This past few weeks has been quite an eye-opener for a lot of people who use the Internet, which let’s face it, is most people.
Data breaches aren’t new, there was the Sony hack in 2014 and the same year, Ebay had the data of 145 million users compromised. But regardless of the size of those breaches, the data itself was things like bank details, selling history, etc. It was remedied by changing passwords, cancelling cards and banks had systems to deal with it.
But in the past month there has been a breach that has rocked the world of millions of people. The dating site Ashley Madison had its entire database of users stolen. The hackers that took it said that they disagreed with the company’s ethics and that they would release the data if they didn’t close down. They didn’t close down, so the data is now freely available on the web.
How is this any different, though?
Well, the problem is that Ashley Madison isn’t just a dating site. It promotes itself as a dating site for married people. “Life’s too short, have an affair” is its rallying cry. They also promised 100% security and discretion. You could have your affair in complete secrecy, and your spouse wouldn’t find out.
Turns out you couldn’t and they could.
The database is huge. It’s over 35 million email addresses, and there have already been some significant fallout from it with famous people being caught up in the furore.The big problem here though isn’t the credit card details; it’s the very fact that the email addresses are so easily found. You can just search for the email address of your spouse in the database, and if it’s there, there’s a good chance he or she signed up to the website. Why would they do that?
And of course, anyone can get hold of that data now and check all their friends and family. Are they having an affair? Did they sign up for curiosity or were their intentions indeed to find someone else?
The very seed of doubt is enough for some people to challenge the intentions of others.
Make no mistake, this is a massive breach, but it also shows how we should be extremely careful with our data.
In my corporate life, I’ve seen plenty of situations where people have had data exposed that they wish hadn’t been. For example, emails are one of the most abused systems for revealing information. It’s so easy to fire off an angry mail to someone that names someone else, and then what if the recipient hits forward by mistake?
I’ve seen this happen so many times, and it’s embarrassing for all.
We live in a data-rich society, and we’re just not ready for it. Although we have security and algorithms to keep information secret, the blasé way in which we handle extremely important information means it is virtually pointless.
Regardless of what technology we use to try to remain vigilant, if we could just remember one simple trick, we’d all be OK, and it’s a simple one.
Just consider that anything you put online, anywhere, is open. So, if you were about to sign up to a site or input some details, would you be happy if someone found them? Would it matter if someone could download all the data you’d just typed in? What would be the worst case scenario?
Let’s face it, if we’re using on-line banking or carrying out other financial transactions, we’re going to have to put some sensitive data out there. But in those cases, the bank usually has our back. If it turns out lots of financial transaction data has been stolen, the banks should protect us.
But dating sites? If you’re going to use one, remember that your data is now in the hands of a third party. If you sign up thinking it’s entirely secret, you may one day realise your mistake, and by then it might be too late.