Zero Trust: Best Practices for Preventing Misunderstandings and Mistakes
Zero Trust can be perplexing when it devolves into just another marketing buzzword. Let’s clarify what it really means.
Data is one of the most significant assets in the hands of the corporations in this information technology era. Therefore, a data breach has serious effects on any business. 2018 has seen an increase in the number of data breaches and attacks on corporate and government systems with hackers looking to steal or damage critical data for several malicious reasons. Here are some of the worst data breaches in 2018.
Under Armour Data Intrusion
In late February, hackers breached and gained access to the MyFitnessPal app. They then proceeded to compromise the email addresses, passwords and usernames of over 150 million subscribers who use the app. The company only discovered of the intrusion on March 25. Luckily, the company had a higher layer of security for more sensitive information such as credit card numbers, location and birth dates. However, hackers still got a huge chunk of passwords and other vital data for their use.
VPNFilter Malware Attack
Cybersecurity officials warned of a Russian hacking campaign that had already gained access to over 10 million routers worldwide. The attack that spreads through a malware called VPNFilter targets routers to gain entry to home and corporate systems. Once it gains accesses to a number of devices, it can coordinate them into botnets from which to attack more devices. Hackers who were using this malware aimed at conducting localised attacks on specific regions to steal data or manipulate the web behaviours of the users. Users using VPN's security features to access the internet did not have their browsers manipulated.
Ticketfly Takedown
On May 31, hackers attacked and brought down Ticketfly, a popular sporting and concert event ticketing website. It services were disrupted for a week. The attackers behind the hacking had contacted the company, warning it of vulnerability and demanded a ransom to fix the problem. When the company did not give in, they decided to take down the website to as far as replacing its homepage. It is estimated that the attackers made away with phone numbers, email addresses, location addresses and names of about 276 million subscribers to the website.
Facebook Data Scandal
On March 17, 2018, Facebook disclosed that a political data company called Cambridge Analytica had collected personal information of more than 50 million Facebook users by manipulating an app that scrapped details of people’s personalities, engagements on the platform and other social networks that they were registered to. Despite Cambridge Analytica claiming to have data for only 30 million users, security experts believed that it had personal data for over 87 million users. In fact, in April, Facebook notified over 87 million users of the platform that their data may have been shared with other parties.
My Heritage Data Breach
A security researcher reached to the head of information security in My Heritage on June 4 and told him he had found a file labelled 'MyHeritage' on a private server. When the file was scrutinised, it was found to contain the email addresses of all the users who had signed up to the company before October 26, 2017. The file also had hashed passwords but did not have the payment information.
My Heritage is a genealogy platform that stores personal data, DNA data and family tree information of its subscribers. It is believed the breach may have exposed personal data of over 92 million subscribers on the platform. However, the company denied that it might be a data breach, saying that it stored various bits of customer information in different servers around the world.
Exactis Data Exposure
In June 2018, a security researcher found that Exactis had left the personal data of over 340 million subscribers exposed on a publicly accessible server. Exactis is a marketing and data aggregation company that is based in Florida.
The data contained in the database was over two terabytes in size. It contained very sensitive information that included the email addresses, physical locations, phone numbers and other personal information such as the name of the children, as well as the genders of the subscribers. Exactis did not reveal the actual number of affected clients. However, it is believed the number could be higher than the initially thought 340 million.
Aadhaar Data Breach
There was a login credentials service that was offered by anonymous sellers over Whatsapp. The service allowed buyers to enter any Aadhar number (a 12-digit identifier number given to all Indian citizens) and retrieve a host of personal information stored in the Unique Identification Authority of India (UIDAI).
The information included the name of the number holder, their photo, email address, physical address and their phone numbers. The service was offered for 500 rupees. With an additional 300 rupees, buyers were given access to software that enabled them to print an ID card of any Adhaar number. This breach is said to have compromised the personal data of over 1.1 billion citizens in India.
Several other data breaches go unreported since they are not large scale. Many hackers continue to monitor internet and personal activity of millions of phone and laptop users around the world. To protect your personal data from hackers, consider using VPN's security features to access the internet. It lets you browse anonymously and prevent tracking online. There are free VPN and paid versions. However, the best VPN is the paid version as it has advanced security features and is supported by the companies that are issuing it.