The Conversation (0)
Hackers
iStock
It’s been a bad month for the safety of your data: What happened, and how to protect yourself online
Facebook, Toyota, Georgia Tech, and Planet Hollywood all sound the alarm
Your personal information has had a tough start to 2019, with data breaches reported at Facebook, Toyota, Georgia Institute of Technology, and Earls Enterprises, the parent company of Planet Hollywood.
In what is quickly becoming a familiar tale, the personal information of millions of users—or over half a billion, in the latest Facebook security gaffe—is taken from companies and businesses that people trust.
Read More:
- 5 ways to stay more secure online
- This dating app announced it had been hacked, on Valentine's Day
- 5 internet safety tips to keep your children safe online
Toyota
Several Toyota subsidiaries have fallen victim to recent cyber attacksiStock
The latest round of bad news began in late-March, when Toyota announced through its Japanese newsroom that hackers gained "unauthorized access to the network," which led to customer data belonging to eight subsidiaries across Japan being stolen. The subsidiaries include Lexus, the luxury car making division of Toyota.
Toyota says up to 3.1 million "items of customer information may have been leaked outside the company," but said this does not include credit card information.
What's especially interesting is that this is far from an isolated incident for Toyota. A day later, the car maker's Vietnam and Thailand subsidiaries made separate statement to say they too had been victim of suspected cyber attacks. These all come after Toyota Australia said in February it too had been the victim of an attempted cyber attack, although in this case no data was successfully stolen.
Despite the scale and apparent seriousness of such hacking attempts, consumers generally do not feel threatened by such cyber attacks, even on companies they deal with and which hold their personal and financial information. After all, it is widely understood that victims of cyberattacks who are unfortunate enough to lose money via their credit card details being stolen, can report the crime and in most cases have their funds quickly returned.
This disinterested is echoed by a stock market that mostly understands that companies quickly recover from cyber attacks, security gaffes, and the negative PR they create — just look at Facebook's share price, which hit heavy turbulence in the wake of the Cambridge Analytica scandal in early-2018, but has now almost recovered to its pre-scandal level. It spiked to a record-high in the summer, before tumbling some more, then bouncing back again in early 2019.
Regarding the damage caused by cybercrime and the irresponsible use of customer data, Wall Street has a short memory and is quick to forgive.
This is reflected by a research paper, Cyber Attacks and Stock Market Activity, published in June 2018 by Daniele Bianchi of the University of Warwick, UK, and Onur Kemal Tosun of Cardiff Business School, UK. Studying how financial markets react to unexpected corporate security breaches in the short- and long-term, the pair wrote: "Interestingly...for target firms, both CEO total pay and incentive pay tend to increase several years after a security breach compared to control firms."
The paper also discovered that, because a cyber attack victim invests to prevent future breaches, there is no evidence of an uptick in staff firing after an attack, and "there is no significant effect of hacking on firms' operating performance in the long term."
Earl Enterprises
Planet Hollywood owner Earl Enterprises had malware on its payments system for 10 monthsiStock
The next victim to come clean about being the victim of a cyber attack was Earl Enterprises, parent company of the Planet Hollywood, Buca di Beppo and Earl of Sandwich restaurant chains. In this case, point-of-sale malware was used to take credit card details as customers paid for their meal.
The data included customer names, credit card names, and expiry dates. While the company did not say how many people were affected, KrebsOnSecurity puts the figure at more than two million. This data was offered for sale online in February and collected by the malware between May 2018 and March 2019 — a 10-month cyber security breach. Earl Enterprises admitted what had happened on March 29.
How to protect yourself
Again, while this sounds serious—and the security breach remained live for a worrying amount of time—there is little the consumer needs to worry about and little they could have done to protect themselves from malware installed on Earl's payment system.
As cyber security expert Brian Krebs wrote in his report on the incident, it is important to keep a close eye on your credit card bills. "Cardholders are not responsible for fraudulent charges, but your bank isn't always going to detect card fraud. That's why it's important to regularly review your monthly statements and quickly report any unauthorized charges."
Of course, you could always pay with cash to avoid using the card reader entirely.
Georgia Tech
Georgia Tech said 1.3 million individuals may have had their data accessediStock
Georgia Tech also brought bad news this month. On April 2, it announced that it had discovered the personal information of up to 1.3 million people—including current and former faculty, students, staff, and student applicants—had been unlawfully accessed. The university admitted the stolen data may include names, addresses, social security numbers, and birth dates.
How to protect yourself
The university said victims will be offered access to a credit monitoring service to help mitigate potential damage—such as fraud via social engineering—caused by those who accessed the personal data.
As with most data breaches, victims are left to wait and see what damage, if any, will occur. Unlike the theft of a username and password for a social network, which can be quickly changed by the victim, stolen databases of names, addresses, and social security numbers can be traded on the black market (often sold anonymously for Bitcoin) and then used to commit further crimes at a later date.
It is, therefore, tricky to protect yourself from such a breach other than to follow basic best-practice tips like never repeating passwords and taking steps to protect yourself—i.e., keeping a close eye on your online accounts and finances.
Finally, but by no means least, Facebook was once again making headlines over its irresponsible data practices. On April 3, it was reported that over 540 million Facebook records were left exposed on a publicly accessible server.
Researchers from IT firm UpGuard discovered the data on public Amazon cloud servers. The data included comments, likes, reactions, account names, Facebook IDs, and more. A second dataset, linked to a Facebook-integrated and now-defunct app called At The Pool, included Facebook user IDs, plus the users' likes, friends, photos, events, interests, and plaintext password—that is, a password for At The Pool rather than Facebook itself.
But this is not specifically Facebook's fault alone. As cyber security expert Graham Cluley explains on his blog, "[The data] was put there by third-party apps, whose apps integrated with Facebook. In short, Facebook allowed them to have access to the data, but then the third parties were careless with it."
Cluley added, "There are a myriad of third parties out there grabbing information via Facebook-integrated apps, and you have no way of knowing how well they are securing your data or—in many cases—what they might have taken at all."
As UpGuard pointed out in a blog post, the public availability of that password "would put users at risk who have reused the same password across accounts."
In its criticism of Facebook's data security practices the firm added: "The Facebook platform facilitated the collection of data about individuals and its transfer to third parties [Amazon], who became responsible for its security."
How to protect yourself
In this case, users are once again reminded never to use the same password twice, thus limiting their exposure to risk should one of their passwords be made public. You can use a password manager like LastPass or 1Password to create a unique password for everything you log into online. Managers also store them, saving you the need to remember anything apart from your one master password.
You should also consider locking down your Facebook account and restricting what apps, if any, can access your data through the social network. We wrote about this during the Cambridge Analytica scandal in 2018, but here's a reminder of what to do to stay safe:
- It's time to think seriously about your Facebook privacy settings
- How to change your Facebook password - again
- Why you should protect yourself online with a 1FA app, and how
- You need to start using a password manager - Here's how to get started
Or, as Cluley suggests, you could take the nuclear option. "If you value your privacy, the only sensible step is to quit Facebook before worse things happen."
GearBrain TV: How to Secure your Smart Deviceswww.youtube.com
From Your Site Articles
- Buying an IoT Device? 10 IoT Security Concerns to Consider ... ›
- 7 tips for shopping safely online to protect your wallet - Gearbrain ›
- 5 best password security tips experts want you to adopt - Gearbrain ›
- Securing the Stage: Data Protection in Online Entertainment - Gearbrain ›
Related Articles Around the Web
GearBrain Compatibility Find Engine
A pioneering recommendation platform where you can research,
discover, buy, and learn how to connect and optimize smart devices.
Join our community! Ask and answer questions about smart devices and save yours in My Gear.
