I’ve had enough! For years, I have watched data companies like Equifax and Experian, social networking sites like Facebook, Search sites like Google and financial services companies make BILLIONS of dollars using, exchanging and – leaking – my personal data. I am TIRED of this and believe it is time for us to do something.
What triggered my ire was a January 2019 WIRED article on a major data breach. According to the article, more than 773 MILLION – that’s right MILLION! – email AND PASSWORDs were taken. It’s was posted online in a folder labeled Collection #1. The 87GB breach contains 772,904,991 unique email addresses and 21,222,975 unique passwords. To make it worse, “The trove appeared briefly on MEGA, the cloud service, and persisted on what Tony Hunt refers to as “a popular hacking forum.”
In a Newsweek article from January 17, 2019, they interviewed a security reporter named Brian Krebs “quickly emphasized in an online analysis that the stolen data is largely two to three years old and not the largest data breach ever found, as some news outlets have claimed. Krebs was able to locate a seller, who goes by the username “Sanixer,” offering access to Collection #1 for $45. Sanixer told Krebs that “Collection #1 consists of data pulled from a huge number of hacked sites and was not exactly his ‘freshest’ offering.” His other password packages…total more than 4 terabytes in size [and] are less than a year old.”
So the hackers have my email & password. And they can get it for less than $50! This is GREAT!
To read the story from WIRED magazine, you can click HERE or, if you want a short but scary summary, watch this 45 second YouTube video from Wochit News.
You may THINK you avoided the breach but I’ll BET YOU ARE WRONG!!!
What REALLY upsets me is that most people think they have avoided these types of data breaches…even as the number of names stolen rises into the BILLIONS! We don’t really have a way to find out and the news media … and our legislators … just ignore the problem. DID YOU EVEN KNOW THIS HAPPENED???
This data breach was first reported by security researcher Troy Hunt. Troy is a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security. I want to thank him for finding the breach and reporting it through WIRED magazine. After you read this blog, you can follow his blog by clicking HERE. It is a worthwhile read. But I digress…
Tony created a very useful website called “Have I Been Pwned?” [Pwned is slang for Owned]. As Tony explains “The FAQs page goes into a lot more detail, but all the data on this site comes from “breaches” where data is exposed to persons that should not have been able to view it. It is a site designed to see if your email has been stolen, if your website is secure and a lot of other security features you should explore.
Think your email hasn’t been sold? Let’s find out. Click on the logo below, enter your email and then get upset because you are probably in the data breach. If the site says your email was pwned, scroll down and it will show you which sites have your email address and the other data associated with it. It is a real “eye opener” and shows you just how much your data is traded in the “dark net”. If you email has been stolen, get mad and then read the rest of the blog to learn what you can – and should – do to protect yourself and others.
NOW THAT I HAVE YOUR ATTENTION…
The time has come for us to begin getting serious about data security and our data rights. It is time to begin demanding that our legislators don’t just talk about the problem…it is time they address it. The data giants have shown they cannot protect us and will not protect us. Collecting and using our data is the source of their income! It is time we get serious, like the EU did with the GDPR and start taking control of the situation.
Here are my recommendations as to what to do:
Protect Yourself – Before going on the offensive, you need to protect yourself. Get Lifelock or other similar protection systems to keep track of your email, your credit, and your online information. It is well worth it as the size and scope of these data breaches continues to increase.
Change your Passwords and make them tough to crack – You can get password generators to add to your Chrome or other search engine site or can find free ones you can just use. Here is an article on the best free generator and password management software from TechRadar. Get your passwords changed if you were a part of the breach! Never reuse passwords and change them frequently!
Enable two-factor authentication – On as many sites as you can, enable two-factor authentication. This makes your password less useful to thieves and hackers. Why make it easier for them!
I want control – In a bullet point or two, I am going to ask you to tell your legislators to address the issue in your state and national government. But what to address? In my opinion, I should be able to control who has access to my data and how it can be used for advertising. You know you trade away these rights when you sign up for sites like Facebook and others. But, can you find where you gave away your rights? Have you ever read their “Terms of Service”? Even lawyers can figure it out. What we need is to be able to ACCEPT what types of advertising we want to be exposed to…down to the specific company. I want social networking and search sites to let me control what I see and hear.
AND I want to be paid for it! – If Google and Facebook can make BILLIONS every year selling my information to advertisers, why can’t I be PAID to watch or read it? I like the recent lawsuits in the EU from their GDPR privacy legislation. They are stating that social networking and ad agencies who sell your personal data to target your for ads, should pay you to watch them. Every one of them they present to you. Check out a recent article from TechCrunch discussing how a lawsuit in France could change AdTech forever! Why can’t we make money like the social networking and adtech firms do off of our data? Why not?
Become an agent for change – Here is a blog from Holland and Knight on Cyber Security and Privacy and is a non-political look at what is happening today. They also have interesting blogs on other topics. Learn what is being discussed and become a part of the discussion. Let your state and national legislators know you want them to begin addressing these data breaches is real ways.
Tell others about the breaches – I’ll bet there are a number of you who never heard about this massive data breach! Retweet this blog or the articles I cite and let them know to go to “Have I Been Pwned?” to see if they have been a part of the breach. Hopefully, knowledge will move us to action.
Let me know what you think of this blog article. As you can tell, it is a subject I am passionate about. If you find it interesting, I will do more blogs with more specific recommendations. For now, knowledge is power. See if your email is a part of the dark web. To know is to be forewarned!