2018 was the worst year for many governments, companies and institutions in the implementation of the General Regulations for the protection of data GDPR not only in the EU countries, but all over the world, though, and even with major technology companies claim enhanced protection of data, it has significant errors occurred throughout the year resulted in a lot Including breakthroughs and catastrophic leaks of important user data.
Why is data so important?
First, we should know that data has become the current currency of business. This includes not only customer or user data, but also transaction data, financial transactions and anything related to how the company operates.
Data is important in the corporate analytics strategy and a key factor in decision-making. More recently, data is also important in a communications and marketing strategy. Advertisers and marketers use aggregate data – and sometimes personal data – for users to target ads.
The downside of this is that as companies and service providers are increasing data collection activities for users, there is a risk that such data will be exposed to unwanted use.
Today, we will highlight some notable examples of the security vulnerabilities of major technology companies during 2018, and the actual or potential harm to users:
From September 2017 to July 2018, Facebook users were the victims of a massive data collection scheme, where attackers had access to data of up to 29 million users and managed to access one million additional accounts. These data included highly sensitive data, including birth dates, education, religion, geographical location data, contact data, social status, recent searches, and devices used to log in.
Hackers were able to exploit vulnerabilities in Facebook’s code to obtain access tokens digital keys that give you full access to user accounts and then filter user data.
They did not end up with Facebook in 2018 here, where They were involved in a bigger problem when the Cambridge scandal was announced by an application called Thisisyourdigitallife, which was developed by a professor at Cambridge University who had access to user data and sold it to External Research The Cambridge Analytic Data Analysis Company used to shape President Trump’s campaign strategy during the 2016 election by creating targeted ads using millions of voter data.
Since then, Facebook has made many changes to the way third-party applications access user data to avoid repeating it.
2. Reddit, Tinder, Pinterest, Amazon Music and others
In an era in which social networks, e-commerce services, banking sites, and almost anything by phone can be accessed, security breaches can be devastating especially if there is data, identity or money theft.
In 2018, a large-scale cross-site scripting, or XSS, vulnerability was discovered that affected social services, e-commerce services, and other services of major technology companies, affecting 685 million users around the world.
The XSS is a gateway to the most targeted attacks on websites and targets visitors to these sites. This is done by introducing hackers to a third-party code on the site through which they can access users’ devices or steal user data through phishing.
This vulnerability has not directly affected the sites mentioned above, but has hit a third-party service that improves the user experience for phone users. In addition to those listed above, other sites such as Western Union, Ticketmaster, Yelp, Shopify, Imgur, and others have been hit. The problem has been dealt with since then making users safe from the XSS loophole.
3. Google Plus + Google penetration
Google Plus social service is not as popular as Google’s search engine or Android operating system, which was a good thing in 2018, especially after the recent security problems discovered with Google Plus.
Between March and November of 2018, there was a year-long flaw in Google Plus, causing names, e-mail addresses and other private data to be disclosed to at least 500,000 users, The Journal.
On December 10, Google discovered itself the second data breach affecting more than 52 million users. Since then, Google has decided to close Google+ forever in April 2019 instead of August 2019, four months ahead of schedule .
4. Aadhaar Indian Government Identity Database
Aadhaar is not a technology company but an Indian government identity database where citizens’ identity and biometric information are stored on them, which means that their penetration has affected the data of the country’s 1.1 billion people, the biggest security breach of 2018 Based on the number of affected users.
The data obtained in this breakthrough is the data of about 1.1 billion Indian citizens including their 12-digit IDs and IDs and information on related services such as bank accounts.
The loophole was in a system run by state-owned Indane, which did not fully secure its APIs, giving anyone access to the Aadhar information.
It is not clear when the database was first hacked but this breakthrough was detected in March 2018, nine years after the launch of the Avidar platform in 2009.
5. Exactis Company
During the year 2018, Exactis – a specialist in marketing and data, based in Florida – faced data leakage from a database of nearly 340 million individual records, and it seems to be working with companies and platforms to access data in brokerage.
This intrusion was detected by a security researcher when approximately 2 terabytes of data were found on an easily accessible, uninsured server, which included personal and private data for both individuals and businesses.
Although the leaked data do not include social security numbers, they include very personal data such as phone numbers, home addresses, e-mail addresses, interests and habits, as well as the number, age, and gender of children. They also contain in-depth information about people such as whether a person A smoker, a pet owner and the like. Even if there is a low probability of identity theft, such detailed personal data can be used for social engineering attacks.