Data Breaches: What Do They Mean For You?

How to Safeguard our Information
in a World of Security Breaches

What Can We Do when Our Data Gets Out?

Yesterday, all of the tech publications were warning of another major data breach.  Another popular Facebook App exposed users' personal data, and this time, over 120 million users were possibly affected.    Who was careless with our data this time? Nametests.com, a site Techlaurels warned users about over a year ago.

In a nutshell, Nametests had this hole where if you knew the right JavaScript commands, you could potentially access any users' personal information.  A website could exploit this, or any individual who knew how to grab and use a "token."  The "good guy" who discovered this used the flaw to set up a data mining program and subsequently reported the bug to Facebook. The security hole was supposedly closed.

And of course Nametests wanted that hole closed as soon as it was discovered. Who is going to buy a candy bar if there is a bowl sitting next to the register that says "Yours for the taking."  Or to borrow from an old cliche, if you're in the business of selling cows, you don't want to be giving the milk away for free.


As we warned in our article, Nametests is in the business of mining and selling your personal information, and they make that pretty clear IF you bother to read the Terms of Service.  The only problem is, those terms are not clearly presented nor easily accessible when you give Nametests permission to "connect with Facebook."  No one bothers to click through to see what they are giving up BEFORE they take that quiz.

And they are clear that they need to read your friends' data in order to see whom amongst them really would jibe with you on that desert island, or who would work as a part of your Pirate Crew.  And unlike Cambridge Analytica, they're doing nothing wrong as they're telling you what they're doing upfront.  And you are agreeing.  Nametests never agreed to safeguard your data to begin with.

But when it comes down to it, data breaches like this and Cambridge Analytica are really not of the greatest concern. Not when so many institutions that have promised to safeguard our data are letting us down.  The fact is, the bad guys probably got nothing from Cambridge Analytica or Nametests that they hadn't obtained already from Equifax or Yahoo.  Over 143 million and over 3 billion people respectively had their information compromised in those incidents. And what about Uber, Apple, CVS, Ebay, Dropbox...the list goes on.  These entities all promised to protect our information if we trusted them with it, and look how that turned out. Does it matter how vigilant we are when so many others we trust are so nonchalant?

We live in an era of sensationalization. And the media wants us to think everything is catastrophic.  Much of the data they're mining is public information anyway. It's out there for the taking; sites like Nametests just make it easier for the marketers to gather.  We, as individuals, can do little about what others leak, other than clean up the mess their dereliction caused.  In today's world, even people who have never touched a PC in their lives have some sort of online presence.  And that's thanks to their bank, their government, and sometimes even their children or grandchildren.  They don't understand it's better to pay that delivery guy with a credit card than a check, as in today's world, if you write the wrong person a check, you've just given them what they need to break into your bank account.  They fail to realize that in a digital world, you can be digitally compromised even if you never go online.

But what we can do is appreciate the value of our personal information. It's a commodity in today's world, and as such, folks will always try to profit from it. Our job is to make it as hard as possible for them to do so without giving us something in return.

I've said this several times before: my information is already out there, and it has been for a long time.  I've been training my spam filters for over a decade, and they do a good job of separating most of the wheat from the chaff.  But I've also learned to be choosier about who I share my data with.

In the old day, I applied for EVERY free sample, regardless of who was offering it.  Many of those samples are really data mining schemes, and they'll sell your info to 100 people in exchange for that free k-cup pod it costs them less than a buck to send.  You get something worth fifty cents, while your info is worth over $1 a pop to the 500 people they sell it to, especially after you've replied to that email to "confirm your sample."  I realize it costs like a penny an impression for a company to get that new product post seen, so it's a lot cheaper to give you a 25 cent sample or a coupon if you'll share it to your 700 friends.

Now, I skip the sweepstakes that require me to agree to five newsletters, and I stick to playing ones sponsored by brands who already have my info.  When I see a sweepstakes sponsored by mondelez or eprize/helloworld, I know they are paid to run sweepstakes as marketing promotions by others, rather than to mine data, and again, I'm not giving up anything they don't already have.

And I am a lot more choosy about joining sites.  I try to stick to using a single credit card for online anything, so I only have to get one card replaced when the latest breach hits the news. I enable two-factor authentication, where available, despite the fact it's a PITA.  I use a gmail account tied to my phone for all app logins, and I have security and notifications dialed up to the max on that account. Additionally, I use the account that already is spam-deluged for sweepstakes, newsletters, and shopping.

But I've learned NOT to get too stressed out when I hear of the latest hack.  I prepare myself for the inevitable "You may have been compromised because we were lax...our bad" email I'll most likely receive in the fallout.  I don't think I EVER reset my Zappos password, as I haven't bought anything from them since they were hacked.  I try to remember to overwrite the breached password in Roboform, so I don't need to remember if ebay1, ebay2, or ebay7 is the current one.  I giggle thinking I've had my credit card reissued so many times, they probably got an old number in the break-in anyway.

Data breaches are becoming a part of life in the digital world, and a part of this new reality we must come to accept.  But we must take an active part in doing what we can to safeguard our precious information.  We must limit the extent of what we share, as well as who we share it with, and what value we get in return.  We must pay attention when others are careless and take appropriate action in response. And we must pay attention, so if we ARE one of the ones severely compromised in the breach, we can limit the scope of the destruction, as much as possible.

And we also must realize that the media likes to sensationalize.  Take the Nametests breach, for example. Again, Techlaurels warned users to keep away over a year ago. The only thing that changed is they inadvertently gave away free milk when they wanted to be selling cows.  Despite all of the hype, the only thing that has changed as a result is there are no more freebies.  And the parent company will back-burner nametests for a while, and just mine your data from one of their many OTHER internet quiz sites.

* Articles About the Nametests Breach:

• Quiz App Left 120 Million Facebook Users’ Data Exposed as Recently as Last Month
• What Is NameTests? Facebook Quiz App ‘Exposed Data of 120 Million Users’
• Yet another massive Facebook fail: Quiz app leaked data on ~120M users for years
• Popular Facebook quiz app exposed data on more than 120 million users
  Hmm, maybe that "Which Disney princess are you?" quiz wasn't worth giving up your info.