2016 was a year of many first, but hacking is not one of them, nor will it have been the last of it – with the prevalence of data in the cloud, the omniscience of social media and voluntary production of personal information online, personal and professional privacy is at stake now more than ever. Despite encryption, which takes your data and rearranges it into a form only known by the user, and a number of other technologies and methodologies, threats to data safety and integrity continue to grow by the day, and so too do the efforts of cybersecurity professionals to defend against them.
As we wrap up the first quarter of 2017, let’s visit some of the worst data breaches of 2016:
Last year, hackers gained access to upwards of 400 million social media accounts and passwords on the social media site MySpace. Several weeks before, the same hacker released a comparable cache of stolen LinkedIn credentials, leading one to ponder that it is definitely a bad idea to use the same e-mail and password across multiple websites, especially when it comes to financial information.
Oracle’s Micros Division
Hackers broke into the point-of-sale portal at Oracle’s Micros support division, illustrating once again that point-of-sale systems are prime targets for attacks targeting user credentials, something that seems to be becoming all the more frequent. Oracle is one of the most prolific software companies in the world; if it can happen at Oracle, it can happen anywhere.
Sometime last year, a cache of e-mails and 50 million individual pieces of information surfaced after a hacker claimed he’d gotten them off of Zoosk, a well-known dating site. No one knows where the cache of data really came from, and it included big-wigs from companies like Apple and Microsoft, as well as government agencies. A strange case in the age of interconnectedness, and certainly not the last.
A Russian hacker calling themselves Tessa88 claimed possession of the credentials for over 370 million Twitter accounts in 2016; however, Twitter responded that it hadn’t been hacked. Another possibility is that these individual users had independently become infected with the same strain of malware and their information was cumulatively sent back to the same hacker.
And finally, in mid-2016 the Russian equivalent of Facebook, VK.com, fell victim to a hack attack that claimed almost all of its 190 million users. However, upon clarification, the website claimed that it had not been hacked, that the credentials taken were old, and that that users with weak passwords were required to change them.
Every organization has its vested interests, and regardless of what a company tells you, the best things you can do for your own protection are often the simplest; use varied usernames and passwords, scan for viruses regularly, and monitor your financial information. Though no system is 100% failproof, you do have recourse. As for businesses and organizations themselves, these incidents stress the already oft-repeated adage: “The more things change, the more they stay the same.” Security standards might be increasing, but so too are the efforts of cybercriminals, and in this brave new world, you really need to be your own advocate.