Bentley Home PC Support - Articles - What is a data breach?


<< Back to Articles

What is a data breach?

Recently there was a super-massive leak of information on the internet's "dark web" (a subject for another article) which contained a mind-boggling 26 billion records from at least 3800 websites, including high-level ones like Twitter and Linkedin. The content of the breaches was not disclosed, but almost certainly included email addresses and passwords from user's accounts. This sort of thing is called a "data breach". How does it happen? Well, there are often undiscovered or undisclosed security holes in some of the digital infrastructure which makes up the internet. Sometimes the holes occur in particular types of hardware, sometimes software. These can be avenues for hackers to get into the back-end of websites without authorisation or (initially) being noticed.

If a security breach results in the hackers getting confidential data out of a website, this is a data breach. These provide a wealth of information about people which can make them vulnerable to hackers or scammers. What information is actually leaked depends on what you share, and for this reason I advise caution when handing out personal details online. As a general rule, only give as much as is strictly necessary, and even then begrudgingly. Because once the data is out there, you cannot stop it being distributed. For some information like your address, there's not much you can do, but for passwords and the security of other (unhacked) online accounts, your best protection is 2-factor authentication.

An increasing number of web services, such as Gmail and Microsoft accounts, either allow or enforce 2-factor authentication, also known as 2FA. This is when a website sends a text or notification to your phone or email, asking you to verify your identity, sometimes with a code. Which means without access to your phone or email, a would-be hacker cannot get into your accounts even if they have your password. Which reminds me; it's a good idea to change passwords for your most important websites - facebook, email, banking etcetera - every 6 months or so. This ensures that even in the event of a major data breach which discloses your password for a given website, the information doesn't stay current for long and can't be used 6 months down the track. If you're worried about whether your data may've been involved in a breach, go to haveibeenpwned.com and enter your email address.

This sort of activity will increase as time goes by. Though best efforts are being made to ensure the online safety of accounts, and the internet as a whole is much safer than it once was, the fact is that the internet is a building-block-like structure, comprising hundreds of different technologies, each of which interact with each other in ways that can be hard to predict. This complexity is what gives an attacker an advantage, because with an almost infinite number of combinations of technologies and techniques, there are a vast number of potential security holes to uncover.

- Matt Bentley, computer expert at Bentley Home PC Support.
Email info@homepcsupport.co.nz or phone 0211348576.

Click here to go back to the main page.

© 2024 Matthew Bentley. All Rights Reserved