Personal information is worth a lot, especially to criminals. Over the last couple of years i have wondered if my personal information is really secure online, so many major website have been hacked, with users personal information uploaded online for all to see. To me it appears like large corporations and major websites you would expect to take the security of peoples personal information seriously, actually couldn’t care less about it, so it appears to me.
Take Sony for example, last year the Sony PlayStation Network and Sony Qriocity on-demand entertainment services were hacked, in what was possibly the largest data breach ever. Intruders had accessed personal data of up to 77 million users, whose real names, email addresses, passwords, home addresses and telephone numbers had all been stored in unencrypted text. Hackers had even posted up Sony-associated credit-card numbers, despite Sony calming credit card details were encrypted. Now that is one massive amount of personal information out there in the wild.
77 million users personal information, stored in plain text. Great to know little effort was put in to securing users data on such a large scare. That makes me think how many other places my personal data is stored insecurely, and how many times my personal data has been stolen in hacks that have never been disclosed.
Another example is LulzSec who hacked into the Arizona Department of Public Safety (AZDPS) and leaked hundreds of confidential law-enforcement documents, including personal information on highway patrol officers, as well as hundreds of private intelligence bulletins and training manuals. Should confidential law-enforcement documents really be on internet connected computers? i guess that cant really be helped, however its annoying to think if you want something to be truly secure then it should be anywhere near an internet connected machine / network.
I have honestly lost count over the last two years of how many times I have read about a service has been exploited, where data has been stolen and passwords have been stored in clear text. Linked-in, Steam, Blizzard, Last FM come to memory, although i’m sure there has been other major hacks too.
The above is all just hacks we know about because groups like LulzSec and Anonymous release information online announcing the hack, that does make you wonder how many times other major online services have had data stolen and never said anything, or even know about it!
Recently i have been getting email’s saying i need to verify my information with Student Finance England, i would say that’s a pretty specifically targeted email compared to say one trying to steal you banking details. That does make me wonder if a database at Student Finance England has been dumped. I also get a lot of email’s targeting the bank i’m with, and never others from any other major bank in the UK, again it does appear to me like i’m been specifically targeted in these two cases. Most of the time the email’s targeting Student Finance and my bank account do end up in my junk email folder which is something.
If i get an email with something like that i would never click a link in it, i would always go to the website and log in there. However i imagine a lot of people would just click the malicious link and happily give there personal details away.
I think all we can really do is think about we upload to the internet, especially to cloud storage services. Unfortunately we have little control over how businesses store our personal data, we can only hope its encrypted and secure.