- We give a lot of our data to companies like Facebook, Google, and Microsoft. But we don't always know how well that data is protected.
- Data breaches like Collection #1 or attacks like the T-Mobile hack happen way too frequently.
- And companies like Facebook have been criticized for uploading user data without permission.
- You can't stop a company from getting hacked, but you can limit how much information you share.
- Here are some simple ways you can maintain your privacy online.
- Visit Business Insider's homepage for more stories.
Following is a transcript of the video.
Narrator: If you're watching this video, there's a good chance your data has been hacked, leaked, or stolen. Over a billion users were affected by data breaches in 2018, and it seems like there are reports of new hacks every week. Can you even use the internet without your information eventually leaking? What's going on with your data?
We trust companies with a lot of our data. Unfortunately, we don't always know how the data's being used or if it's protected. Third parties accessing your information without your permission is never good. But there are actually a bunch of ways your information can be exposed. Large data breaches can leak data from multiple companies, often containing information of millions of users. In 2018, a leak called Collection #1 was released on the file-hosting site Mega. Collection #1 contained millions of passwords and emails all collected from previous data breaches. But sometimes the attacks are more specific.
Hackers often target individual companies to gain access to their user data. The largest hack so far was the Yahoo hack. In 2013, 3 billion user accounts were compromised. The breach included user phone numbers, birth dates, and even security questions and answers. Even though that breach happened in 2013, users didn't know the full scale until three years later. More recently, T-Mobile was targeted by hackers who stole the data of 2 million users. These types of hacks are all too common nowadays. But it gets worse.
Third parties can have access to your data even if there was no hack. When you sign into an app or a game with Facebook, you're sharing some of your data, and it's hard to know how the data you share is being used or who has access to it. In 2015, the app This Is Your Digital Life shared user data with third parties like Cambridge Analytica. Facebook gave the app access to user-profile data and information on subjects each user was interested in. Users of the app had no idea this data was being used, and in April, Business Insider reported that Facebook had unintentionally uploaded 1.5 million email contacts without user permission. Facebook has even been criticized for using phone numbers used to verify passwords to instead target ads, taking something that was supposed to be used for security and using it to improve ad tracking.
Sometimes there isn't even malicious intent, just negligence. In 2018, The Wall Street Journal reported that a bug in Google Plus could have exposed the data of hundreds of thousands of users. Google claims no user data was misused, but they failed to disclose this issue for months.
OK, so this type of thing happens a lot, and your data is probably out there. But how does this actually affect you? At best, it doesn't. If your email address is leaked, for example, there isn't much that hackers can do without having other information. But it gets worse when more private information is exposed. If passwords and emails are leaked, you're at risk of having your account stolen or accessed by someone else. And depending on where the data came from and how often it was used, it could mean someone now has access to your email login, online bank accounts, or other very sensitive data. The worst-case scenario can include things like credit-card fraud and identity theft. These breaches have serious impacts beyond bad PR for a company, and they're actually getting worse.
The number and size of data breaches has skyrocketed in the last decade. According to research from Norton Lifelock, more than a billion adults have been the victim of a cyber crime. OK, so at this point, you're probably a little freaked out and are wondering what you can do to protect your data.
Here are a few tips that don't take a lot of time but can have huge security benefits.
1. Find out if your data has been leaked
First, check if your data has been leaked. The website Have I Been Pwned has a database of information that has been exposed. You can input your info like an email address or old passwords to see if that data has been leaked.
2. Change your passwords
If it has, change those passwords right away.
3. Vary your passwords
Speaking of passwords, using the same password for everything is a horrible idea. If one account is compromised, all of your accounts will be at risk.
4. Use a password manager
Instead, use a password manager, like LastPass or 1Password. A password manager securely stores your passwords and can help you generate unique ones that are hard to crack with brute-force hacking.
5. Set up two-factor authentication
Additionally, setting up two-factor authentication for your accounts can prevent someone who has that password from accessing that account. If you're feeling overly vulnerable or paranoid, you can even purchase a device like YubiKey to add even more security to your accounts. Even something as simple as keeping your apps and computer up-to-date can help prevent malicious attacks.
6. Turn off ad tracking
Next, turn off ad tracking when available. We give a lot of information to online advertisers without even knowing it, but some services give users the option to limit what is being shared.
7. Switch your browser
If you wanna go even further, you can use a browser like Firefox Focus, which acts as always-on incognito mode, enabling a private-browsing session that shares and retains less data than traditional browsers.
8. Get a paid VPN
Finally, using a paid VPN can hide your internet traffic and IP address from third parties. A VPN can also protect your data when you're using public WiFi. It will encrypt your data, making it much more difficult for anyone to steal it from an open network.
9. Monitor your credit
If you think sensitive data has leaked, that could allow for fraud or identity theft. Be sure to contact your credit-card company and credit-reporting bureaus. You can also monitor your credit yourself via sites like Credit Sesame, which will alert you if there are any inquiries into your credit.
This is a lot, I know. Being on the internet means we're always sharing some kind of data. You can't stop a company from getting hacked, but you can limit how much information you share.