Data breaches have always been an understandably worrying topic for most. The fear of having your information; your name, address, contact information or even credit card information is one of the largest concerns when considering digital security.
In most recent events, nearly 270 gigabytes of data have been leaked and published in the latest release by Distributed Denial of Secrets (DDoSecrets), which is an alternative to WikiLeaks, posting countless repositories of previously secret data. The latest attack includes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources”.
DDoSecrets have been successful in publishing a huge array of datasets, spanning from previously secret data to large dumps on publicised attacks ranging from 000Webhost, Dropbox, Sony, Tumblr and more. The range of these data leaks is concerning but is relatively niche in nature. However, DDoSecrets illustrates the extent of attacks which instead end up on dark web marketplaces.
Fortunately, websites like haveibeenpwned.com offers users the ability to search for their email address, identify the service their credentials were compromised on, and change their credentials in response.
As an end-user, it is relatively difficult to reduce the likelihood that your data is caught up in a data breach. You can, however, reduce the impact of this by ensuring that you use a unique password across each service that you use. Data breaches tend to act like dominos, where the initial attack causes substantial damage, but the fallout is equally as important to consider.
As a business, consider using a third-party supplier to perform security testing when you deploy new software. This will help you to quickly identify risks and remediation measures you can take to improve security.