During the last five years, my personal details have been stolen not once, but twice. Thanks to data breaches reported by two different companies, criminals now know one of my email addresses, a password I’ve used, that password hint and my username for that same account, as well as my date of birth, my mobile number and my IP address. I’ve been hacked!
I don’t recall being told by either company that my details had been stolen – I decided to check for myself this year (on haveibeenpwned.com) after joining a project that aims to protect personal information, and after the cyber security media frenzy of the last 12 months. It seems that every week brings more coverage of yet another company whose security measures have been defeated. Worse, many of the cases seem to end with other security experts shaking their heads and saying ‘I’m not surprised – they didn’t even do X, or have a basic Y’. It’s a real shame that the experts don’t ever seem to be working for the company that is hacked. Would save us a lot of bother…
I’m not particularly surprised that my details were taken – I’ve given a lot of them to many different people and companies over the years but I couldn’t tell you for certain who I gave them to, what I actually gave or when I did it. And I think this is true for the majority of people. When it come to making the decision of convenience or security, we choose convenience nine times out of ten. We accept the potential consequences of someone misusing our personal information. For now we do, anyway; something tells me we won’t be so trigger-happy with our personal information in the near future, and education will play a big part in this. I don’t think people (myself included) really understood what the risks were. I normally filed the risk under ‘they may potentially send me spammy marketing emails’ rather than ‘someone could potentially steal my identity and my money’.
Just because I’m not surprised doesn’t mean I’m any less irritated about it. I trusted someone to hold onto my things and they let someone else take them. ‘Let’ may be too strong – the companies were simply outsmarted, and it’s not hard to see why. Think of it like this: A book store owner once had to be an expert at selling books. That was what they concentrated on and gave 100% effort to achieve. Suddenly, they also had to be an expert in protecting customer data but that’s not the main aim of the business so they divert maybe 10% of company resources and energy into that and get back to the main aim – selling books. Now let’s look on the other side of the equation. A large cyber crime organisation’s main purpose is to outsmart the security processes of companies, so it ploughs 100% of it’s resources into just that… you can see where this is going.
After assessing my own situation, my imagination went off on a tangent. I started to mildly stress about how I’m going to explain to my children -should I ever be so lucky/unlucky to have any- that yes, it’s really easy and convenient to connect to many different things now, but no, it’s not always a good idea because of the things they may want in return. And actually policing their usage of the digital world? I can feel my hair turning grey as I write this.
The truth really is out there, in stark black and white: we are not in control. You are not in control. Not in a way that would still make modern life bearable anyway. I mean that rejecting social media platforms, online banking, and email receipts and all the other innovations that make many people’s lives easier, is not a solution; it’s a surrender. It would be our way of saying that the digital, online world is not safe and cannot be made safe. For me, the ‘well if you don’t like it, don’t use it’ response is the easy way out. Happily, there are people out there who are taking it personally, and dedicating their time to finding a solution.
I’m one of the lucky victims of hacking – I haven’t noticed any negative effects on my life as a result of my information being stolen, and I’m fairly sure I’ve covered my bases by changing passwords and other things. Other people haven’t been so lucky, and I’m sure we’ll be hearing about more hacking crimes in 2016. I’m really hoping that, in a few years, I’ll be able to write a sequel to this article – ‘Hacked III: The Non-Event’ or something similar.
By Alex Harvey
Ask me anything: @alextharv