Was this always happening in this big scope? Leaks of games, data that is stolen, all these breaches in big companies. Feels like I see this everyday
We’ve gotten better at reporting them
What's up with all this data breaches and leaks?
Submitted 10 months ago by zilla@lemmy.world to [deleted]
Comments
DaCrazyJamez@sh.itjust.works 10 months ago
SlothMama@lemmy.world 10 months ago
Still a very small subset of the data breaches out there.
Think about it.
Start with the total amount of data breaches. Narrow that further to the data beaches that someone noticed. Narrow that further to the data breaches they reported. Narrow further to the ones that you have heard about.
What you know about it is a trailing indicator of the total incidences.
MNByChoice@midwest.social 10 months ago
We’ve gotten better at reporting them
Close. There are more laws requiring reporting within certain timeframes. Few companies report when they are not forced to.
slazer2au@lemmy.world 10 months ago
Yes, breaches have always happened. There have been some very high profile ones in the past like Sony and Adobe that caused governments to create laws forcing registered businesses to disclose breaches where Personal Identifiable Information is accessed. So you are hearing more because they are forced to disclose more.
The other side is hacking tools have become far more powerful with a much lower barrier to entry.
Previously you needed to find and build your own tools for exploits. A considerable amount of private hacking groups will sell access to their tools for others to use leading to the rise of Ransomware as a Service (RaaS). Hackers poking fun at the current XaaS naming (SaaS, IaaS, etc.)
LemmyKnowsBest@lemmy.world 10 months ago
Ashley Madison
Equifax
23 and Me
those are the only ones I know off the top of my head because those are the ones that affected me. (my ex-husband was on the AM list; I was affected by the Equifax breach; my daughter was affected by the 23 and me breach)
CyberTaco@lemmy.world 10 months ago
Ooo. Really sorry to hear about your husband doing that. :-(
LemmyKnowsBest@lemmy.world 10 months ago
No problem. I thought it was hilarious.
FireRetardant@lemmy.world 10 months ago
The 23 and me stuff is expecially scary. It is bad enough giving out genetic information to a company. It is even worse when that information is stolen.
Anyone interested in using a gentic ancestry service should read the book Genethics by David Suzuki & Peter Knudtson first. TLDR if a big enough genetic data bank is aquired by the wrong hands, discriminatory practices could increase significantly in job interviews, health insurance and other sectors. Chemical warfare could also be specifically tuned to specific genetic groups.
Fredselfish@lemmy.world 10 months ago
My mortgage company had a breach and I saw three articles about three different companies having breachs. That and I think OP is also talking about the video game code leaks.
noUsernamesLef7@infosec.pub 10 months ago
As someone in the thick of it, it has been a nervewracking quarter for mortgage company IT and Infosec teams. There have been several very high profile breaches the last few months.
zilla@lemmy.world 10 months ago
Yeah like kinda everything. Wasn’t sure if it’s just more reports. In the end it’s a mix of all the systems.
I thought i missed something. But all you folk’s provided good information for me and i am thankful for this
Extrasvhx9he@lemmy.today 10 months ago
Also mint mobile recently
DirigibleProtein@aussie.zone 10 months ago
In my experience, it’s always been this bad. However, as the world becomes more connected, it becomes easier to find systems to break into and easier to find ways to break in. It’s only recently that most countries have enacted legislation to enforce mandatory reporting of data breaches, and so we hear more about them.
Cyber security has always been (and probably always will be) an arms race between those who want to secure data and those who want to steal it. As the value and usefulness of data goes up, so does the desire of the bad guys to steal it. Identity theft and just plain ransoming of data are only ever going to increase.
Use:
- a password manager
- a different random password or pass phrase for every site
- a different random email address for each site (Apple’s “Hide my Email”; Firefox Relay; DuckDuckGo mail; 33mail, for example)
- different false details as much as possible for every site
Don’t:
- Use the same details (name, password, email address) on every site
- use your real details if you can possibly avoid it. If you must, misspell your details (“Johhn Smith”, “1 Maiin Street”) so that you can track the misuse of your data.
Delphia@lemmy.world 10 months ago
Or buy a domain and run all your email through a catchall with different emails for different services.
Netflix@johnsmith.com, fishingworld@johnsmith.com etc.
Lemminary@lemmy.world 10 months ago
fishingworld
Thought that said “fistingworld” and almost spilled my drink
reddig33@lemmy.world 10 months ago
Data is worth money. If your bank left the back door open all the time, I’m sure people would walk in and steal money. Same thing.
stackPeek@lemmy.world 10 months ago
My personal opinion: those hackers are probably not that clever nor smart, it’s just that companies doesn’t often properly follows security best practices despite storing plenty amount of sensitive information.
thedirtyknapkin@lemmy.world 10 months ago
i mean, are there ever consequences to the companies? how often does it actually affect their bottom line?
it keeps happening because companies doing very little to stop it because they have little incentive to.
Ghostalmedia@lemmy.world 10 months ago
IMHO, the biggest recent change is visibility to breach notifications. The notifications have been going out in many places for over a decade, but now there are lots of products that easily expose that information to people and the media.
Lemminary@lemmy.world 10 months ago
Some companies have found that leaks create hype, especially for games. League of Legends is infamously known to get everything leaked, probably on purpose. Until players get fed up with it, at least.
zilla@lemmy.world 10 months ago
Thank you for all the answers and also tips
…time to live in the woods :D
Lath@kbin.social 10 months ago
I've been exposed so many times throughout the years, the mails were automatically moved to the spam folder.
Lunar@lemmy.wtf 10 months ago
It’s the new normal.
kubica@kbin.social 10 months ago
I'd say that some time ago there weren't that many leaks because not so much data was stored. But sites were modified to show spam and such.
SereneHurricane@lemmy.world 10 months ago
Cyber security guy here.
Consider a large organization with a lot to lose. They usually invest proactively in a Cyber security program.
Now consider all these companies with data breaches. They were tiny startups with nothing to lose. No reason to consider an investment in cyber security best practices. Their modus operandi was quickly pushing the product to market so that the $ could start coming in.
dipshit@lemmy.world 10 months ago
security is hard and complex. companies don’t hire security people.
CluckN@lemmy.world 10 months ago
My tinfoil hat security cycle is as follows
Company experiences a breach > Hire an expensive internal security team > wait 3 financial quarters > new suits wonder why they spend $$$ on security if nothing has happened > lighten security team
Inucune@lemmy.world 10 months ago
There is money to be made in getting hacked.
boblin@infosec.pub 10 months ago
Or companies do hire security, but the security team is incompetent and unable/unwilling to adapt to new challenges. Then it devolves into security theater, until either someone new comes who cleans house or a breach happens.