4. ) Cybersecurity
|(Image source: Sai Kiran Anagani on Unsplash)|
This year experienced even more cybersecurity breaches. In 2018, there were 500 million personal records stolen, according to the Identity Theft Resource Center. That number was miniscule compared to the 7.9 billion records exposed in 2019 by over 5,000 breaches, as reported by Risk-Based Security. Compared to the 2018 Q3 report, the total number of 2019 breaches was up 33.3% and the total number of records exposed more than doubled, up 112%. Here’s just a small sampling of the more infamous breaches:
> ElasticSearch server breach
An online casino group leaked information on more than 108 million bets that included customer’s personal data, deposits, and withdrawals. The data leaked from an ElasticSearch server that was left exposed online without a password. ElasticSearch is a portable, high-grade search engine that companies install to improve their web apps' data indexing and search capabilities.
>Canva data breach
Security Magazine reported that Canva, a graphic-design tool website, suffered a data breach that affected 139 million users. The data exposed included customer usernames, real names, email addresses, passwords, and city and country information. In addition, of the total 139 million users, 78 million users had a Gmail address associated with their Canva account.
>Facebook app data exposure
UpGuard security researchers revealed that two third-party Facebook app datasets were exposed to the public internet. One database originated from Cultura Colectiva, with more than 540 million records exposed detailing comments, likes, reactions, account names, Facebook IDs, and more. The other third-party app was exposed to the public internet via an Amazon S3 bucket, the researchers said. This database backup contained columns for user information such as username IDs, friends, likes, passwords, etc.
> Orvibo leaked database
An open database linked to Orvibo Smart Home products exposed more than 2 billion records. Orvibo runs an IoT platform that claims to have around a million users, including private individuals who connected their homes, as well as hotels and other businesses with Orvibo smart home devices.
>Social Media Profiles Data Leak
Researchers Troia and Diachenko at DataViper found an enormous amount of data exposed and easily accessible to the public on an unsecured server, which contained about 4 billion records. A total count of unique people across all data sets reached more than 1.2 billion people. The researchers said this made the event one of the largest data leaks from a single source organization in history. The leaked data contained names, email addresses, phone numbers, LinkedIN, and Facebook profile information.
Sadly, the common theme in many of these data exposures is that data aggregator obtained and used personal information in a way the owners never imaged or gave their consented. This is a legal problem as much as a technical one.
What can be done to slow the loss of data information? Using passwords on some of these servers would be a start. More realistically, cybersecurity companies are implementing machine learning, analytics and automation to detect and remediate threats.
Finally, the IEEE Computer Society lists five particularly onerous security threats for 2019: AI theft, cloud platform weaknesses, cryptojacking or illicit mining, and Advanced Persistent Threat (APT) spying methods such as keyloggers and IoT device vulnerabilities.