Why do data breaches happen?
The latest Twitch data breach brings the focus back on how companies are really safeguarding information, often sensitive, including account access credentials
Data is the oil of the 21st century, British mathematician Clive Humbly said in 2006. The phrase has really caught on as the digital economy has grown. Any company that has any interface with technology seeks to derive every ounce of profit from what is collected on their data servers. With unflinching accuracy, everything that is tech around you is collecting data about you for serving advertisers, creating virtual profiles, etc.
The latest Twitch data breach brings the focus back on how companies are really safeguarding information, often sensitive, including account access credentials. It is unsurprising that hackers seek data that companies keep collecting. They can potentially earn millions by getting access to it by arm-twisting a company that they have hacked to pay them for their silence, selling that on the dark web to anyone who would be willing to pay. Or even sell it to rivals companies.
Data breaches over the past few years show how priceless data is. According to security company Norton, a data breach is a security incident in which information is accessed without authorisation. “Data breaches can hurt businesses and consumers.” The average cost to a company that suffers a data breach is $3.86 million, according to a study by the Ponemon Institute (Michigan).
Some of the major breaches:
Alibaba
When: 2019
Scale: 1.1 billion user data pieces
For months, a marketing consultant deployed a web-scraper to siphon off data of users of Alibaba’s Taobao online shopping website in China. This included usernames and phone numbers, and reportedly involved over a billion pieces of user data. Alibaba insists that none of the user data was sold. The hackers have been sentenced to three years in prison and fined as per the Chinese data laws.
Volkswagen
When: 2021
Scale: 3.3 million customers
In June, Volkswagen (VM) confirmed hackers accessed details of over 3.3 million customers. This included names, mailing addresses, phone numbers as well as vehicle information. “This included information gathered for sales and marketing purposes from 2014 to 2019,” said Audi and Volkswagen in a statement. It added a vendor left this data unsecured. VW assured customers of special assistance in case their cars were stolen.
Also Read: Interactive livestreaming service Twitch is hacked, exposing source code
Astoria Company
When: 2021
Scale: Around 300 million users
The details of 300 million users of Astoria Company, a financial services lead generation firm for car loans, insurance products, and mortgages in the US, were put on sale on the dark web. The data included bank account details, mobile numbers, social security numbers, credit history, medical data, home addresses, etc.
When: 2021
Scale: Around 500 million users
In June, Microsoft owned professional networking website LinkedIn was hit by a data breach when a hacker using the moniker “God User” made available the first information set of data of 500 million users. This included email addresses, phone numbers, and geolocation information. LinkedIn said that this was not a data breach. “Our initial investigation has found that this data was scraped from LinkedIn and other various websites,” said the company.
When: 2019
Scale: Around 533 million users
In April 2019, hackers accessed the account data of 533 million users in 106 countries. This included phone numbers. This was particularly worrying because phone numbers usually do not change for users. This data was eventually posted on online forums this year accessible to everyone. Facebook said the vulnerability that led to the data leak in 2019 has since been fixed.
Marriott International (Starwood)
When: 2018
Scale: Around 500 million customers
Marriott confirmed an attack on its data systems led to the leak of information for half a million Starwood guests. This included credit card details and passport numbers, information that guests share with the hotel during the stay. While Marriott acquired Starwood in 2016, the integration of the IT systems had not been completed at the time the breach happened.