In previous articles we have talked about data leaks that can affect users who are exposed on the internet. In the following article we will review the latest data leaks and provide some resources that users can use to find out if their passwords have been exposed, as well as some tips on how to remedy it.
A look back at the top 10 leaked data
- PlayStation Network: In 2011, Sony's online gaming platform suffered a service interruption, and in the days that followed, the multinational company admitted to having suffered a data breach that exposed the personal data of more than 75 million users, which was particularly serious as it included bank details. This led to thousands of players having to cancel their credit cards as a precautionary measure.
- Google+: although not one of Google's strong points, it does seem to have been a point of interest for cybercriminals. They exploited the platform, obtaining the data of half a million users for more than three years (between 2015 and 2018).
- Celebgate: cloud storage also has its risks, although the services of this leak belong to Apple (a benchmark in terms of privacy and security), this did not prevent the intimate photos of many celebrities from being published in August 2014.
- Ebay: the famous e-commerce platform has also been exposed. In May 2014 its database was leaked, exposing up to 145 million users worldwide. Despite the measures taken by Ebay, which warned affected users to change their passwords, it is still a historic attack.
- Adobe: Almost everyone has used Adobe's services at some point. The AnonNews site revealed the theft of email addresses and passwords and credit card information of 2.9 million users. But, in addition, the cybercriminals got away with stealing the source code for a number of Adobe software, which provide the basis for major programs such as Photoshop, Lightroom etc.
- US Voter Database: Online voting is a system that is still in an experimental phase precisely because of potential security flaws. This was proven when more than 190 million US voters were exposed by a database misconfiguration, including information such as names, addresses, dates of birth, phone numbers, party affiliations across the United States.
- Anthem Health Insurance: Continuing with the US giant, the health sector has not been immune to this type of attack either. In February 2015, they suffered a cyber-attack that resulted in the leak of data on more than 88 million customers across the country. The details that were compromised contained information on names, addresses, dates of birth, social security numbers, phone numbers and even employment information.
- LinkedIn: according to the news platform Xataka, the employment social network LinkedIn could have suffered another potential theft of information, which could affect 500 million users, in April 2021. This data has been seen in different forums specialising in the purchase and sale of credentials, alerting the platform's managers, who are still investigating the incident.
- EasyJet: flight companies have not escaped unscathed from this type of threat either, as was seen in May 2020, when the airline reported a security breach that had left the data of more than 9 million customers publicly exposed.
- Nintendo: It appears that the platform did not properly address a vulnerability that allowed the NNID account to be obtained and used on accounts using the same password. While it was not possible to obtain credit cards directly, in some cases it was possible to make payments within the services, such as games or micro payments. More than 300,000 users were reported to be affected.
There are several resources on the internet that allow you to check if your email appears in any existing leaks, such as those mentioned above.
A practical example is the Have I Been Pwned platform. On this platform you can insert your email and in a few seconds it will provide you with information about the filtered databases where your email appears.
Another similar platform is the one provided by Cyberop "Have I been hacked?", which works in a similar way to Have I Been Pwned, you enter your email address and it will provide you with information about possible leaks related to your email.
Among the tools that can help us find out if our user data has been leaked or hacked, we have Password Checkup, which allows us to check the security of our Google accounts or those associated with them, both online sites and linked apps.
Finally, if you have used any services with companies known to have suffered a data breach, for security and prevention, simply change your password.
Data leaks are a problem that requires constant work. Security is not a product, it is a long-term task that requires constant improvement. The following are some practical tips that all users can follow to improve their security:
- Use strong passwords, always more than 8 characters long and including letters (lowercase and uppercase), numbers and symbols.
- Do not use the same password for all services. It is easy to identify which services you use and test if you use the same credentials.
- If your account has been compromised, change your password immediately. Less than half of users change their password after an attack.
- Use two-factor authentication.
- Avoid falling for phishing! If an email or text message looks suspicious, it is best to ignore it.
Ainoa Guillén González, Coordinator of the Cybersecurity Area of Sec2Crime.