This Week in Data Breaches: 2.2 Billion Records Exposed in Largest Data Leak Ever
From the release of the largest collection of stolen usernames and passwords ever to a new report detailing more than 59,000 data breach disclosures under the EU's GDPR, here we round up the latest in data news.
Megaleak of 2.2 Billion Records Found in the Wild
Hackers have compiled a voluminous collection of more than 2.2 billion unique usernames and passwords that is now being distributed freely online. The database, dubbed “Collection 2-5”, weighs in at a whopping 845 gigabytes and contains more than 25 billion records in total. Speaking to Wired, Chris Rouland, a cybersecurity researcher, said, “This is the biggest collection of breaches we’ve ever seen.” While many of the stolen credentials appear to have come from previous breaches, the size of the collection is unprecedented and will more than likely lead to a surge in account takeover attempts. To help protect yourself, use a password manager, never reuse passwords, and enable 2FA where possible.
Read more from Wired.
Facebook’s Surveillance App Banned from App Store
Facebook is facing scrutiny for its data practices yet again. As reported by TechCrunch, Facebook paid users between the ages of 13 to 35 to install a Facebook Research VPN, codenamed Project Atlas, that tracked and siphoned up all of their phone and network activity for a mere $20 per month. In response to the report, Apple quickly revoked Facebook’s enterprise certificate, citing Facebook’s expansive consumer data collection as being in breach of its developer agreement. Facebook’s research app gave the company full access to users’ private messages, chats, browsing activity, search history, and location data, in essence allowing Facebook to surveil users in exchange for a nominal amount of money.
Read more from Wired.
59,430 Data Breaches Disclosed Under GDPR
Since the EU’s General Data Protection Regulation went into effect in May 2018 there have been over 59,000 data breaches reported to European data regulators. Countries with the most breaches include the Netherlands (15,400), Germany (12,600), and the UK (10,600). When ranked by breaches per capita, Netherlands comes out on top with 89.8 breaches per 100,000 population, followed closely by Ireland (79.4) and Denmark (53.3). Of the 59,430 disclosed breaches, fines were levied in only 91 of the cases, with the largest coming in January when French data protection watchdog CNIL imposed a $56.8 million fine on Google for violating GDPR consent provisions. As regulators make their way through a backlog of GDPR breach notifications, analysts believe billion Euro fines could be on the horizon.
Read the full report.
Data Breach at Houzz
Houzz, a home-improvement platform with more than 40 million users, alerted users to a data breach in an email last Thursday. In the email, the company said, “Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party. We do not believe that your password was compromised. However, as a precaution, we recommend that you reset your Houzz password.” Information impacted in the breach included email addresses, user IDs, encrypted passwords, IP addresses, and certain publicly visible information. No financial data was compromised.
Read more from TechCrunch.
Discover Card Accounts Compromised
Discover notified California’s Attorney General that a data breach in August of last year compromised an unknown number of Discover card accounts, with hackers having potentially stolen credit card numbers, security codes, and personally identifiable information. In the notice filed with the California Attorney General’s office last week, the company said, “Discover card account information was involved, though it is difficult to know which data may have been stolen during a breach.” Discover responded by issuing new cards to all customers who may have been affected.
Bloom: Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data.
Bloom enables you to own, authorize the use of, and protect your data using the latest advancements in blockchain technology. With Bloom, the risk of your data being exposed in a data breach or leak is greatly reduced. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Your identity, and your highly sensitive personal and financial information, is securely safeguarded on your own personal device using cutting-edge cryptography.