New research shows quantitatively that more user information is being leaked by businesses. 2012 has seen several high profile data breach cases so far.
We’ve heard a lot of anecdotal cases of password leaks and other data breaches from some high-profile services this year, but now software vendor SecurityCoverage is showing some research that indicates data breaches are getting quantitatively worse.
Illustrated in an infographic (see below), there were 12 million pieces of information sold illegally in the first quarter of 2012, according to SecurityCoverage. Compare that to 9.5 million sold in the first quarter of 2010. There has been a 67 per cent increase in the number of data breaches in general since 2010.
Part of the problem is that many people (more than 60 per cent) use the same passwords across multiple sites. That allows hackers who break into one service to try the same usernames and passwords across other popular services too, and see what happens to work.
More businesses are storing more personal information of users in the digital age and research shows they’re not doing a very good job of securing it. Users of cloud services must be aware of the risk and take their own action to protect their identities.
Here’s just a few of the high-profile data breach cases that have been in the news so far this year, according to privacyrights.org:
- - July 17: Dropbox users receive spam from phishers posing as Dropbox. Dropbox confirms July 31 some accounts were accessed by hackers, including the account of a Dropbox employee, which contained a project document of user e-mail addresses. It’s unknown how many people were affected.
- - June 6: LinkedIn recommends that users change their passwords after a file containing 6,458,020 encrypted passwords is posted online by hackers. It’s not clear what other information may have been taken from users.
- - April 1: Bethesda Softworks, the developers of hit videogame Skyrim, see the login credentials of two Web site administrators posted by hackers. An additional 3,647 user names, passwords, and e-mails from the Bethesda Blog are also posted.
- - March 30: Global Payments Inc. discovered a massive breach of their systems in March. The payments processor of credit and debit cards say 1.5 million users had credit card numbers and expiration dates exposed. It’s later revealed up to 7 million accounts were vulnerable to the attack. Global Payments has since been dropped as a compliant company by Mastercard and Visa and has spent $85 million on security repairs and upgrades.