This week, the internet was rocked by the news of a massive data breach that exposed 26 billion records of user information from popular online services, including Twitter, LinkedIn, Dropbox, Adobe, Telegram, and Canva.
The breach, which became known as the “Mother of All Breaches” (MOAB), poses a significant threat to the online privacy and security of millions, if not billions, of users, as cybercriminals can use the aggregated data for various attacks, such as identity theft, phishing scams, and targeted cyberattacks.
This is not the first time a large collection of user data has been leaked or exposed on the web. In 2019, a similar breach known as the “Collection #1” exposed 773 million email addresses and 21 million passwords.
In 2021, Bloomberg reported a data breach that affected Alibaba, a Chinese shopping website, where over the data of 1 billion users was exposed.
These incidents highlight the vulnerability of the current data protection landscape, where users have little control over how their personal data is collected, stored, and shared by third-party services.
But beyond all the woes is a stark reminder that we need to care about our digital hygiene and take proactive steps to protect our online privacy.
In this article, we will provide some practical steps that users can take to protect their digital identity and reduce the impacts of data breaches.
Why is MOAB Dangerous?
While every cyber incident is dangerous, the degree of severity varies. In the case of MOAB, there is fear that this vast amount of data can become a one-stop shop for cybercriminals who want to access and exploit user data.
In a chat with Techopedia, John Hammond, Principal Security Researcher at Huntress, points out that this would undoubtedly be the largest leak of private or personal information that we have seen across the industry.
While he has yet to validate the leaked data, he warns:
“If even a fraction of those records are active credentials or accurate PII, this breach certainly makes the scale and severity a boon for threat actors.”
Tyle Young, CISO at BigID, told Techopedia that what makes this more dangerous than ever is the fact that these data were aggregated from applications most of us use daily.
“The scale of the findings is significant, especially when looking at all of the sources of this data. It has many of the applications that nearly every person leverages in some capacity daily. When you see user accounts, passwords, and the associated applications you can predict that this will lead to catastrophic exploitation attempts in the future.”
With all these risks comes the need for us to rethink our digital hygiene practices — a topic that has been swallowed by trendy AI headlines lately.
Why Digital Hygiene is the Way to Go
Digital hygiene is the practice of maintaining a healthy and secure online presence by following some basic rules and habits, such as using strong passwords, updating software, using multi-factor authentication, avoiding phishing emails, and more.
The practice can help users prevent or minimize the damage caused by data breaches and cyberattacks, which can have serious consequences for their personal, professional, and financial lives.
According to a report by IBM, the global average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years. Data breaches can also result in reputational damage, legal liability, and loss of trust for both users and organizations.
Therefore, users need to care about their digital hygiene and take responsibility for their online privacy and security.
6 Steps to Improve Your Digital Hygiene and Stay Safe
Here are some practical steps that users can take to improve their digital hygiene and protect their online privacy and security:
6. Check if Your Data Has Been Exposed
While this may not be a standard protocol for many, we recommend using online tools, such as Have I Been Pwned or Dehashed, to check if your email addresses or passwords have been involved in any data breaches or leaks.
5. Update Your Passwords
If you can’t recall the last time you updated the passwords to your most sensitive apps, maybe it’s time to get that done.
In doing this, try to use strong and unique passwords for each account. Avoid the use of common or predictable passwords, such as birthdays, pet names, or your lover’s name. Password managers can help generate and store secure passwords.
4. Enable Multi-factor Authentication
Passwords are no longer enough and should be augmented with MFA. Enabling MFA, especially for sensitive or important accounts, such as email, banking, or social media, helps you stay safe by requiring you to provide another factor, such as a code, a fingerprint, or a face scan, to access your accounts.
Vigilance is the watchword here. You should be wary of emails or messages asking you to provide personal information, click links, or download attachments.
Always verify the sender’s identity and the message’s authenticity before responding or taking any action. You can use email security tools to filter and block spam and phishing emails.
2. Review Online Accounts and Data
You should review your online accounts and data regularly and delete or deactivate any accounts you no longer use or need.
You should also check your account settings and privacy policies and limit the amount and type of data they share with third-party services.
1. Use a VPN and Antivirus Software
VPNs are not only for switching your IP address, they can also encrypt your internet traffic, making it harder for hackers and data brokers to track and intercept your data.
Combining this with antivirus software lets you scan and remove any malicious software or files that may infect your devices. See our review of the best VPN tools and antivirus solutions for guidance.
Final Security Expert Advice
Andre Slonopas, Cybersecurity Department Chair at the American Public University System, suggests that organizations should practice “data minimization”.
The basic idea here is that data that’s not in the possession of an organization cannot be compromised. This method requires enterprises to acquire and maintain only data essential to their operations and erase the rest.
Slonopas also calls for the democratization of user data control, suggesting: “This may be done by developing extensive user consent processes that provide consumers control over their data usage.”
Users should be able to view, edit, remove, and, if necessary, permanently delete their personal data.
This strategy supports worldwide legal requirements like the General Data Protection Regulation (GDPR) and PCI-DSS, among others. It also gives people more control over their personal data. Such restrictions promote user trust and openness while ensuring legal compliance.”
MOAB is a wake-up call for users and organizations alike to take data protection seriously and urgently.
Data breaches are not a matter of if but when, and the consequences can be devastating.
Organizations and individuals need to work together to create a more secure and trustworthy data ecosystem where users have more control and transparency over their data, and organizations have more accountability and responsibility for their data practices.
- The 773 Million Record “Collection #1” Data Breach (Troy Hunt)
- Alibaba Victim of Huge Data Leak as China Tightens Security (Bloomberg)
- Cost of a Data Breach Report 2023 (IBM)
- Have I Been Pwned Official Website (Have I Been Pwned)
- DeHashed Official Website (DeHashed)