Daily I am presented with spam check requests and questions from people who wonder why spam exists and why it is increasing. It's simple. Governments and companies are recording everything one does when on the web, sites visited, preferences, personal and financial info. The more data a company keeps, the more data is at risk.
Bad actors know this, and breaches occur daily at large firms. These breaches involve the theft of millions of records containing info about people, names, addresses, phone numbers and SSNs. The data is then offered for sale on black websites, sometimes given away for free.
23andMe reported they were hacked in October. The DNA tester reported that 14,000 accounts were compromised by a hacker. These 14,000 accounts exposed info belonging to 6.9 million people, (14000=6.9 million ???). The company stated that their computer network wasn't the source of the hack. THEIR NETWORK wasn't the source? Who are they sharing their info with?
The passwords used to break into these accounts had been stolen in other data breaches. This points out the weakness of using the same password for multiple accounts. This type of attack is called credential stuffing and victims of this kind of attack include Netflix, Nintendo, Zoom and PayPal. This attack is not unusual but the data stolen from 23andMe is highly sensitive.
“The issue here is that 23andMe is a social site that also has healthcare information,” he said. “And both of these increase the risk of exposure of the data, and the value of the data itself.”
I have published this link in the past but it is worth revisiting today. To check and see if your email address and info have been exposed in previous data breaches, please visit the Have I Been Pawned website.
Worldwide problem.
It's not just US citizens. The Wall Street Journal reports there have been dozens of leaks involving Chinese firms and agencies. The Chinese government collects massive amounts of data on it's citizenry to maintain social control. China has created a strict cybersecurity and data protection realm but still breaches happen.
In June of 2022, an anonymous user on a popular online cybercrime forum put up for sale data of an estimated 1 billion Chinese citizens that was stolen from the Shanghai police. The heist was one of the largest in history and included particularly sensitive data, such as government ID numbers, criminal records, and detailed case summaries such as allegations of rape and domestic abuse.
The Wall Street Journal has since found dozens more Chinese databases offered for sale, and occasionally free, in online cybercrime forums and Telegram communities with thousands of subscribers.
Tens of thousands more databases in China remain exposed on the internet with no security, totaling over 700 terabytes of data, the largest volume of any country, according to LeakIX, a service which tracks such databases.
The same thing is happening in the US. Our government is as intrusive as China's, and it had/has lots of allies willing to do it's bidding. Every day when you are on the web, your viewing sites, preferences and personal info are being recorded.
AI today is playing a larger role in this info drama. It takes little time for a person's image or name to be researched and in less than 24 hours their home address, phone number, children's schools are Doxed and published in the public domain for everyone to see.
There are private professional companies worldwide who are employed by governments, bad actors and others. Stealing data and infiltration is their forte. One such company based in India was highlighted recently by Reuters and the WSJ. Today I can't find the article or info on WSJ and the link I had for Reuters below explains why. (I posted the link content below, italics)
How an Indian startup hacked the world (reuters.com)
Editor’s note
Filed Dec. 5, 2023, 10 p.m. GMT
Reuters has temporarily removed the article “How an Indian startup hacked the world” to comply with a preliminary court order issued on Dec. 4, 2023, in a district court in New Delhi, India.
Reuters stands by its reporting and plans to appeal the decision.
The article, published Nov. 16, 2023, was based on interviews with hundreds of people, thousands of documents, and research from several cybersecurity firms.
The order was issued amid a pending lawsuit brought against Reuters in November 2022. As set forth in its court filings, Reuters disputes those claims.
Driving Force Intel based Powerhouse Workstations (not consumer crap!)
No comments:
Post a Comment