David Papp Blog

5 Cases Where Business Weren’t Secure (And What You Can Do To Be More Secure)

There is an incredible amount of information available at our fingertips and a lot of it is thanks to businesses. While there are certainly dark elements to how information is used, businesses have assured us time and again that the information gathered is to help you experience the services to the fullest.

But while we get more targeted ads amongst a few other benefits, all of that comes with a price. That price being shown the most in cases where businesses are attacked and private information is exposed.

Sure, there are all kinds of data breaches to the point we may have grown numb to it, but it’s worth looking at some of the larger cases. At least to use it as a reminder that businesses can do better and that we can too. With that said, here are some breaches, the costs that came with them, and what we can do ourselves to improve our security.

Yahoo!

By far one of the biggest breaches in history, you may have forgotten about this breach. It came to public attention in 2016 that during 2013 and 2014, Yahoo was hacked twice. There was an attack in 2014 that impacted 500 million users. During that case, Yahoo contacted customers affected so that they could take protective measures.

But what people weren’t aware was that in 2013, there was another breach before that which affected all three billion of Yahoo’s users. This came to our attention three years later when Verizon was in the process of acquiring Yahoo.

Announced September 2016, it became public knowledge by December 2016. This sort of trend you’ll see time and again as breaches take at least a year and sometimes more to be detected.

So what was taken from this breach in the first place?

Emails, names, dates, phone numbers and passwords were what were taken. Also if you used your yahoo email address to reset passwords for other sites those too would be compromised.

Depending on how often you use your yahoo email, that can be a big deal. An email is surprisingly powerful in the hands of a hacker depending on how reliant you are on it. Even using it as a backup email to your main email address can be a cause for concern.

First American Financial Corporation

This one happened earlier in 2019 and broke records in terms of breached information. Though this breach likely came from a program error rather than an actual hack, that information in the hands of hackers would’ve been disastrous.

In May 2019, 885 million records were exposed on their website before the information was taken offline that same day. Information that was there included bank account details, social security numbers, wire transactions and mortgage data. All of which were made accessible on the company’s serves.

Fortunately no one seemed to have taken advantage of that information so it’s hard to tell if any person’s data was compromised despite this data being exposed. Regardless the potential was prominent. Fortunately a few people noticed and reported it to the company who quickly responded.

Facebook

One company that didn’t respond swiftly to problems though was Facebook. Facebook over the past few years has been in a lot of hot water. With the fact it’s collected so much data, it’s a prime target for breaches. Not to mention a lot of misinformation.

We already know about the Cambridge Analytica debacle in 2016, but there was one other breach that impacted 540 million accounts being exposed.

This breach was caused by two companies: Cultura Colectiva, and an app called At the Pool.

While the app was shut down in 2014, it exposed data of 22,000 users. The company Cultura Colectiva then exposed 146 gigabytes of user data. This data consisted of account names, IDs, and comment and reaction details.

The thing is though that this breach was brought up to Cultura and Amazon back in January 2019 and it seemed like nothing happened at all to fix the problem. Why Amazon was alerted was due to Facebook shifting data to Amazon’s cloud computing service. The breach became public knowledge by April 2019.

But why does all of this matter? Well with all of that data exposed, it’s easy for individuals to create fake accounts. Currently that is a huge issue that Facebook has been trying to stamp out along with the series of scandals that are happening to it.

Marriott Hotels

The fourth case is Marriott Hotels. Swiping information from roughly 500 million guests, this is an example that some companies love collecting unnecessary information.

Why I say this is to look back at why companies need information. In the cases of Facebook, Yahoo!, and the First American Financial Corporation, the information is needed in order to provide ads, but also offer up various services that could help you.

In the case of a hotel, what’s the point of them knowing your home address? What’s also the point of them storing passport details? Are they going to send you flyers in the mail or what?

Yes, I understand they need some way to confirm identification but if they already require a credit card, you’d think some other pieces of information aren’t as important.

Anyway Marriott Hotels collected so much information that a lot of people’s credit cards were exposed along with other personal details such as address, date of birth, and email.

Friend Finder Networks

The final big security breach is a breach that’s been unusually handled. In 2016, the site Friend Finder Network was attacked along with their other account Adult Friend Finder. Overall, 412 million accounts were exposed and to this day we don’t know what was taken.

Why is that?

That’s because the company not only refused to explain the details, but also hasn’t publicly announced the breach. It has on record admitted there was a breach though so I guess that’s progress.

That being said we can speculate what sort of information is taken considering the year before that big breach there was another exposing 4 million accounts. What was taken was people’s sexual preferences and whether someone was looking for an affair or not.

I can only presume that the breach took similar information or other information pertaining to the account such as usernames, email addresses, passwords, membership data, etc.

So What Can You Do About All This?

Through each case there have been various themes that we see time and again. With all of that in mind, here are some bullet points to keep in mind about your security.

  • Have a stronger password and change it often. When a hacker has your email they can do a lot of things with it. As I suggested in Yahoo’s case, if you use it as a back up email or you have password reset options sent there, hackers can get to other sites that you may be on.As such, make sure your password is routinely changed and that it’s strong.
  • Do some digging into privacy settings. Be aware of what’s at stake and what sort of data is being collected and used. Every company is required to have a page devoted to outlining this stuff. All you need to do is look around for it.
  • Invest in tighter security. There are all kinds of security apps available and each one has a lot to offer. Even free versions can be pretty robust.
  • Be wise about what information you give out. When you go shopping online, there is certain information that’s being asked of you. Make sure that it’s consistent throughout the various sites that you check out. Not only that but take some time to ask yourself whether a company needs to know that information or not. Remember you can always dig around the site for their privacy policy to know what and why they need this information.
  • Give feedback to companies. Most importantly give some feedback to companies. Whenever you notice something odd, bring it up to someone’s attention. Send a support ticket or an email to the company. Especially if it’s a company you regularly deal with.The reason it takes companies so long for them to report breaches is the fact the data breach occurred months or years ago and was meant to go undetected.This is why data stollen in recent years dated back a few years ago. So the sooner people notice anything unusual, the sooner companies can hopefully address issues.

Security is not perfect and with so much information being tossed around there will be plenty more breaches. That’s not a reason to be pessimistic about the situation though. As long as we stay vigilant and informed, we are becoming more secure in the process.