What can we learn from the worst recent data breaches?
Over the 21st century alone, hackers exposed data of almost half a population ( 3,5 billion records).
And yet, the situation in 2001 was incomparable with the situation today, in 2021. The cost of cybercrime is higher than ever before (and is still growing). By 2025, cyber attacks will cost the industry $10.5 trillion annually.
If the perfect time to take precautions and secure passwords and data existed, that is today. Let’s see what you and your company can learn from the worst recent data breaches.
2017: Equifax – a total failure to secure passwords
Almost everyone remembers this massive and serious data breach of the American credit bureau Equifax. Private records of more than 162 million people were compromised, including names, passwords, addresses, Social Security numbers, drivers’ license numbers, and, most importantly, credit history.
During this data breach, hackers used a widely known (but neglected by the company) security vulnerability to access internal systems. Here, the attackers found usernames and passwords stored in plaintext, which they successfully used to access further data.
2018: Dubsmash & My Fitness Pal – mediocre data protection
In the same year, the two companies – Dubsmash and My Fitness Pal – were hit by a data attack leaving over 300 million people’s data exposed. The compromised data included usernames, email addresses, hashed passwords, and other personal data.
Although both companies stored passwords protected to some degree, they ended up insisting their users change passwords immediately. Both companies admitted the breach happened but failed to explain how the hackers gained access to the data.
2019: Zynga – logins, again
In 2019, mobile game producer Zynga was hit by a data breach that exposed the login information of more than 218 million users. Also, email addresses, Facebook IDs, phone numbers were leaked.
The company acknowledged the breach and declared their new main priority – to secure passwords and other personal users’ data in the future.
2020: successful year for hackers & Marriott breach strikes again
2020 was a year when the number of data breaches and the volume of the exposed data was so vast that it was hard to pick only one case. So we decided not to go by the number of data exposed but by… the factor of negligence.
Marriott International is a hospitality company and a chain of hotels that experienced a huge data breach back in 2018 (causing over 500 million guest records exposed). Two years passed, and the very same company suffered from a data leak again, leaving an “unexpected amount” of data (turns out, over 5 million guests) open in the water.
The reason why the latest data breach can be regarded as negligent – the hacker used the logins of two Marriott employees to access further data. Marriott refused to explain how the employees’ credentials fell into the hands of a criminal.
This brings us straight to the lessons that you can learn from this and previous data breaches.
Lessons to bring home for 2021
Secure passwords and the way you manage data are the keys to long-term business protection.
Here are some golden rules:
- never reuse passwords on multiple websites;
- never store clients’ and internal business data in plaintext format;
- require employees to use randomly generated or manually created strong, complex, unique and secure passwords;
- store internal company data in an advanced-security password management software, such as PassCamp;
- require employees to use two-factor authentication wherever possible, your company’s interface mandatorily,
- invest in security audits, reliable, up-to-date cybersecurity systems, and employee education on creating secure passwords and managing them correctly.
Each correct step taken today will lay a more stable ground for your employees, clients, business partners, and contractors’ satisfaction when choosing to work with you.
Let them thank you later. For now, there’s some preparation to do. Stay safe!