Top 2018 Privacy Leaks
With 2018 now firmly in the rearview mirror, it’s a good time to set aside a moment and take stock of everything that had happened during those 12 months. Just like any other year, 2018 had its ups and downs. However, a notable trend among those low points was widespread in privacy leaks.
Unfortunately, data breaches are an all-too-common occurrence. It’s only the world we live in, and sometimes it feels like hardly a week can go by without another company notifying its users that their privacy may have been compromised.
These privacy leaks can come in different forms. Sometimes they are the result of hacks and other malicious activities. On other occasions, a technical error can be the underlying cause. They can also differ concerning the type of data which has been compromised.
This also determines how dangerous they are – having your email address exposed is undoubtedly much less frightening than if the same were to happen to your passwords or credit card information. However, no privacy leak should be dismissed as unimportant because there are lots of ways for unscrupulous individuals to abuse such information.
What is worse, these breaches will keep happening – there is just too much of our data on the internet for them not to. However, there are some things you can do to improve your privacy. One of them is to stay informed. By learning more about the leaks which have already happened, you’ll be in a position to make better-informed decisions in the future. To that end, here are some of the privacy leaks which have marked the previous year.
1- Cambridge Analytica – Facebook
To be clear, this privacy leak did not happen in 2018 – it took place back in 2014 and 2015. However, the scandal broke last year, and Cambridge Analytica was undoubtedly one of the biggest stories regarding the privacy of 2018. In the end, it affected between **(https://www.nytimes.com/2018/03/19/technology/facebook-cambridge-analytica-explained.html) and (https://www.theguardian.com/technology/2018/apr/08/facebook-to-contact-the-87-million-users-affected-by-data-breach) million Facebook users**.
This is what happened. Aleksandr Kogan, a psychology professor at the University of Cambridge, created a personality test app called “thisisyourdigitallife.” Using it, he started collecting data on Facebook users who had downloaded the app and their friends. The data included people’s locations and “likes.” The users consented to this, and it is important to note that this was legitimate at the time because the app was portrayed as having an academic purpose.
However, what happened next was indeed not. Kogan passed the information on to Cambridge Analytica, a political consulting firm. This was a major privacy leak but what made the situation even worse (and made the story even more high profile) was the fact that Cambridge Analytica went on to work on Donald Trump’s 2016 presidential campaign.
This raised many questions, and Facebook ended up suspending Cambridge Analytica from its platform. The public outcry was so massive that Mark Zuckerberg had to testify before the Congress to address the privacy concerns which come from the way Facebook handles its users’ data.
2- myPersonality – Facebook
Following the Cambridge Analytica scandal, Facebook started investigating the apps found on its platform more closely. During this auditing process, it determined that the people behind the “myPersonality” app had shared personal information regarding Facebook users with researchers and other third-party companies.
Once again, the leak itself happened before 2018, but this was yet another story which broke last year, further damaging Facebook’s reputation while it was still reeling from the Cambridge Analytica situation. The leak affected around four million people. Interestingly, the previously mentioned Aleksandr Kogan was also involved with the creation of “myPersonality,” adding further fuel to the fire.
Despite the rise of other social media platforms such as Instagram, Facebook is still the dominant force in its field. That being said, 2018 was not a good year for the company in terms of privacy issues. Following the two highly publicized events we already covered, the platform suffered another breach later that year.
This situation was a bit different. This time, hackers managed to exploit a vulnerability within the platform itself to steal personal data. Facebook initially believed this affected 50 million accounts but later reduced that figure to 30 million. Hackers accessed data such as names, email addresses, phone numbers, birthdates, locations, etc.
The breach revolved around the “View As” feature. Due to several software bugs, the attackers could use it to steal access tokens. These bits of code allow people to access Facebook without the need to enter their password each time. Naturally, Facebook has addressed this issue, but it was another severe blow to the company.
Because so many people regularly use Facebook, those privacy leaks are significant. That is why we’ve mentioned three of them. However, Facebook is far from the only popular platform with these issues. Amazon is equally relevant, and it faced this problem just before the 2018 holiday season.
Amazon announced that a technical error on the website caused the issue, meaning there wasn’t a hack. The bug revealed the names and email address of some users, although the company did not give an exact figure.
5- Google +
In December of 2018, Google announced that a bug in its Google+ service had jeopardized the privacy of 52.5 million people. Due to it, various developers had access to other users’ profile data even if it was not set to the public. This included names, occupations, email addresses, and so on. Google did go on to say that it had no evidence of any actual misuse.
This was not the first problem of this nature as Google+ had already faced a similar issue in the spring of 2018. Combined with other problems, this caused the company to announce it would shut the platform down in 2019.
6- Starwood Hotels and Resorts
In November of 2018, Marriott International stated that Starwood, its subsidiary, had suffered a [massive data breach](http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/). The company discovered this in 2018, but the unauthorized access had been taking place since 2014.
This affected 500 million guests who had visited Starwood properties. The hackers were able to copy the reservation database and gain access to various information. This included names, addresses, passport numbers, and even payment card info.
In June of 2018, a cybersecurity researcher discovered that Exactis, a Florida firm which collects and aggregates personal data, left a database with over [**300 million records**](https://www.wired.com/story/exactis-database-leak-340-million-records/) on a public server. The data did not contain Social Security numbers or credit card info, but it was still very comprehensive.
We do not know if anyone has managed to abuse the database. Still, the very fact it was out in the open is a significant privacy risk.
|Company||Number of accounts leaked|
|Starwood Hotels and Resorts||500M|
These were some of the most notable privacy leaks of 2018. Unfortunately, the list could be much longer. In today’s world, our privacy is in constant danger. Therefore, it pays to stay informed and do everything in your power to protect yourself.
Cheers Internet, feel free to clap & follow our stories, see you next time. 🤫
📷 by Thought Catalog