Browser extensions

Mobile apps

Learning password security jargon: Data Breach

Sun Oct 27 2019 - 8 min read

Data breaches may seem menacing: they make headlines every day and leave us in a constant state of anxiety. But the culprit isn’t always a big scary data monster out to get us — sometimes the fault is in our own weak passwords. In fact, 80% of data breaches are caused by compromised, weak, and reused passwords.

On the one hand, news like this can make us all feel a bit silly. On the other, it’s hugely empowering to know we can always stay one step ahead of cyber criminals – even if our only weapon is a good password.

In this series of data protection posts, we’ve covered some crucial areas of cybersecurity. From password protection, and browser security to advice on keeping your online information safe. The threat of being involved in a data breach is a constant worry, which is why we’re here to show you how easy it is to avoid.

In this article, we’ll be discussing:

  • What a data breach actually is;

  • Recent data breaches;

  • How and why data breaches happen;

  • What you can do to prevent them.

What is a data breach?

A data breach is an incident in which confidential and protected information is exposed, copied, used, or taken without authorization. An example could be the theft of your credit card details or Social Security number. On a larger scale, giant corporations may unintentionally expose millions of user passwords to cybercriminals. Once data is leaked, there is no way to control its spread and use.

From hospitals to gaming forums, there are plenty of places where your information is stored. While we trust these institutions to protect our data, things often go wrong. Hackers will always try to be one -step ahead when it comes to the security of devices and corporations. iPhone’s FaceID can be hacked in less than 120 seconds, a weaker password can be cracked in milli-seconds, even your baby monitor is at risk.

2019 data breaches that shook the world

2019 has been a record year for cybercriminals, surpassing the total number of breached records for all of 2017 and 2018. It only takes one look at this list to witness the devastating scale of it all.

January 2019

Over 500 million records leaked, which is the equivalent of knowing the personal information of every single person in the United States.

  • Fortnite. An unsecured web page left over 200 million users vulnerable to attack.

  • Collection #1. 770 million email addresses and 21 million passwords leaked from multiple data breaches.

  • Oklahoma Department of Securities. Decades worth of sensitive data was left publicly accessible for a whole week before it was discovered.

  • Elasticsearch cloud storage. An Elasticsearch server, which was left open on the internet without a password, suffered a breach, leaking millions of casino players’ names, phone numbers, as well as home and email addresses. That left winning players vulnerable to extortion schemes.

March 2019

982 million email addresses leaked in one of the biggest database breaches to have ever occurred. The culprit?

  • Verifications.io – The marketing agency had no security measures in place to protect their gigantic database of consumer information. Security expert Bob Diachenko reported the incident, which led to the database being taken down. It included users’ names, birthdates, and home addresses.

April 2019

Over 500 million records exposed.

  • Facebook – 540 million user IDs, account names, likes, and comments exposed on a publicly accessible server by a third-party app.

  • At the Pool – A Facebook-integrated app stored 22,000 user passwords in plaintext, which is just as secure as writing them on post-it notes on the wall of a train station.

May 2019

Over a billion consumer records left exposed.

  • First American Corp.885 million records were made publicly accessible to anyone who had ever been emailed a link to a document by the company. That includes Social Security numbers, driver’s license images, and more.

  • Canva – A cybercriminal was able to access over 139 million user records, including encrypted passwords, email addresses, and countries of residence.

  • Flipboard – Similar to Canva, 145 million usernames and passwords were stolen from an unsecure database.

July 2019

The big one that received worldwide coverage.

  • Capital One – According to The New York Times, an employee managed to steal 80,000 bank account numbers, 140,000 Social Security numbers, and millions of credit card applications. The result: she racked up a $300 million debt for one of the world’s most trusted banks.

What causes data breaches?

  1. Weak passwords and stolen credentials. The easiest and most common way to steal your data is by guessing your passwords.

  2. Backdoors left open in apps and software in general. Poorly written apps can be riddled with security holes, which make the perfect entrance for hackers. Once they’re in, your data is theirs for the taking.

  3. Malware. This is software downloaded without intention through phishing emails or by visiting illegitimate websites.

  4. Insider jobs. Similar to the Capital One breach, employees are among the biggest threats to data security. Imagine 50,000 employees having direct access to millions of user details every day. Eventually, a bad egg crops up, and the consequences for the company and its customers can be disastrous.

The good news with a pinch of salt

There aren’t many occasions where the term ‘silver lining’ is met with great enthusiasm. But believe us when we say there most certainly is one. Data breaches on this scale create massive public awareness and, if channeled positively, can prompt huge changes in data law. Organizations will start to tighten their security belts, and people like you and I will empower ourselves to take our security seriously. In fact, the future of cybersecurity is booming. With cybersecurity vacancies up by 74% over the past five years and expenditure set to reach $1 trillion by 2024, it’s hard not to stay optimistic.

There are hundreds of apps and tools designed to protect you online, not to mention tips you can use if you get in trouble. If you think you’ve suffered a data breach, here’s what to do:

Your data breach response plan – a quick checklist

  1. Confirm the breach. Sites like Haveibeenpwned.com check your email address to see if you’ve been a part of any data breaches. You can also call or email the company to confirm whether your information was involved.

  2. Find out what information was breached. While stolen credit cards and account details can be replaced and changed, a new Social Security number is harder to obtain. Knowing what was compromised puts you on a hacker’s trail. For instance, if your card details were compromised, you know the same applies for your associated email account. Freeze, de-activate, or change everything immediately.

  3. Change and strengthen your online logins, passwords, and security questions. Use a random password generator for maximum security. Random passwords like MUK7GDj<Hax~nM8E are notoriously hard to hack and would take millennia for those immortal enough to try. You should also use a good password manager like NordPass so you never forget them. For extra help, see our password tips.

  4. Use a password manager. A password manager does two crucial things:

    • It remembers all of your passwords for you, so you’re free to create long, complex, hacker-proof passwords.

    • It keeps your passwords encrypted in a separate location. This means that your passwords will never be exposed in your browser, device, or apps. We explain these dangers in our previous post.

    • Securing your passwords is one of the easiest ways to boost your online safety, as it’s generally the first point of attack for cybercriminals. To get started try our new password manager NordPass.

The takeaway

Taking cybersecurity into your own hands needn’t be a daunting task. Since nearly every area of our lives has an online dimension, isn’t it wise to think about security for ourselves? Especially before it’s too late.

The reality is, cybersecurity tends to take a back seat within busy organizations. When a data breach does occur, companies rarely face huge financial losses. The usual plan of action is to restore confidence in their users — and determine the cause of the breach. Sometimes a breach isn’t even detected or reported until months later.

It’s unfortunate, but the damage is usually left to the user to clear up, which is why it’s imperative to iron-proof your passwords. While newer, more powerful encryption technologies are surfacing, it’s not worth the risk to assume everyone cares about your security as much as you do. In conclusion, you hold the ultimate power for your safety online, we merely exist to help you get there. Which is why we created NordPass – A simple, convenient password manager that puts online security back into the hands of everyday people.

Benjamin Scott
Benjamin Scott
Verified author
Ben is our tech geek. He analyses difficult topics and brings them to the reader in a nice and simple language. In his free time, he loves to compete, so he likes to participate in various marathons and triathlons.
Subscribe to NordPass news
50% off! Special offer for a 2-year plan.