Big data is a great asset for countless people all over the world. A growing number of companies are relying on data to deliver more value for their customers. One report shows the market for big data could reach $103 billion in the next seven years.
Unfortunately, big data comes with a price. It can compromise our privacy, as more and more people can get access to it. A recent arrest in Britain highlights how vulnerable our privacy is in the age of big data.
Big Data Privacy Risks Are Growing and Anyone Can Access It
In January, the British National Crime Agency, in a joint operation with the FBI, arrested two men suspected of operating the famous information marketplace website WeLeakInfo. The site in question specialized in leaking and reselling credentials from all over the globe. Their products were acquired through illegal means, including cyberattacks such as phishing and packet sniffing.
WeLeakInfo claimed to have more than 12 billion items of personal data, enough to turn heads around the world. The FBI and NCA started showing interest in the site’s operation after credentials acquired from the site were used in cyberattacks affecting the United States, Germany, and Britain. The bust provided a quick glimpse of how stolen information is a valuable commodity. Valuable, but not expensive.
A £200k Business
The two men in question, a Dutchman and an Irishman, got £200,000 from running the website, according to one of the NCA investigators. The investigation was accelerated after online payments originating from the site were traced to known IP addresses of the two men. The money was then traced to companies in Germany and New Zealand, which were responsible for hosting the data. It seems that data leakers did not even use a proxy network and leaked their own information.
The eerie fact that WeLeakInfo was selling access to private data for as little as $2 should leave everyone worried – could anyone with some loose change really have your password, social security number, home IP address or email? Yes, if you were a victim of any recent data leak or cyberattack.
According to a source in the US Department of Justice, data sold through the site originated from leaks and cyberattacks affecting large online service providers like WeWork, Regus, and many more. Online travel agents and websites that store user information – particularly data about user credentials, payment details, and personal information – were the primary targets of attackers.
The 12 billion items collected on the site was not an exaggeration. It seems that a common bot can scrape a huge volume of personal data in just a few hours. Coupled with more modern attack methods such as botnets and smart scrapers, the amount of data that a coordinated attack can collect is staggering. More importantly, there is no data not valuable enough to sell.
Understanding Privacy Risks
That last part is actually very important. In the eyes of attackers, any personal data is valuable and has monetary value. Your login info to emails and social media sites, for instance, can be used for other purposes such as email phishing and targeted brute force attacks. User data stored by third-party service providers is even more valuable.
The best policy is to never share personal details and sensitive information online, but this too isn’t a solution that everyone can adopt. If you rely on services like online travel sites or communities, chances are you have to give up some degree of personal detail to use their services. Even large sites like Google and Facebook are not immune to cyberattacks.
Privacy risks also come from legitimate scripts that track your online activities. Advertising networks, websites that use retargeting and remarketing, and general websites who want to profile you as their user usually use tracking scripts to gain more insights. Unfortunately, the granular data collected by these sites can also fall into the wrong hands.
Protecting Yourself Online
Fully protecting your personal details when you actively use online services is virtually impossible, but there are ways you can minimize the risks, starting with taking the steps to fully understand privacy laws such as GDPR, as well as regulations protecting user or customer interests like the California Consumer Protection Act (the CCPA).
You can also add an extra layer of security between you and the servers you access. While you may still be required to deliberately enter personal details such as full name and email address, the sites will find tracking you more difficult due to middleware bridging your data transmissions. A VPN connection or a proxy server is perfect for the job, but some of them might leak your data too.
We live in a world where attackers can acquire your data for as little as $2 per month through sites like WeLeakInfo. Fortunately, there are also sites that will warn you if your data is leaked or your online privacy is affected by a recent breach. ‘Have I Been Pwned’ is a good site to try, but it is not the only one that will alert you if your data is shared through malicious websites: Mozilla is doing this too.
As an added measure, always do a privacy assessment on a regular basis. Changing your password every 6 months is a good start. You also want to stick to strong passwords; use a reliable password manager to keep your passwords strong without jumping through hoops to remember them. Thanks to rules like GDPR, you can also ask service providers to completely delete your data upon request.
By implementing these simple steps, you can protect your personal information better, even when you regularly use online services. If the WeLeakInfo arrest tells us anything, it’s that our data – no matter how mundane it is – is now more valuable than ever.
Big Data is Valuable But it is a Concern
Big data has made our privacy more vulnerable. However, we shouldn’t throw the baby out with the bathwater. We should focus on protecting our privacy while still enjoying the benefits big data provides.