Sexual Fetishes, Salaries, and Other Things We Know About You
It’s time to stop pretending that you can be anonymous on the Internet.
In a data breach, unauthorized users obtain access to databases of user information that are stored by companies. While most people assume it’s harmless, the types of data that are obtained assist in blackmail, identity theft, and fraudulent financial activity, among others. Worse, chances are, there’s much more unauthorized data collected about you than you imagine.
A Dose of Reality
Troy Hunt’s Internet security website, Have I Been Pwned (HIBP), which was launched on December 4, 2013, has published 8,418,474,549 recorded breaches (over 397 total events) of customer accounts as of August 18, 2019 (this list does not include the 2017 Equifax data breach, which exposed the private data of up to 143 million consumers in the US) — a number that exceeds the current population of Earth. To put it into a different perspective, Facebook’s 2018 10-K reports 2.32 billion monthly active users on its platform; mathematically, the amount of compromised accounts reported by HIBP is 3.6x that of the number of Facebook users.
Within those 8.42 billion recorded breaches, over 80 different types of identifiable data have been illicitly harvested. Chart 1 illustrates the most common types of harvested data include emails (21%), passwords (18%), usernames (13%), IP addresses (10%), names (7%). Almost one third (31%) of the total harvested data, though, comes in the “other” category, which alarmingly includes information on sexual preferences, sexual orientation, sexual fetishes, credit status information, family structure, smoking habits, nationalities, income levels, and government-issued IDs. This type of information can be used in blackmailing users, discriminating against job applicants, or other targeted activities.
HIBP records the highest number of breaches in 2016: 86 breaches (see Chart 2). Each breach is an event where a database containing personal records was accessed and exposed in an unauthorized manner. The number of breaches…