The most common driving force behind data breaches is financial gain. However, sometimes hackers also intend to damage the reputation of companies, institutions, or individuals.
We’ve taken a deep dive into publicly available leaked data to create examples of people - both real and fictional - to illustrate the most striking points:
- what data is leaked most often?
- what are the massive personal consequences of data breaches?
Publicly available databases most commonly contain email addresses, passwords, account IDs, password hashes and IP addresses. The chart below shows how many data points of each type were lost per 100 internet users.
Leaked data: name, account ID & password
Jane has managed to hop on modern trends. Therefore, she leads the life of a beauty influencer on social media.
However, not everyone enjoyed her popularity and decided to blackmail her. Having obtained her credentials from a leaked data compilation, hackers seized control of Jane’s account.
To get her account back and avoid reputation damage, Jane had to pay a ransom. Luckily for her, that was the extent of the hack - the hackers didn’t seem interested in using her account for further scams.
75% of email addresses are leaked with passwords for the services and websites they're tied to. This combination gives hackers full access to many online platforms we use daily.
75% of email address leaks contain the passwords as well
25% leaked without passwords
Leaked data: personal email & password
William runs his own social media page with a moderate following. As a photographer, he uses it to connect to his fans and even score clients. It is a major platform for promoting his name and his work.
Once his data came out in a leak, the hackers used his page to run scams on people by advertising goods like moon lamps, taking the money, and not shipping anything.
The sale scam operating on his page hurt William’s reputation and he lost a good amount of his clients. It took William quite some time to gain back control of his accounts and apologize to scammed customers.
William uses his personal email address when logging into his fan page, an image storage service, a photo editing software, as well as other online services that make his life easier.
Reusing a single email address means that it can get leaked more often. In many cases, the address can be leaked together with the data that's stored with it: account ID, name, date of birth, and more.
Let’s look at two characters: Glen, the teacher, and Cho, the coffee shop owner.
Every second, 63 email addresses are leaked. It’s always happening in the background as you go about your day.
It took Glen 13 seconds to order a coffee. In that time, 819 emails were leaked - enough to cover the population of Vatican. Cho prepared her coffee in 2 minutes. That was enough for 7,560 emails to be leaked - including Cho’s.
That's about the size of the population in Singapore
This graph shows the time it takes for enough email addresses to leak to cover enormous populations.
Leaked data: business email address & password
Cho runs a coffee shop. Proud of his business, he tries to make it as efficient as possible. Making best use of modern digital business tools, Cho used the same credentials when signing up for every business-related service.
A leak in one of the services made it easy for a hacker to access his inbox. When an invoice for a large purchase was received, the hacker deleted the original email, and instead presented a falsified one - which included his receiving bank account number.
Cho did not notice the switch up, and his company’s accounting transferred $40,000 to the hacker. By the time the real company reached out for the payment, it was too late to reclaim the money.
99 sensitive data points are lost per 100 internet users. The more of your personal data is leaked, the easier it is for scammers to use social engineering to get what they want from you.
Leaked data: full name & telephone number
Glen uses digital services sparingly. Between her work and her analog hobbies, she just doesn’t have time to be online. However, she is a modern teacher, and uses online tools to make her work better.
Glen lost her data in a hack of an online teachers’ forum. She didn’t take any action as she thought nobody is interested in her information.
After 8 months, she received an a text message, saying “Mrs. Glen Watergate, please confirm your membership at the teachers’ forum by clicking this link https://cutt.ly/eRu4qJM”. She opened it and saw a form asking to enter her credit card details for future membership renewal.
In public databases, only 1 out of 100 users has the personal health or financial data points listed below compromised. Glen, on the other hand, revealed sensitive financial information on her own over the phone.
No. of data points per 100 internet users
Steps you can take to protect yourself as well as mitigate the consequences of data breaches.
- Use password managers;
- Enable two-factor authentication;
- Use a VPN, antivirus and firewalls;
- Inform law enforcement when you experience a hack;
- Use disposable virtual credit cards for your online payments;
- Avoid suspicious links, especially shortened ones;
- Use encrypted cloud services instead of regular ones.
This study is a deep dive into the Surfshark Alert database. We’ve looked into data breaches that occurred between 2004 and the present in order to identify the most commonly leaked data points and the threat they pose. The data collection was analyzed and illustrated per 100 people in relation to internet user as well as world population statistics. Data point categorization is based on The General Data Protection Regulation.
Sources:
European Commission (2016). The General Data Protection Regulation. EC.europa.eu
Internet World Stats (2020). Internet Usage Statistics. Internetworldstats.com
Worldmeter (2020). World Population. Worldometers.info