Top 5 Data Breaches In 2019
Opacity is committed to truly zero-knowledge anonymous cloud storage. We never ask for any personal data during account registration or use — not your name, email, address or credit card information.
Why is truly zero-knowledge anonymous cloud storage such an important disruptor in the industry? Because it addresses one of the major problems plaguing internet privacy and security — data breaches. Let’s review some of the recent data breaches and their impacts and see if this concerns you as much as it concerns us.
Thanks to guest writer Sweet Elyse from the Sweet Elyse blog for researching and writing about these data breaches. Our community is getting stronger every day and we are very thankful for all that you do.
Most people use the Internet.
Research, entertainment, music and socializing via social media — we’ve all whiled away many hours using the net for one or many of these reasons. That means, at some point, you will have entered some of your data — maybe an email, name, gender, date-of-birth or shared photographs with your family and friends — “privately” on social media or a forum. All pretty harmless and the majority of online users regularly upload these same types of personal information without much concern.
‘Personal information’ can be described as data that is exclusively yours; it gives direct insight into your life. This includes general information as mentioned above, as well as more secretive information, such as bank details, financial information, and shopping habits.
Many consumers and Internet users generally believe that their information will be kept safe and secure — especially when it is provided to companies that are considered top of class in consumerism. One of the major commitments provided by these companies, especially online, is that they provide consumers the promise of data protection. Many have faith in the professional appearance of the brand’s stores and websites coupled with the popularity and power they hold in the retail market. However, in this rose-tinted relationship, people often fail to consider the potential downfalls of believing in this commitment too blindly.
One of the major downfalls of some popular brands is their general lack of security, especially with website users personal information. There are many ways that outside forces can obtain the personal information of the brands and its users — and when this happens it’s called a data breach. Some untrustworthy brands will try to hide the breach; some simply cannot hide it purely based on the sheer scale of the breach itself or the numbers of users affected. But all breaches come with risk for both parties, especially financially.
So without further ado, here are the top five data breaches of 2019 — yes really! We are only in the first quarter, but companies still don’t seem to have learned from the past and the recent changes in Europe’s GDPR privacy laws.
With a history of breaches, you would hope that Facebook has taken more precautions to reduce the risk of breaches and protect its users going forward — but no, they haven’t! With a range of breaches, notably from 2013 onwards, 2019 has seen ‘The Zuckerberg’ (founder and CEO) in hot water with the law.
From 2012 through 2013, the social media site was found to have shared over 6 million user accounts personal data to unauthorized users. This was apparently due to a bug and was fixed within a day. However, this shows you the sheer scale of the breach that can occur in such a short time.
In 2016, Facebook was found to have breached users information via third-party apps; the personal information was stored on AWS servers, which put users at risk, especially if they re-use their passwords on other websites.
In 2018, Facebook, and more-so Zuckerberg, was called before the UK Parliament and interrogated for supposedly data harvesting 87 million users details for the benefit of political consultants. This fiasco was just one of the many issues that Facebook had, and continues to have, with the Cambridge Analytica scandal running into 2019. Zuckerberg is actively working with the FBI and, also the website, to reduce the breach’s impact.
In 2019, Facebook announced they accidentally uploaded the email addresses of over 1.5 million users, once again without consent to the website.
The repetition of these events from a major site should strengthen your concerns as to why you should not blindly trust these huge brands with your data.
Rundown:
✔ 2019–1.5 million accounts affected by Facebook ‘’unintentionally’’ grabbing users data.
✔ 2019–540 million accounts affected. User information was stored on Amazon Cloud servers.
✔ 2018–87 million users affected by data harvesting for political gain.
✔ 2016 — Found to have data shared with large companies such as Amazon, Sony, Apple and Microsoft.
✔ 2013–6 million users personal data exposed to unauthorized users due to a bug breach.
Fortnite (Epic Games)
The infamous online Battle Royale game also suffered a data breach this year. Maybe you play yourself or have a friend or family member that does, either way, we all know at least one Fortnite fanatic.
If you’ve ever played the game, you’ll note that the population of gamers is predominantly younger children upwards to teens. This age range itself isn’t always security savvy — common sense would tell you that Epic Games would factor in additional security for this reason alone. However, 80 million accounts were affected by a breach that would have led any hacker to gain full access to the game account and the personal information attached to the account, as well.
Typically, bank account information is linked so that in-game purchases can be made. Financially, this is a major risk for users, however, and the hack would allow a perpetrator to listen into in-game activity once they had joined an active game. The worrying aspect is that the gamer wouldn’t know this had occurred and in-game discussions could give a vast amount of personal data to the hacker.
Needless to say, a fix was rolled out to mend this flaw and no accounts were hijacked…or at least those we know of?
Rundown:
✔ 2019–80 million accounts account affected.
Microsoft
Microsoft web services such as Outlook, Hotmail and MSN were initially thought to have suffered a breach for a period of three months. However, it was later found that the company undersold the breach. The breach initially came about due to a Microsoft support agent’s compromised credentials. Again, this is a huge worry, as human error in all brands can play a part in many of the downfalls. However, you would expect Microsoft to have some protection against this supported by extensive training. This is a very good example as to why companies should ensure proper training is given to their employees, especially when they are providing support within the IT field!
Rundown:
✔ 2019–6% of all web-based service accounts were affected. Information included passwords, who users communicated with, and folder names were all affected.
Coinmama
Coinmama is a popular cryptocurrency brokerage website, so it’s natural to assume that their security would be adequate enough to combat any potential breaches, right? In February, the site along with a few companies was breached. The breach included hashed passwords and usernames and the data was being promoted on a registry on the dark web for 2.6 Bitcoin. There were around 750 million records offered for sale, so it’s unknown exactly how many came from Coinmama themselves.
Other companies affected included popular health tracking app, MyFitnessPal, along with housewares website, Houzz. To add insult to injury, the dark web seller added an additional 91 million records on the dark web, making this breach a whopping 841 million, that we know of.
Rundown:
✔ 2019 — Included in a multi-company breach totaling 841 million affected users.
Daily Motion
2016, 2018 and now again in 2019, the popular video sharing platform that boasts 3.5 billion views per month have done it again. Daily Motion suffered a credential stuffing attack in January of this year.
For those of you who don’t know what a credential stuffing attack is, it’s when a person or persons gain unauthorized access to a platform by bombarding users credentials until they get a matching pair of usernames and passwords. These credentials are usually obtained through massive data breaches in the form of databases and are bought, sold, or leaked on black markets. This is why it’s so important to use different passwords for different websites and to change them frequently.
Some accounts were affected by this attack, but Daily Motion stated that steps had been taken to block any accounts that were impacted by this through logging off users and issuing password resets.
Rundown:
✔ 2019 — No announced statistics. However, ‘’many’’ accounts affected into the millions.
✔ 2016–85.2 million unique email addresses were stolen.
✔ 2016 -18.3 million passwords stolen.
Handle Your Privacy
We’re only 4 months into 2019 and already seeing data breaches on the rise. It’s essential to consider how the companies you trust secure your data. With privacy-centric companies such as Opacity, you are in complete control of your private data and can significantly reduce the risk of your personal information getting into the wrong hands.
Visit https://www.opacity.io for more info.
Join the conversation in Opacity Telegram
Follow us: Opacity Announcement Channel | Twitter | Reddit | Github | YouTube
Find OPQ on Kucoin
