Data Breach & Identity Theft
Do you believe in doppelgangers? They are people with similar physical traits as you have due to which they can say that they are you in front of anyone. If they try hard then, they can get a bank account in your name, travel to another country using your passport, get away with murder and cause the police to knock your doors. There are several things they can do to make your life miserable if they are evil doppelgangers. But what if I told you that all of these can happen to you even without a physical doppelganger!!
It is only this decade when the term “Identity Theft” has become a talk among every individual present online. Identity theft is undoubtedly the crime of the 21st century. It is fueled by continuous data breaches happening all around the world exposing millions of private records to criminals. Just imagine how could someone try to impersonate others if they don’t have any information about the person they are trying to impersonate.
Why is data breached?
The days of pick-pocketing are gone, now the thieves have taken the internet route as it is relatively simple for them in order to get private data about a person. If you are wondering how is it possible at all, then there’s only one thing that you need to know: whatever data you provide to a website in order to receive service is stored in their servers even after its work is done. This data can include your card details, PAN card number, email id, address. If you are interested to know how do identity thieves make use of these information against you then you may wish to read Identity Theft: A Monster Rising in India.
Not all of us experience a first-hand hacking attack so how can we be potential victims of identity theft? We provide different types of information about ourselves to different websites. Its these website databases which are targeted in order to harvest our personal information. Also, targeting a big database is beneficial for a criminal because they get a huge number of records with just one attack. Criminals preferably look for the opportunities in which they can get access to credit/debit card data as those can quickly be used for malicious intent. And currently almost all online shopping websites store card details on their database which is the first choice of cyber criminals.
Theoretically, any company or organization can be the target of cyber-attack but there are a few sectors which are targeted very often. Banks, financial companies, start-ups offering online purchase of products/services, government databases are the hot-spot targets for a criminal in order to harvest information about us.
Who have suffered it?
You don’t believe me, right? Okay fine, see for yourself. In the last 2 years itself, the amount of data breach incidents occurred will blow your minds.
Data breaches cost organisations in India about ₹12.8 crore on average between July 2018 and April 2019, according to a report sponsored by tech giant IBM.
Top 5 sources of Citizen’s identity documents in India:
Image Copyright: BCCL | Source: PwC, UIDAI
They are always on hunt for new players
In May 2019, it was reported that the Truecaller database was breached exposing a huge amount of data of its Indian customers. It is reported that 29,90,55,819 Indian Mobile Numbers, 1,92,06,906 Email Ids, 1,78,85,795 Subscribers Photos, 20 Million Facebook Ids were exposed which in itself is a serious amount of personal information. Along with these details like Phone Number, Network Carrier, Name, Gender, Image, Address, Job Title, Company Name were also leaked. Just imagine the extent of damage possible using these details about any individual.
People can specifically be targeted with social engineering attacks using their lifestyle data and a lot of fraudulent activities can be done or this information can be sold on dark web to be used by criminals. Mobile numbers are really important assets these days, in case a hacker gets a meterpreter (a hacking technique in which an infected app lets attacker access your device remotely) access of your phone then you’ve just lost all your control from your own device. And in current scenario, mobile phones are sources of every type of information about a person. These data along with government ID documents will make a deadly combination and a fool proof identity theft situation.
Another recent breach incident was reported in February 2019 with Ixigo — an Indian travel and hotel booking e-commerce website. Since it is an e-commerce website, it contains a wide variety of information such as names, surnames, usernames, emails, passwords, phones and addresses. It is reported that 17.2 Million such records were compromised. Also being an e-commerce website, it is most certain that the website has information about the credit/debit card details which is always targeted by the attackers.
Very recently, two security loopholes were discovered and exploited by hackers in the hyper local search engine Justdial’s database to expose user data from over 100 Million users. It revealed a huge amount of mobile numbers and location information.
Fast growing businesses are being targeted very frequently in India as these companies attract a lot of Indian population by giving attractive offers resulting in gathering a lot of user information. But their data security infrastructure doesn’t always comply with the latest trends which data thieves take a huge advantage of. Companies like Zomato is said to have suffered such an attack.
Are you a Social Media “Influencer”?
What do you think would be a data thief’s paradise? Social media platform it is. Besides basic information there is a huge amount of highly personal stuff about a person on platforms like Facebook. Many people like to share every day to day experience on it. Combining this information with some illegally acquired Identity documents from Dark Web will be a deadly combination.
Earlier this year, an incident was reported in which it is said that Facebook harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts. Facebook asked to provide passwords of the original email Id in order to import their contacts. But the point of concern is something even bigger. Such information is sold out to several organizations which require it for product marketing purposes. We may accept that Facebook servers are secure but the companies that buy such data and store in their own database might not be secure from good hackers who are always on the watch for weak links.
If you are an Instagram person then you must know that Instagram influencers earn a lot of money by posting advertisements on their channel and their charge depends upon their reach, no. of followers and likes. Well, back in May 2019, a data breach incident was reported to happen in which a massive database containing contact information of Instagram influencers, brands and celebrities had been exposed online. Upon investigation, the blog traced the database back to a Mumbai-based social media marketing firm, Chtrbox that pays Instagram influencers to run ad campaigns on their accounts. These marketing firms use this information to calculate net worth of an advertising channel and determine how much money they need to pay. But the point of concern is that your Instagram data can be hacked from sources other than Instagram servers as well exposing a lot of sensitive information about you.
Who’s going to protect the Government!!
India is moving forward with digitization and in order to accelerate it the Government introduced Aadhar card long time back and now that a large population of India has it, a recent breach in February 2019 is said to have occurred leaking details of 6.7 Million citizens. The data is said to be available on Indane’s website. Aadhar card is a very instrumental piece of document when seen on the grounds of individuality as it contains even the bio-metric data of a person. It can single handed be misused for stealing someone’s identity. Prior to this event in 2018, French cyber-security expert Baptiste Robert had uploaded website links containing the Aadhaar data of thousands of Indian citizens
Well, the following video is a concise summary of how data breaches affect common people. The Dangers of a Data Breach
What all you can do?
All these data which are stolen end up getting sold in dark web where people are eagerly waiting to hide behind your identity to carry out their illegal work. Once your data find a criminal there’s no escape then. The only way to prevent any damage to your pockets and dignity is to be alert of the activities going on with your data on the dark web and take the right steps in time to prevent the worse. But how to do it?
ID Fence is a brand-new product, currently one of its kind in India which can help you achieve the aforementioned cause. You can also check for the compromise history of all your documents and social media accounts that might have happened in the past 7 years and be prepared for your battle against Identity Theft.