Data Breaches for Dummies
If you like watching Netflix shows with leading female roles, you’d probably get trailers that focus more on its female characters. If you like to rewatch the scenes in Money Heist where Nairobi is being a badass then you’d probably get recommended on shows where the actress that plays Nairobi is starring in it and be her badass self.
When you compare the recommended trailers and thumbnails that you and your friend have on the same show on Netflix, you would see that you two will get different kinds of trailers and thumbnails. How did Netflix know what interests you the most? You sure didn’t tell them your interests and hobbies when registering your account, right? See, Netflix records your watching patterns and behavior so they can personalize your watching experience.
In all honesty, your actions speak louder than your words.
Without you stating your interests explicitly, trivial actions you did is more than enough to inform the companies of your interests. You don’t have to buy things on an e-commerce site for them to know your personal interest. The keywords you typed, the images you looked at for 2 minutes to ask your friends opinion on whether you should buy it or not, or things you put in your cart (just for the fun of it) and not actually proceeding to check them out are fully recorded by the site.
Every click, visit, and basic interaction that you are involved in, are considered as data. Data is the new commodity.
See it this way, when your credit card gets stolen you can just call your bank and have it blocked or changed. But when your data is stolen, you can’t change your name, your date of birth or address. Your personal data online is like a mirror of your real self, it’s you in a digital form, and it’s OUT there.
Your experiences in LinkedIn and Instagram Posts are the information you shared publicly and willingly to the Internet. But what about your private information that wasn’t meant to be made public? What if someone took your private information without permission? (Hint: It’s criminal related)
So.. does it have a name?
Yep, and its name is Data Breach. Basically, a data breach is what happens when someone takes your personal data without your permission. If you’re a fellow GOJEK user, I’m betting you most likely have received a scam phone call asking for your GOJEK OTP code. Those scammers can work only by your name and phone number. Imagine if they have a whole profile on your interests, behavior, address, card info, or even social security number.
If you’ve stayed on-the-line these past few weeks, you’d probably heard of some recent data breach cases. These data breach cases have got some people very heated, and they all have the right to be angry. To think of it — your name, email, or phone number could have been sold to anyone by now.
Even worse, The Chairman of Communication & Information System Security Research Center, Pratama Persadha, said that it’s possible that other platforms may have been hacked too, but the hacker chose to ask for money directly to the company and not publicized it.
So there’s a high possibility that these breaches happen way more often than we think.
Frank W. Abagnale (a former conman, now a consultant for the FBI) being the inspiration behind the movie Catch Me If You Can, said:
“Hackers don’t cause breaches, people do”
He points out that these hackers are only looking for “open doors” and that these companies failing to “lock” their doors properly are at fault too.
And he’s not wrong.
A bit of Friends reference here — It’s like the customer is Chandler who trusted Joey(the company in this case) to show a stranger their entertainment unit but Joey unintentionally lets himself get locked in the cupboard and gets both of them robbed by the stranger.
So here are 3 steps so you don’t have to endure what Chandler & Joey experienced.
Numero Uno: Get your accounts checked!
Go over your app permissions and revoke suspicious ones and use haveibeenpwned.com to check if your emails have been breached. And if your email has been breached, quickly change your password and continue reading below.
Numero Dos: Two Factor Authentication
2FA or Two-Factor Authentication requires multiple authentications to log into your account, it’s when Google asks you to tap the corresponding number you see on the device you’re about to log in to your phone or getting an SMS containing an OTP code for you to input at the login page. These safety measures will help you take corrective actions in time, should someone is trying to hack into your account.
Numero Tres: Passwords!
Don’t use the same password for everything and use a password manager instead. You could use Keepass for the free-opt or Dashlane for the premium-opt.
Great! You have done your part,
but where’s the government at in all of this?
The Indonesian government has submitted their draft on Data Protection Regulation in January but we are still nowhere near the European Union’s General Data Protection Regulation. They really have sharp teeth on handling these issues because they want to give the citizens more control of their data. They make it mandatory for the companies to delete customers’ data when they are no longer in use and of course they give huge fines to those who break it.
Wow, the more you know, right.
Anyway, if you‘ve got some free time and if you want to know more about data breaches or personal data without getting too technical, I recommend watching The Great Hack, a documentary of a company that exploits Facebook users data points for the 2016 US presidential election or Snowden, a movie inspired by the real-life story of a CIA Agent that found out the US government is illegally harvesting personal data from its ordinary citizens.
Well, that is all from me. Stay safe!
Writer: Mila Kaamiliaa
Editor: Afrah Hardian, Alif Mahardhika, Romi Hadiyan, Yafonia Hutabarat
RISTEK Fasilkom UI 2020
Instagram: @ristek.csui
Twitter: @RistekCSUI
LinkedIn: RISTEK Fakultas Ilmu Komputer Universitas Indonesia
Spotify Podcast: RISTEK Fasilkom UI
