Sign in with Microsoft

IT Governance tries to keep up with the breach disclosures (March disclosures here and April disclosures here).

The bottom line is that cybercriminals are way ahead of sloppy developers that have no independent certification of their programs to minimise the possibility of risk.

It is horrifying that millions of apps on the Apple App Store and Google Play are written by sloppy developers that can access everything we do on the phone. Don’t let Apple reassure you that its iPhone is safe either.

A poorly written mSpy iOS app (based in a country where there is no data breach reporting legislation) revealed masses of personally identifiable information from millions of users that had installed it. While Apple is not guilty of revealing the data, it cannot control what its developers do with the data they collect from an iPhone.

Security expert Brian Krebs said, “mSpy has a history of failing to protect data about its customers and — just as critically — data secretly collected from mobile devices being spied upon by its software. In May 2015, KrebsOnSecurity broke the news that mSpy had been hacked and its customer data posted to the Dark Web.”

GadgetGuy’s take: Data breaches are increasing. The bad guys are winning.

I originally started to write this article in a brief ITy Bytes style covering the three Facebook breaches. I guess intending to reinforce the message that a college grown project written in highly insecure PHP language by a bunch of opportunistic, money focused, amateurs was not a solid base to build a secure system. Sloppy programming at the core of more sloppy programming and an obvious sell-out of ethics to make money.

data breaches

But as I researched more on “Data breaches March and April” I came across so many that I turned this into a full article.

I wish I had an answer as to how to protect yourself from data breaches – it has happened to me too with the Starwood breach which made my online life hell for a while.

OK here is the plain-talking things you need to do to be a little safer online and minimise being a victim of data breaches

  • #DeleteFaceBook although the damage there has probably been done with your details already in your dark web profile just waiting to be used against you in a spear phishing campaign.
  • If you don’t delete Facebook, there is a good article on 11 Things you can do to keep your Facebook profile from revealing too much.
  • Passwords are a major issue and like gold to cybercriminals.  With the average user now having 40+ passwords (and typical having closer to double that) using a password manager is the only way. Read about the free and easy to use LastPass here.
  • Avoid putting too much extra information in your contacts list – as Facebook sees it all. Use LastPass secure notes instead.
  • It is time to work out where your data is and if possible, remove it. FlyBuys, Woolworths Rewards, major loyalty cards are probably OK but set up a ‘junk’ email address, e.g. [email protected], for all these types of cards, online purchases and competitions. You can forward these junk emails to your normal email account. Also, consider taking ten years off your birthdate and only give as much information as you are comfortable with.
  • Start using a paid VPN when online. Private Internet Access or NordVPN are two that are good in Australia.
  • Start using paid antivirus/malware/phishing/surfing software on all devices. Norton, Kaspersky, Trend, McAfee, ESET, CheckPoint
  • Read our ten tips to protect you from identity theft – it is a good overview of everything else you need to do