THE WORLD OF INFORMATION SECURITY

Data Breach and Privacy



Is our online personal information exposed? This is first thing that comes to our mind after we hear of a data breach of a company or data service that we use. 

Websites and systems are hacked daily and their data is stolen by hackers. This data often contain customer's (Our) personal information including passwords (which are often encrypted, but not always), emails, full names, usernames, IP addresses, home addresses, birthdays, photos and personal private messages, as well as other pieces of information. 

These breaches of course put the security and privacy of the affected users (Us) at risk.


In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the  data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the  breach were stored as SHA1 hashes without salt.


In July 2015, the Qatar National Bank suffered a data breach which exposed 15k documents totalling 1.4GB and detailing more than 100k accounts with passwords and PINs. The incident was made public some 9 months later in April 2016 when the documents appeared publicly on a file sharing site.

In March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency. The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virginia.


To be able to check if your account details have been leaked in one of the continuous  breaches visit www.haveibeenpwned.com which has breached data of 310 websites,  it provides a simple search to check if your email address is in the breached data.


Another website called vigilante.pw provides the name of the website that there databases has been exposed also tell your the hashing algorithm of the password and the number of entries.


So what is the probability that your personal information will be within these breached data? I would guess quite high.  As most of the big, well known social and professional online networks have been breached. How many of the ones  you use been hacked? What about your financial data? a large number of the major e-commerce sites have been breached as well. 

Nobody is completely safe and there no online service that can guarantee a 100% breach proof service. Should this lead you to close all your account, then cut the internet cable, turn off your PC and Smart phones. LOL.  Not at all.  You should know that there are some actions you can do to protect yourself or at least to minimize the probability of compromising your account if a hack occurs:

  • Choose a password that is complex "enough" (Not "Password123") and try to limit its usage across multiple sites
  • Read the policy of the website before creating an account to check if the password stored in an encrypted manner or not.
  • Change passwords from time to time or if a breach occurs.
  • Don’t use your financial information on untrusted websites.
  • Enable Multi-Factor authentication as most online services today provide this feature.
  • Limit the data your provide and post to these services to reduce the impact that might affect you in case of a breach 

Post a Comment

0 Comments