2019 has barely started, and indications show that this year could very well be one of the worst for Internet users as far as privacy and data security is concerned.
As HackRead has reported, below are some of the biggest privacy breaches already exposed this year:
- Security researchers revealed that 773 million unique email IDs and 22 million unique passwords were stored on cloud sharing service MEGA in a compilation of files called Collection #1, estimated to be about 87 GB — making it the largest data breach ever.
- Facebook was exposed for storing the password of about 600 million users in plain text format, in a location accessible to about 20,000 of its employees.
- Image sharing website 500px was hacked, resulting in the account details of 14.8 million users being compromised.
- Details of 108 million users of online betting sites were exposed due to the data being copied to the Elasticsearch cloud service without being secured.
In fact, according to a source 1.76 billion records were leaked in January of this year alone, and things do not seem to be slowing down; the more dependent we grow on the Internet for activities (personal, professional, and commercial), the more sophisticated hackers will be at compromising our data.
Below are 7 basic steps you can take to protect your privacy in 2019:
1. Use a Secure Password Generator
The Collection #1 breach, the largest data breach exposed this year, mainly comprises data stolen from some of the biggest data breaches that have happened in the past. While it’s been a while that these breaches occurred, many users remain vulnerable even after changing the password of the affected sites because they use the same passwords for many different sites.
If you’re really concerned about your online privacy, as a rule, you should never use the same password for more than one site; it can be difficult to remember multiple different passwords, however, and this is where a secure password generator comes in.
Secure password generators like LastPass and Dashlane will not only help you generate unique, secure passwords for all of your different sites, but they will also store these passwords in an encrypted format and give you the option to sync them across all of your devices — making it extremely easy to log in to all of your sites without having to worry about the safety of your online account every time there is a data breach.
2. Enable Two-Factor Authentication
With the increasing number of data breaches occurring, or careless actions taken by online service providers (like Facebook storing data of 600 million users in plain text format), your data is bound to be exposed sooner rather than later.
Besides using a secure password manager to generate unique passwords for each of your online accounts, you should also take advantage of two-factor authentication if offered by the online service you use.
Most online services today will let you enable two-factor authentication via SMS to your mobile phone or by using the Authy or Google Authenticator app. Take advantage of this feature; this way, even if your details are eventually compromised it is still impossible for a third-party to access your account without having access to your two-factor authentication device.
3. Use a VPN
You should also work towards protecting your Internet privacy beyond passwords and logins; if there is something scandals like Cambridge Analytica have taught us, it is that unscrupulous parties are doing everything they can to gather as much data as they can on Internet users — once this data is gathered, they can use it to target offers to you or they can share or sell it with third-parties (including the government sometimes).
While many wrongly assumed that the only way to prevent Cambridge Analytica-style data abuse is by deleting their Facebook account, the reality is that online tracking and monitoring is way more sophisticated than that; by installing tracking pixels on a website you visit, or cookies on your computer, it is easy for a third party to gather A LOT of information about you, including the type of browser you use, your location, and your demographic information. One of the best ways to prevent this type of snooping is by using a VPN. HackRead recommends both IPVanish and Private Internet Access. I’ve also found NordVPN and ExpressVPN to be great options, and I recently did a comparison of how they stack up against each other.
4. Pay Careful Attention to App Permissions
We now live in a world where there are more mobile users than desktop users. While a lot of attention has been focused on hacking attempts against desktop computers and online platforms, it is important to note that hackers are shifting attention towards devices, and most of this attention is directed towards the underlying way mobile devices operate: through apps.
As I wrote recently here, a study I did find that as many as 62 percent of popular Android VPN apps require dangerous permissions that are not necessary for them to function: once these permissions have been granted, these apps then stealthily gather data on their users. This data can be used to tailor offers to these users, or they can be shared or sold to third-parties.
Whenever you want to install an app on your mobile device, take a careful look first to see if the permissions required are necessary; if not, you shouldn’t install the app.
5. Be Wary of Browser Extensions You Install
While a lot of attention is now being directed towards mobile apps, it is easy for browser extensions to go under the radar; don’t be deceived. In fact, as explained in an article on the Kaspersky blog, a lot of browser extensions have been exposed for nefarious activity: this includes the browser extension offered by popular website rating service Web of Trust, which was exposed for gathering data on its users and then selling the data to third-parties, as well as some “sticky notes” extensions that were designed by their creators to secretly inject ads in users’ browsers and generate profits while users click on these ads.
If you don’t need a browser extension, don’t install it. If you stop needing a browser extension you installed, uninstall it. If you’re not comfortable with the permissions required by a browser extension, don’t install it.
6. Review Your Social Privacy Settings
Facebook has been in the news for more privacy scandals than the average company can survive, Google plus was shut down due to a major privacy bug, and Twitter, as well as other social media sites, are not free when it comes to how user privacy is handled.
It is important to review your social privacy settings now as well as to review it on a regular basis; make sure your settings do not allow unknown third-parties to access the information you only intended to release to close, personal connections.
7. Monitor your data regularly
In 2018, we witnessed some of the world’s largest data breaches but do you know what happened to your stolen data? In some cases, it went on hacking forums and dark web marketplaces on sale while some took the opportunity to use the data and blackmail victims.
However, you can now monitor your data and check if your email account was part of a data breach. You can do that on HaveIbeenPwned (HIBP) by simply putting your email or password in the search bar and click “pwned” to see whether it was compromised.
You can also use the Firefox browser as in 2017, Mozilla started collaborating with HIBP to send an in-browser alert to users if they are visiting a site that was previously hacked and whether their login credentials have been involved in a data breach.