The Worst Data Breaches (what you need to know and do)
Data breaches are getting bigger, more frequent, and more worrisome. That's the message from digital privacy experts at NordVPN, who just released a report detailing the most shocking data leaks of 2019. Eight of those breaches affected the personal data of millions of people worldwide. Read on for details on the biggest and worst data breaches of 2019, and what you need to know about protecting yourself in the age of vanishing privacy...
The Biggest Data Breaches of 2019
NordVPN, a VPN service provider with a focus on online privacy, does an annual report that focuses on just the opposite. Namely, how much personal and private data is released into the dark corners of the online world by malicious hackers.
Daniel Markuson, a digital privacy expert at NordVPN, says that in 2019 hackers did more than just hack — they also collected billions of consumer records from breaches and leaks that had occurred years ago, and packaged them up for sale. Some of those breaches were really shocking and affected millions of people worldwide.
“With so many breaches and leaks in 2019, it’s possible that your email address or other details ended up in the wrong hands,” says Markuson. But there are several online resources that can help you determine if any of your login credentials have been compromised.
You can check to see if your email address was leaked in a data breach by visiting Have I Been Pwned. Enter your email address and this site will tell you if it has been compromised at any time in the past. (The term "pwned" is geekspeak for "owned," or "defeated.")
NordPass is a free service that lets you anonymously measure the strength (hackability) of your password, and will tell you if your password was exposed to any known data breaches.
Breach Alarm is a similar but more proactive service that scans the dark corners of the Internet in search of stolen password lists that have been posted online. You can sign up to be notified about future password hacks that affect you.
Who Was Breached, and How Bad Was It?
Here's a list from the NordVPN report with eight of the worst recent data breaches. They're ordered from the smallest to the largest, with details on what specific types of personal data points were compromised.
American Medical Collection Agency (19.6 million). This breach affected two prominent lab testing companies. First, Quest Diagnostics was notified that someone had unauthorized access to AMCA’s databases for eight months. The hack affected almost 12 million of their customers. Hackers got access to very personal information such as credit card numbers, bank account information, medical information, and Social Security numbers. Then there was LabCorp, another company whose customers were affected by this breach. Almost 8 million customers’ personal and financial data was compromised.
Suprema (27.8 million). This security loophole left 27.8 million people’s biometric data exposed. Suprema is a security company responsible for the web-based Biostar 2 biometrics lock system. The system is used by almost 6,000 organizations in 83 countries, including governments and banks. Biostar uses fingerprints and facial recognition to allow employees into restricted buildings and areas. Security researchers from VPNmentor found that the Biostar database was left unprotected and largely unencrypted. Worst of all, they got access to tons of sensitive information. Really, a "security company" failed to protect sensitive confidental client information?
Houzz (48.9 million). Houzz, a home design website, started the year 2019 by announcing a breach in which hackers got unauthorized access to its customers' publicly available information, as well as usernames and encrypted passwords. The company noticed the breach at the end of 2018 and was pretty vague about it in their public statements. However, ITRC reported that the hack affected almost 49 million Houzz customers.
Capital One (106 million). In July 2019, Capital One announced that they suffered a massive data breach affecting 100 million Americans and 6 million Canadians. The hacker accessed credit card applications made between 2005 and 2019. They contained personal data including names, home addresses, email addresses, dates of birth, etc. What makes this one of the worst breaches of 2019 is that some bank numbers and social security numbers also ended up in the hands of the hacker.
See also Get Your Free Credit Reports Online, [ALERT] Freeze Your Credit Files For Free and 10 TIPS: Identity Theft Protection.
Zynga (218 million). If you’ve ever played online games such as “Words with Friends” or “Draw Something,” you should be worried because their creator, Zynga, was breached in 2019. The hack affected a whopping 218 million users. Bad actors accessed log-in credentials, usernames, email addresses, some Facebook IDs, some phone numbers, and Zynga account IDs.
Facebook (419 million). A security researcher at the GDI Foundation found an unprotected server with a database containing approximately 419 million phone numbers belonging to Facebook users. The database was available to anyone, and it also included Facebook IDs, which makes finding user’s names and personal details even easier. The owner of the server wasn’t found, but the database was taken down shortly after it was discovered.
Collection by Gnosticplayers (1 billion+). This isn’t a breach per se, but rather a collection of breaches affecting more than 1 billion internet users. A hacker who calls himself Gnosticplayers collected databases from 45 companies and put them up for sale on the dark web. These batches contained data such as users’ full names, email addresses, passwords, location data, and social media account information. The companies whose data was released includes Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), Animoto (25 million), 500px (15 million), CoffeeMeetsBagel (6 million), and more.
Collections #1-5 (3 billion). A batch of leaked data dubbed "Collections #1-5" was probably the biggest leak of 2019. These collections of leaked and stolen data contained usernames and passwords collected over many years of breaches. These batches appeared on hacking forums and were noticed by security researcher Troy Hunt, who identified the link between them all and informed the public. The first batch was released in January and contained the data of 770 million people. Then, a few weeks later, Collections #2-5 appeared on the internet. They contained 25 billion unique records and roughly 2.2 billion unique usernames and passwords, making this one of the most significant leaks to date.
What Should You Do?
Now that the number of leaked records (usernames, passwords, phone numbers, social security numbers, credit card info, and other personal data) reaches into the billions, and new data breaches are announced like clockwork, how should you respond? My advice is to assume that at least some of your personal info HAS been compromised. Here's what I recommend:
* Change your passwords, and use a password manager to create strong passwords going forward.
* Use two-factor authentication to protect your online accounts (even if your password is stolen)
* Consider using disposable email addresses
* Keep tabs on your credit reports (see sidebar above)
I want to thank the folks at NordVPN for allowing me to share their reporting on recent data breaches. NordVPN offers VPN (virtual private network) services that let you browse the web securely and anonymously. And in case you're curious, I have no business relationship with NordVPN, and was not compensated for this article.
Have you been affected by a data breach? What steps did you take as a result? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 4 Feb 2020
|For Fun: Buy Bob a Snickers.|
How Private Is Your Email?
The Top Twenty
Geekly Update - 05 February 2020
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- The Worst Data Breaches (what you need to know and do) (Posted: 4 Feb 2020)
Copyright © 2005 - Bob Rankin - All Rights Reserved