In the past year, many consumers worldwide became even more concerned with cybersecurity and privacy considerations in their applications and internet usage. The year began with Google identifying a vulnerability in an Application Programming Interface (API), a set of subroutine definitions, communication protocols, and tools for building software. The API was in the social media app Google+ in which third-party app developers had gained access to data from the friends of the app users. Breaches had been occurring from 2015 through March 2018! Investigators discovered that a bug in the website was sharing access to the accounts and data from Google+ profiles. To resolve the problem, Google’s parent company Alphabet announced Google+ would be shut down.
Facebook had one of the largest cybersecurity breaches in 2018, with more than 50 million users’ information exposed. Attackers used developer APIs for gathering information, compromising names, gender and localities which were linked with user’s profiles. Users immediately expressed concern that private messages were also being accessed along with credit card information.
Access to Facebook users’ information was obtained through the “View As” button which allowed users to visit their profile as if they were viewing from their friends’ or a public audience perspective. This tool allowed the hackers to gain access to capture more than 50 million profiles. Facebook has since made the “View As” button unavailable for users.
Client information on WhatsApp and Instagram accounts owned by Facebook were also at risk. These accounts are interlinked either through contact numbers or manual set-up with users’ Facebook accounts. Officials advised users to keep Instagram data safe and secure by logging out, then re-linking their Facebook and Instagram accounts. WhatsApp users’ data appeared to be safe.
The football body FIFA had 3.4 terabytes of data and nearly 70 million documents on FIFA corruption allegations landing in the German magazine Der Spiegel. The FIFA information leak was the second largest in history, overshadowing the Panama Papers leak where 2.6 terabytes were disclosed. The FIFA information was acquired from a whistle-blower called ‘John’ who wished to expose corruption in the sports world. Allegedly, no hacker was engaged in this activity as many sources shared this information willingly. However, a cyberattack did take place a few months later when a group of Russian hackers mined detailed reports of unsuccessful drug tests by footballers.
British Airways was also breached, affecting nearly 380,000 transactions, exposing personal and financial data of its clients. Fortunately, passport and flight details remained safe. The data was compromised from August 21 to September 5, when the company’s website and apps were under a sophisticated cyberattack affecting transactions over BA.com and its mobile app. US-based T-Mobile customers also had their account details breached last year, exposing names, email IDs, account numbers, billing details and encrypted passwords. The servers were likely breached via the API.
New technologies are set to make 2019 a far more dangerous year for consumer privacy and security. We have seen some great technology in devices and applications to make our lives easier. However, nearly all these technologies rely on modern sensors and communications across the internet or through our cellular phone systems, which are vulnerable to cyberattacks as well as human error with the potential to compromise the user’s security and privacy.
More disturbing is the trend of people themselves not caring if their digital security and privacy is compromised. Each day, people readily ‘click’ on applications which give their location and personal information away. This information is sold to third parties with an interest in tracking user movements, shopping habits and healthcare interests. Each element exposes critical information to hackers. Reg Harnish, CEO of GreyCastle Security, says that the concept of privacy may already be gone, much like the concept of rotary phones. The price we pay for convenience is an acceptance of less and less privacy. As we go forward, the privacy concerns may give way to more appropriate concepts of “risk management.”
However, risk management requires us to understand and prioritise the information we are giving away, so consumers can make clear choices on what they are providing and how that data may harm them.
As you start 2019, assess your own exposure and risk by evaluating new technologies and understanding the information you are providing through their use. Be a smart consumer! Be sure your personal information is safe by following cyber precautions;
1. Watch for impersonators collecting data online! These “phishing” attempts can come in emails assumed to be from banks or other activities in which you are engaged but may have false or alternative addresses in reply “links.”
2. Never click on a link or image in an email unless you are sure of its origin. It is always best to use your browser to find the real bank or institution rather than expose yourself to ransomware.
3. Encrypt your data using encryption software whenever possible.
4. Backup your important information on the Cloud or a separate storage drive in case your computer is corrupted with ransomware.
5. Keep passwords private and use strong passwords to protect your devices.
6. Don’t overshare your data on social networking sites.
As new technologies arrive in the coming year, look for potential cyber problem areas. Remember every problem comes with a solution, so always stay up-to-date on your software. Reliable internet connections also allow you to keep your apps updated, saving you from potential threats. Stay aware of cybersecurity news on new security breaches and security settings.
(Iyengar is Director, School of Computing and Information Sciences; Miller is Associate Director, Robotics and Wireless Systems, Discovery Lab, FIU, Miami)