political persuasions, can clearly attest to these efforts. On the flip side, companies are also growing wiser to the threat of malware attacks, and many of them are taking measures to prevent them, and the disastrous results said attacks might have on both the company and its users.

Unfortunately, all these efforts don’t seem to be able to stem the tide of malicious intrusions, with more and more breaches being reported by the companies in question, or discovered by researchers every day.

Just one of the latest instances of data troves emerging for sale on the dark web saw the data of nearly 133 MILLION user accounts being offered by data breach brokers. The stolen databases invariably include valuable user details, such as names and hashed passwords, of customers of a variety of companies including Efun, DarkThrone, Footters, HomeChef, Fluke, KitchHike, JamesDelivery, KreditPlus, Minted, Playwings, Tokopedia, Revelo, Yotepresto and Zoosk.

Perceptive and knowledgeable readers would have noticed that some of these companies have already been in the spotlight for the very same thing – and they’d be right. In fact, the largest number of leaked account details come from our four repeat offenders - HomeChef, Minted, Tokopedia, and Zoosk. Those four account for the bulk of the breached information – which just goes to show that even if you get hit once, hackers are unlikely to leave you alone for too long, if at all.

So what should users take away from all of this? A couple of things spring to mind.

  1. Companies are fallible. Even if they claim or genuinely seem to take measures to prevent data breaches, there’s no guarantee that your data is safe with them.
  2. Companies are bad at reporting data breaches. Regardless of whether that’s due to incompetence or deliberate obfuscation, most data breaches are still not reported properly. This happens in spite of an increased legislative push on the subject.
  3. It is up to each individual to ensure their online presence is safe. Companies often fail to do enough to protect their user’s private data. Legislators can’t really protect you from data breaches – all they can do is try to incentivize companies to fess up to their misdeeds and try and make the people responsible for the breach pay their dues. Therefore, it’s up to the user to make absolutely sure that their accounts are as safe as possible. Keep an eye out for news of data breaches of service providers that you use. Check whether your details have been leaked online, even if no news on the matter has emerged. Take care to use unique, strong passwords for all your accounts, by following this guide. Or, if you can’t be bothered with coming up with, memorizing and imputing multiple uncrackable passwords – consider investing in a password manager.
July 8, 2020

Leave a Reply