WEBVTT - The Largest Data Breaches in US History: Part I 0:00:04.440 --> 0:00:12.360 Welcome to tech Stuff, a production from iHeartRadio. Hey there, 0:00:12.360 --> 0:00:16.040 and welcome to tech Stuff. I'm your host, Jonathan Strickland. 0:00:16.079 --> 0:00:19.759 I'm an executive producer with iHeart Podcasts and how the 0:00:19.880 --> 0:00:23.680 tech are you? So recently I talked about how the 0:00:23.880 --> 0:00:28.800 US Department of Justice has filed a civil antitrust lawsuit 0:00:29.040 --> 0:00:34.400 against the company Live Nation Entertainment, which, among many other things, 0:00:34.560 --> 0:00:38.720 operates the service Ticketmaster, a service that I would say 0:00:39.159 --> 0:00:44.160 has fostered a lot of very strong opinions among concertgoers, 0:00:44.320 --> 0:00:48.600 including yours. Truly, I have very strong feelings about Ticketmaster. 0:00:48.800 --> 0:00:51.520 But last Friday night, which was the night of May 0:00:51.600 --> 0:00:55.720 thirty first, two thy twenty four for those of y'all 0:00:55.760 --> 0:00:59.600 listening from the future, Ticketmaster was in the news for 0:00:59.680 --> 0:01:02.760 a reason because the company had been the target of 0:01:02.840 --> 0:01:06.800 hackers who allegedly stole data belonging to around five hundred 0:01:07.080 --> 0:01:13.080 sixty million ticket Master customers. Now, that data reportedly includes 0:01:13.360 --> 0:01:17.680 personal information like names, addresses, and phone numbers, as well 0:01:17.720 --> 0:01:20.880 as purchase history. So you know, that means the hackers 0:01:20.920 --> 0:01:24.679 can check and see if a you know, very public 0:01:24.760 --> 0:01:27.679 punk rocker type has secretly been sneaking off to watch 0:01:27.680 --> 0:01:31.360 Taylor Swift concerts or something, and also some partial credit 0:01:31.400 --> 0:01:34.560 card information like the last four digits on credit cards. 0:01:34.959 --> 0:01:39.240 Ticketmaster slash Live Nation initially kept quiet about this revelation, 0:01:39.360 --> 0:01:42.080 but then late on Friday confirmed that a data breach 0:01:42.240 --> 0:01:46.600 did in fact happen. This is a problem for lots 0:01:46.600 --> 0:01:48.920 of reasons. I mean, anytime there's a data breach, that's 0:01:48.960 --> 0:01:51.840 a problem, But when you're talking about a data breach 0:01:51.920 --> 0:01:57.080 affecting hundreds of millions of people, that just spells a 0:01:57.240 --> 0:02:00.600 massive headache moving forward. And we'll talk a lot about 0:02:00.840 --> 0:02:04.080 why that is in this episode, But really I thought 0:02:04.120 --> 0:02:06.360 I would chat about some of the largest data breaches 0:02:06.400 --> 0:02:09.240 in US history, which is a super happy topic, right, 0:02:09.440 --> 0:02:11.520 but I thought it was really important to consider how 0:02:11.600 --> 0:02:15.480 technology that's meant to make systems more efficient and effective 0:02:15.800 --> 0:02:20.880 can also sometimes provide an opportunity for malicious agents, for 0:02:21.040 --> 0:02:24.960 hackers to make off with potentially huge amounts of information. 0:02:25.160 --> 0:02:27.799 And as we all know, information is valuable. I mean, 0:02:27.800 --> 0:02:31.239 it is the currency of the Internet in many ways, 0:02:31.520 --> 0:02:35.120 and data breaches are becoming more and more common. The 0:02:35.160 --> 0:02:38.919 Identity Theft Resource Center reported that in twenty twenty one, 0:02:39.320 --> 0:02:42.600 there were one eight hundred and sixty two data breaches 0:02:42.800 --> 0:02:45.840 that it was able to identify. In twenty twenty three, 0:02:46.160 --> 0:02:49.520 that number was up to three thousand, two hundred five, 0:02:49.680 --> 0:02:52.680 almost double. However, I feel I should clarify that twenty 0:02:52.720 --> 0:02:57.280 five of those incidents were data exposures, and two of 0:02:57.320 --> 0:03:00.880 them were data leaks, and fifty six were incidents that 0:03:00.919 --> 0:03:04.639 weren't categorized at all. They're uncategorized, I don't know the 0:03:04.760 --> 0:03:08.480 nature of them, so that leaves us three twenty two 0:03:08.520 --> 0:03:13.000 cases of actual data breaches, and the differences between these 0:03:13.000 --> 0:03:17.560 different categories are sometimes subtle and a little gray. As 0:03:17.560 --> 0:03:21.519 for my source for what constitutes the largest data breaches 0:03:21.560 --> 0:03:24.799 in the United States, I decided settle on one source 0:03:25.040 --> 0:03:28.280 just for the list. Right, I went into lots of 0:03:28.360 --> 0:03:31.120 sources for the details of all these things, but I 0:03:31.240 --> 0:03:35.200 used a blog post on upguard dot com. It was 0:03:35.240 --> 0:03:39.560 written by Kyle Chen. Now, Kyle Chen lists twenty six 0:03:39.800 --> 0:03:43.640 cases of data breaches, and the Ticketmaster case isn't among them. 0:03:43.720 --> 0:03:48.040 It hasn't been updated since the Ticketmaster issue. Arguably, Ticketmasters 0:03:48.080 --> 0:03:51.720 should be in any list about large data breaches in 0:03:51.760 --> 0:03:53.680 the United States because this was a big one. I 0:03:53.680 --> 0:03:56.680 imagine when the dust settles, it could end up on 0:03:56.760 --> 0:04:00.560 that list where I can't say Chen's definition. The biggest 0:04:00.680 --> 0:04:03.680 isn't just in how many records were part of a 0:04:03.760 --> 0:04:07.960 data breach, Like that's not the only factor that constitutes 0:04:08.000 --> 0:04:12.440 whether or not it merits consideration. Also the nature of 0:04:12.480 --> 0:04:15.520 the information and the impact the breach had end up 0:04:15.560 --> 0:04:19.040 factoring how it falls on the list. And twenty six 0:04:19.480 --> 0:04:22.960 cases is way too many cases for a podcast episode 0:04:23.080 --> 0:04:25.839 or even you know, two of them. So I'm just 0:04:25.839 --> 0:04:27.880 gonna go with the top ten, and even that's gonna 0:04:27.920 --> 0:04:30.640 require me to break this into two episodes, and I'm 0:04:30.680 --> 0:04:33.719 gonna work backward to add to the drama. By the way, 0:04:33.960 --> 0:04:36.279 Kevin Chin and no point says that this is a 0:04:36.400 --> 0:04:40.040 ranked list, so you could argue, I'm just giving you 0:04:40.160 --> 0:04:43.719 ten random large data breach stories out of a list 0:04:43.720 --> 0:04:46.400 of twenty six, and that's a legitimate criticism. But a 0:04:46.440 --> 0:04:49.680 guy's got to start somewhere, right Anyway. I'm doing this 0:04:49.720 --> 0:04:53.000 as a list because I've watched a lot of Jenny 0:04:53.120 --> 0:04:56.400 Nicholson's older YouTube videos recently, and I absolutely love how 0:04:56.440 --> 0:05:00.320 she turns everything into quote an internet friendly numbered li list. 0:05:00.520 --> 0:05:02.760 In the quote, I think that's very funny. I mean, 0:05:02.920 --> 0:05:05.320 Red Letter Media did the same thing with the Planket 0:05:05.360 --> 0:05:07.760 reviews with all the different parts, although that was somewhat 0:05:07.800 --> 0:05:10.840 necessitated by the fact that in the early days when 0:05:10.839 --> 0:05:14.320 they were posting those super long reviews, YouTube videos were 0:05:14.360 --> 0:05:19.039 limited to ten minutes each, so they would upload like 0:05:19.080 --> 0:05:22.599 a nine part series to take down the Star Wars 0:05:22.680 --> 0:05:26.440 episode one critique or whatever. Anyway, I've decided to go 0:05:26.680 --> 0:05:30.719 backward in order to increase the drama. So we're gonna 0:05:30.720 --> 0:05:35.440 start with number ten, which is FriendFinder Networks. And this 0:05:35.520 --> 0:05:40.200 one's a doozy. So friend Fighter Networks deals with products 0:05:40.240 --> 0:05:43.440 and services that include some that are not suitable for 0:05:43.520 --> 0:05:47.680 a family friendly podcast. I will use some euphemisms, but 0:05:47.920 --> 0:05:52.200 they include stuff like adult entertainment, webcam sites, that kind 0:05:52.279 --> 0:05:55.839 of thing. That's part of what friend Fighter Networks operates. 0:05:56.240 --> 0:06:00.880 The adult magazine company Penthouse bought friend Fire in early 0:06:00.960 --> 0:06:07.040 twenty sixteen, and interestingly, the company operates several dating services, 0:06:07.320 --> 0:06:10.400 including one intended to help people find someone with whom 0:06:10.400 --> 0:06:14.800 to have casual sexual encounters, that being adult friend Finder. 0:06:14.920 --> 0:06:17.160 On one end of the spectrum, and on the other 0:06:17.279 --> 0:06:19.599 end of the spectrum, they have a dating service for 0:06:19.720 --> 0:06:22.960 devout Christians. So I guess it's a company that really 0:06:22.960 --> 0:06:25.359 does believe an equal opportunity to make money off of 0:06:25.440 --> 0:06:29.800 various audiences. Anyway, as a company with businesses that are 0:06:30.160 --> 0:06:34.240 in the adult entertainment sphere and social networks and also 0:06:34.360 --> 0:06:38.800 dating services, FriendFinder Networks has access to a lot of 0:06:39.040 --> 0:06:44.560 sensitive user information that includes info that customers absolutely would 0:06:44.600 --> 0:06:48.240 prefer remain private or at least under their own control. 0:06:48.600 --> 0:06:50.360 So it was a bit of a shock in late 0:06:50.440 --> 0:06:53.840 twenty sixteen when news broke that hackers stole data from 0:06:53.880 --> 0:06:57.800 the company that stretched back two decades, like there was 0:06:57.839 --> 0:07:00.560 information in there that was twenty years old, and it 0:07:00.600 --> 0:07:04.000 even included information belonging to people who had long since 0:07:04.160 --> 0:07:09.600 deleted their accounts with FriendFinder Networks, but their information remained 0:07:09.680 --> 0:07:12.720 on company servers despite the fact that they had deleted 0:07:12.720 --> 0:07:17.960 their accounts. That seems like a very bad data ownership policy. 0:07:18.160 --> 0:07:23.040 Right to retain information about people who had subsequently deleted 0:07:23.080 --> 0:07:26.400 their account with you, that's a real problem. So the 0:07:26.440 --> 0:07:30.080 method that these hackers used relied on LFI, which is 0:07:30.160 --> 0:07:34.840 local file intrusion or sometimes local file insertion. It kind 0:07:34.880 --> 0:07:37.840 of depends upon who you're talking to, but the name 0:07:38.080 --> 0:07:42.280 sort of explains how this works. The hacker injects essentially 0:07:42.360 --> 0:07:48.120 malicious directions into a system, and they do this usually 0:07:48.280 --> 0:07:53.000 by incorporating those directions into a file, so, for example, 0:07:53.000 --> 0:07:58.560 a multimedia file. This multimedia file might contain basic directory 0:07:58.680 --> 0:08:03.440 commands within the file itself, so essentially it tells the system, 0:08:03.560 --> 0:08:07.760 hey execute these commands in this order, and if the 0:08:07.800 --> 0:08:11.840 server isn't protected against such relatively simple attacks, if I'm 0:08:11.880 --> 0:08:15.160 being honest, then the code can prompt the web server 0:08:15.280 --> 0:08:18.640 to configure the file improperly and give backdoor access to 0:08:18.720 --> 0:08:22.280 a hacker, which is in fact what happened in this case. 0:08:22.320 --> 0:08:26.480 The hackers got access to information stored on the affected servers, 0:08:26.680 --> 0:08:30.920 and there were six databases in total that were affected 0:08:30.920 --> 0:08:34.319 by this, six massive databases, and the take was huge. 0:08:34.440 --> 0:08:36.840 So the hackers made off of information that related to 0:08:36.880 --> 0:08:41.160 more than four hundred and twelve million customer accounts. The 0:08:41.200 --> 0:08:45.720 information included email addresses, including some belonging to government and 0:08:45.840 --> 0:08:51.600 military users, transaction history, account passwords. Some of these passwords 0:08:51.600 --> 0:08:55.080 at least were encrypted, but they used a really primitive 0:08:55.160 --> 0:08:57.800 hash to do it, an outdated method that was no 0:08:57.880 --> 0:09:00.280 longer considered secure, so that was a big, prible problem. 0:09:00.640 --> 0:09:03.240 More than three hundred million of the accounts came from 0:09:03.360 --> 0:09:06.720 Adult friend Finder, and more than sixty million came from 0:09:06.720 --> 0:09:10.000 a webcam site. And I'm sure a lot of customers 0:09:10.040 --> 0:09:12.840 got really nervous about this. I mean, the taboo nature 0:09:13.280 --> 0:09:15.960 of these sites and services meant a lot of people 0:09:16.160 --> 0:09:19.440 were probably sweating over their past activities and hoping they 0:09:19.480 --> 0:09:23.960 wouldn't be exposed. Now, keep in mind that one year earlier, 0:09:24.080 --> 0:09:27.520 in the summer of twenty fifteen, hackers compromised around thirty 0:09:27.559 --> 0:09:31.559 two million accounts from the company Ashley Madison. Ashley Madison 0:09:31.600 --> 0:09:33.520 was built around the idea of a dating service that 0:09:33.600 --> 0:09:37.319 would let married people secretly find potential partners in order 0:09:37.320 --> 0:09:41.360 to have an affair. There was this sense that some 0:09:41.880 --> 0:09:45.719 sort of hacker anarchist was going to reveal salacious details 0:09:45.760 --> 0:09:48.320 about folks in the wake of these attacks, or that 0:09:48.440 --> 0:09:51.480 at the very least, they would make these details available 0:09:51.520 --> 0:09:54.120 so that anyone who really wanted to sift through all 0:09:54.200 --> 0:09:56.760 the stolen information could dig up whether or not you 0:09:56.800 --> 0:09:58.959 know the neighbor down the street was secretly trying to 0:09:58.960 --> 0:10:02.200 sneak around behind their partners back or whatever, or the 0:10:02.240 --> 0:10:05.440 sexual orientation of people you knew. You could find that 0:10:05.559 --> 0:10:07.880 kind of information out based upon the stuff that had 0:10:07.920 --> 0:10:11.160 been stolen in these sorts of attacks, and depending on 0:10:11.200 --> 0:10:14.480 where you are, that kind of thing can have deadly consequences. 0:10:14.760 --> 0:10:18.720 So the information involved with this data breach was extremely sensitive, 0:10:18.760 --> 0:10:21.880 particularly from a social perspective. I mean, you're not likely 0:10:21.920 --> 0:10:24.200 to come forward and say I was the victim of 0:10:24.280 --> 0:10:27.439 identity theft if it also means you have to cop 0:10:27.520 --> 0:10:31.520 up to something that is socially taboo, like, there's just 0:10:31.600 --> 0:10:34.679 a lot of pressure on you to not come forward. 0:10:35.080 --> 0:10:37.960 That the idea of coming forward is actually worse than 0:10:38.000 --> 0:10:41.280 someone taking advantage of the information they have on you. So, 0:10:42.120 --> 0:10:45.360 while this hack didn't include stuff like credit card information, 0:10:45.800 --> 0:10:49.240 just the fact that names were appearing on these customer 0:10:49.280 --> 0:10:52.360 lists was a huge problem. It could give other hackers 0:10:52.360 --> 0:10:56.520 the opportunity to engage in blackmail or spearfishing and target 0:10:56.600 --> 0:11:00.000 people based on what was revealed in their data with friends. 0:11:00.840 --> 0:11:03.760 And that's a real issue that's going to come up 0:11:03.800 --> 0:11:07.280 again and again in these episodes. Is that idea of yeah, 0:11:07.320 --> 0:11:10.040 the data might not include, say, your credit card, but 0:11:10.120 --> 0:11:14.040 that's not really the concern here. The concern is how 0:11:14.080 --> 0:11:19.199 can someone use your information to victimize you in various ways? 0:11:19.200 --> 0:11:22.680 And one of those is spearfishing. So what did FriendFinder 0:11:22.720 --> 0:11:25.520 Network do in response to this? Sadly, the answer was 0:11:25.559 --> 0:11:28.839 not much. While security researchers alerted the public that they 0:11:28.880 --> 0:11:32.880 had detected a vulnerability in the FriendFinder Network system, the 0:11:32.960 --> 0:11:35.640 company did not acknowledge the data breach for a full 0:11:35.679 --> 0:11:39.760 week and only then began to send out notifications to customers. 0:11:39.920 --> 0:11:42.680 And the company didn't have any really helpful advice for 0:11:42.760 --> 0:11:46.480 those customers either, saying that people should change their passwords. Now, 0:11:46.520 --> 0:11:51.600 according to idstrong dot com, the company had lacks password 0:11:51.640 --> 0:11:55.360 requirements in the first place. Passwords weren't even case sensitive, 0:11:55.520 --> 0:11:59.880 for example, and they didn't update this, so their password 0:12:00.080 --> 0:12:03.960 protocols were still not really at an industry standard. And 0:12:04.040 --> 0:12:07.640 here's a real kicker. The company had also been breached 0:12:07.640 --> 0:12:12.320 in twenty fifteen. Now, the twenty fifteen breach, because remember 0:12:12.320 --> 0:12:14.640 the one we're talking about is really twenty sixteen, But 0:12:14.720 --> 0:12:17.679 the twenty fifteen breach was much smaller in scope. Only 0:12:17.720 --> 0:12:20.280 three and a half million users were affected. That's still 0:12:20.280 --> 0:12:22.679 a lot of people, but it's nowhere close to four 0:12:22.760 --> 0:12:26.079 hundred and twelve million. But the types of information that 0:12:26.120 --> 0:12:30.920 were stolen included things like partial payment information, and at 0:12:30.960 --> 0:12:32.800 least in some of the research I was doing, Like 0:12:32.840 --> 0:12:35.960 some sources said that the types of info that were 0:12:36.000 --> 0:12:40.080 stolen in the twenty sixteen attack did not include things 0:12:40.160 --> 0:12:44.560 like sexual orientation or preferences or that kind of thing. 0:12:45.040 --> 0:12:47.800 Other sources said, no, that was part of the twenty 0:12:47.840 --> 0:12:50.600 sixteen hack as well. So I don't know what the 0:12:50.640 --> 0:12:53.800 full extent was, but a lot of the analysis I've 0:12:53.800 --> 0:12:56.080 looked at about this particular breach points out that the 0:12:56.080 --> 0:12:58.560 company failed to act properly in the wake of the 0:12:58.600 --> 0:13:02.400 twenty fifteen breach, which meant it was essentially set up 0:13:02.559 --> 0:13:06.600 for the much larger attack in twenty sixteen. So that's 0:13:06.600 --> 0:13:11.960 a pretty damning allegation there, right, that a company had 0:13:12.000 --> 0:13:15.760 already been the victim of a massive data breach and 0:13:15.800 --> 0:13:19.840 then failed to take the adequate response in order to 0:13:19.840 --> 0:13:24.280 prevent an even larger data breach the following year. So again, 0:13:24.440 --> 0:13:28.040 just having the basics of your information leaked out would 0:13:28.080 --> 0:13:31.200 be a huge problem given the nature of this company, 0:13:31.440 --> 0:13:34.480 And despite the company's arguably lack luster response to the breach, 0:13:34.520 --> 0:13:38.160 customers kept on being customers. I guess they never had 0:13:38.200 --> 0:13:41.520 to learn a lesson because there really weren't massive consequences. 0:13:41.880 --> 0:13:45.280 And again maybe this is partly because of the nature 0:13:45.400 --> 0:13:49.079 of the services themselves, right, Like for a customer to 0:13:49.120 --> 0:13:51.200 put up a big fuss, they would also have to 0:13:51.320 --> 0:13:53.640 reveal themselves to be a customer in the first place, 0:13:53.720 --> 0:13:56.600 and then the social taboo kicks in again. But unlike 0:13:56.640 --> 0:13:58.480 some other companies that were going to talk about in 0:13:58.480 --> 0:14:02.640 this episode, the friend Finder Networks didn't see serious setbacks 0:14:02.720 --> 0:14:06.400 as a result of this attack. Okay, and we just 0:14:06.440 --> 0:14:09.280 got through one, and we've got lots more to go, 0:14:09.440 --> 0:14:12.040 So let's take a quick break to thank our sponsors 0:14:12.040 --> 0:14:24.280 and we'll be right back. Okay, we're moving on to 0:14:24.360 --> 0:14:27.240 number nine on our list. And this one is a 0:14:27.280 --> 0:14:30.520 real blast from the past. It's MySpace, and this attack 0:14:30.640 --> 0:14:34.600 technically happened in twenty thirteen, but it wasn't discovered and 0:14:34.680 --> 0:14:39.880 reported until twenty sixteen, and even twenty thirteen was late 0:14:39.920 --> 0:14:42.720 in the game for MySpace now. MySpace was once the 0:14:42.920 --> 0:14:46.600 king of social networking platforms, but it had been losing 0:14:46.600 --> 0:14:50.120 ground to Facebook since two thousand and nine. News Corps, 0:14:50.280 --> 0:14:53.080 which had purchased MySpace for a whopping five hundred and 0:14:53.120 --> 0:14:56.160 eighty million dollars in two thousand and five, ended up 0:14:56.280 --> 0:14:59.240 selling the company off to Justin Timberlake and a company 0:14:59.240 --> 0:15:02.920 called Specific Media in twenty eleven for thirty five million dollars. 0:15:02.960 --> 0:15:06.320 So again they purchased it for five hundred eighty million 0:15:06.480 --> 0:15:08.960 and then six years later sold it for thirty five million. 0:15:09.280 --> 0:15:13.520 Not a good deal. By twenty sixteen, Time Incorporated purchased 0:15:13.520 --> 0:15:18.160 Specific Media, and then Meredith Corporation acquired Time Incorporated. Because 0:15:18.160 --> 0:15:20.600 there's always a bigger fish, that story gets more and 0:15:20.600 --> 0:15:22.640 more complicated too, but we're going to leave that here. 0:15:23.200 --> 0:15:26.680 My point is that MySpace had already experienced a dramatic 0:15:26.760 --> 0:15:31.440 decline in relevance by twenty thirteen when the attack actually happened, 0:15:31.640 --> 0:15:35.960 but still the site had millions of user records and 0:15:36.000 --> 0:15:38.600 a hacker was able to get access to them, like 0:15:38.840 --> 0:15:43.720 three hundred and sixty million records. The data lifted during 0:15:43.760 --> 0:15:48.200 the breach included email addresses, user names, and passwords, which 0:15:48.240 --> 0:15:52.040 were encrypted using again an outdated method, and therefore security 0:15:52.040 --> 0:15:55.680 experts considered it insecure, and that was a real issue 0:15:55.760 --> 0:15:58.680 right now. Looking back on this hack today, there's a 0:15:58.720 --> 0:16:02.200 disturbing lack of information as to how it actually happened. 0:16:02.520 --> 0:16:06.000 It went undiscovered for nearly three years and only really 0:16:06.080 --> 0:16:08.440 came to light when folks realized that data from the 0:16:08.480 --> 0:16:11.560 breach was popping up for sale on black market sites 0:16:11.560 --> 0:16:14.400 on the Dark Web. As for who was responsible and 0:16:14.440 --> 0:16:18.640 the vulnerabilities they exploited, that remains something of a mystery. 0:16:19.040 --> 0:16:23.120 MySpace responded to this news by invalidating all the passwords 0:16:23.160 --> 0:16:26.320 of all the affected accounts, which would require users to 0:16:26.360 --> 0:16:29.520 set up new passwords and also encourage people who weren't 0:16:29.560 --> 0:16:32.960 directly impacted to go ahead and update their passwords as well. 0:16:33.040 --> 0:16:36.560 In an overabundance of caution, like the friend Finder breach, 0:16:36.920 --> 0:16:39.760 there wasn't much a user could do to protect themselves 0:16:39.760 --> 0:16:41.720 from the hackers. In fact, I would argue there was 0:16:41.760 --> 0:16:44.720 nothing a user could do. It wouldn't matter if they 0:16:44.800 --> 0:16:47.640 had used a strong or a weak password, because the 0:16:47.720 --> 0:16:50.760 real issue was MySpace was using a very weak hashing 0:16:50.840 --> 0:16:54.040 method to encrypt passwords in the first place. So even 0:16:54.040 --> 0:16:57.120 if you picked a very strong password, if it's being 0:16:57.200 --> 0:17:01.960 stored in an encryption that can easily be broken, then 0:17:02.560 --> 0:17:05.560 they can just get to your password anyway, doesn't matter 0:17:05.560 --> 0:17:09.240 how strong it was. You did your part. MySpace failed, 0:17:09.440 --> 0:17:11.919 is what I'm saying. Now. All that being said, I 0:17:11.960 --> 0:17:15.159 do still urge everyone to use unique, strong passwords for 0:17:15.240 --> 0:17:18.600 all their sites and services. Unique is really important because 0:17:18.600 --> 0:17:21.280 if you're using the same password everywhere, it just takes 0:17:21.400 --> 0:17:24.760 one data breach to be able to compromise all of 0:17:24.800 --> 0:17:27.880 your stuff. If they have your email and whatever password 0:17:27.880 --> 0:17:32.320 you use for that, you know, one like obscure website, 0:17:32.440 --> 0:17:34.400 and it happens to be the same password you use 0:17:34.440 --> 0:17:38.000 for say your bank, that's bad news for you. Use 0:17:38.119 --> 0:17:41.879 unique passwords, get a password vault of some sort a 0:17:41.880 --> 0:17:45.600 good one, research this and find one that really works 0:17:45.640 --> 0:17:49.560 for you, and make unique, strong passwords for each of 0:17:49.600 --> 0:17:52.840 the sites you go to so that you can avoid 0:17:53.119 --> 0:17:56.360 this issue. Because data breaches, sadly are not uncommon, they're 0:17:56.359 --> 0:18:00.560 getting more common every year, and this will help protect 0:18:00.760 --> 0:18:05.280 other elements of your online presence from hackers. Sadly, there's 0:18:05.280 --> 0:18:08.040 not very much you can do to protect the systems themselves. 0:18:08.080 --> 0:18:11.000 I mean, that's in the control of whatever platform you're using. 0:18:11.040 --> 0:18:13.640 And I'm not telling you not to use platforms goodness, nos, 0:18:13.720 --> 0:18:17.080 I use tons of them. Just to be as careful 0:18:17.080 --> 0:18:19.960 as you can be to mitigate any issues that might 0:18:20.000 --> 0:18:23.280 pop up due to data breaches. Also, you know, enable 0:18:23.359 --> 0:18:26.800 multi factor authentication if that's available, if it's on there, 0:18:27.280 --> 0:18:31.000 use it again. Nothing is absolutely fool proof. I'm not 0:18:31.080 --> 0:18:33.159 here to tell you that if you have multi factor 0:18:33.200 --> 0:18:37.600 authentication you'll never get hacked. That's not necessarily true. But 0:18:37.680 --> 0:18:41.239 the more precautions you take the better. The harder you 0:18:41.320 --> 0:18:44.760 make yourself to be a target, the more effort it 0:18:44.800 --> 0:18:49.359 takes to actually crack your security, and the less likely 0:18:49.440 --> 0:18:54.399 someone's going to actually pursue that. It's not impossible, but like, 0:18:54.840 --> 0:18:57.360 why struggle if you can go for all the low 0:18:57.400 --> 0:19:00.400 hanging fruit, don't be low hanging fruit still. Now, if 0:19:00.400 --> 0:19:03.960 hackers are breaching a company's systems, we're really left to 0:19:03.960 --> 0:19:07.399 the competence of that company when it comes to personal security. 0:19:07.680 --> 0:19:09.680 So our first two entries on this list are both 0:19:09.960 --> 0:19:13.960 web based companies. Right, we had MySpace and we had 0:19:14.119 --> 0:19:17.520 the FriendFinder Networks. But up next is a company known 0:19:17.560 --> 0:19:20.840 for its brick and mortar operations, and I'm talking about 0:19:21.040 --> 0:19:25.199 home Depot, which experienced a massive data breach in April 0:19:25.240 --> 0:19:28.920 twenty fourteen. This was an attack that compromised more than 0:19:28.960 --> 0:19:35.040 fifty million customers data, including their credit or debit card information, 0:19:35.600 --> 0:19:39.959 lifting that information right from inside the stores themselves. And 0:19:40.000 --> 0:19:42.639 this attack went unnoticed until the hackers started putting the 0:19:42.640 --> 0:19:45.240 credit card info up on sale on the dark web, 0:19:45.440 --> 0:19:48.680 at which point home Depot was made aware that they 0:19:48.760 --> 0:19:52.399 had been breached. So let's walk through how this attack happened. So, 0:19:52.480 --> 0:19:56.240 according to the US Office of the Director of National Intelligence, 0:19:56.480 --> 0:20:01.000 the hackers first secured Quote credentials, user names, and passwords 0:20:01.280 --> 0:20:04.720 from a third party vendor end Quote, and that gave 0:20:04.760 --> 0:20:08.840 them the foothold into home depots computer network. So first 0:20:09.040 --> 0:20:12.000 they identified a company that worked with home Depot. They 0:20:12.000 --> 0:20:15.640 were able to secure a username and password from this company. 0:20:15.880 --> 0:20:19.719 They use that to infiltrate home Depot's computer network. On 0:20:19.800 --> 0:20:25.200 top of that, they then were able to essentially take 0:20:25.200 --> 0:20:29.720 advantage of a zero day vulnerability that was within Microsoft Windows. 0:20:29.840 --> 0:20:32.399 So a zero day vulnerability is a fancy way of 0:20:32.440 --> 0:20:36.080 saying that the entity responsible for making whatever the thing 0:20:36.240 --> 0:20:39.800 is So in this case, Microsoft Windows is unaware that 0:20:39.800 --> 0:20:43.720 the vulnerability even exists. And because they're unaware that there 0:20:43.800 --> 0:20:47.040 is a vulnerability, there's no means to prevent or mitigate 0:20:47.160 --> 0:20:51.920 attacks that leverage or exploit this vulnerability. Zero day vulnerabilities 0:20:51.960 --> 0:20:56.159 are incredibly valuable in the hacker community because there's no 0:20:56.280 --> 0:20:59.879 real defense against them, and if you're very careful, you 0:21:00.560 --> 0:21:04.000 have the chance to continue to exploit these kinds of 0:21:04.040 --> 0:21:07.680 vulnerabilities for a while before anyone notices. So it's called 0:21:07.800 --> 0:21:10.439 zero day because that's how much time the you know, 0:21:10.480 --> 0:21:14.320 the entity Microsoft in this case has before malicious agents 0:21:14.359 --> 0:21:18.160 are able to exploit that vulnerability. So the hackers exploit 0:21:18.320 --> 0:21:22.600 Microsoft Windows and they're exploring home Depot systems and they're 0:21:22.600 --> 0:21:27.080 able to identify thousands, like seven five hundred points of 0:21:27.200 --> 0:21:31.840 sale systems in self checkout lanes at physical home Depot stores. 0:21:31.880 --> 0:21:35.359 So again, this was not targeting the online point of 0:21:35.400 --> 0:21:38.800 sale operations for home Depot. You know, the website commerce 0:21:39.040 --> 0:21:41.720 part of Home Depot was not part of this attack, 0:21:42.000 --> 0:21:43.960 And I just think that's good to point out because 0:21:44.160 --> 0:21:46.480 I don't think it's as common now, But I remember 0:21:46.560 --> 0:21:51.000 when online commerce first became a thing, people were scared 0:21:51.520 --> 0:21:54.639 to buy stuff off the internet. They were reluctant to 0:21:54.760 --> 0:21:57.439 use their credit card to purchase something online because they 0:21:57.480 --> 0:22:01.040 were worried about security, which is understandable, but it turns 0:22:01.080 --> 0:22:04.000 out that going to a brick and mortar store is 0:22:04.000 --> 0:22:08.320 not necessarily more secure because those systems are also connected 0:22:08.359 --> 0:22:11.480 to networks that ultimately get connected to the Internet, and 0:22:11.560 --> 0:22:15.159 so if you're able to compromise those networks, then you 0:22:15.160 --> 0:22:18.320 can still tap into that kind of system. So the 0:22:18.359 --> 0:22:22.400 hackers deployed custom built malware for these points of sale systems, 0:22:22.480 --> 0:22:25.040 and they use this malware to record the credit and 0:22:25.119 --> 0:22:28.360 debit card information of home Depot customers. They even made 0:22:28.400 --> 0:22:32.360 sure that they transmitted that data during home Depot's business 0:22:32.400 --> 0:22:36.080 hours so that the company's security team wouldn't notice like 0:22:36.760 --> 0:22:39.399 a transmission at an odd hour, like if it was 0:22:39.440 --> 0:22:42.120 two in the morning, then the security team was saying, like, hey, 0:22:42.160 --> 0:22:45.240 why is our system sending info out at this hour? 0:22:45.600 --> 0:22:47.400 That could be a tip off. So they made sure 0:22:47.440 --> 0:22:51.479 that all those transmissions happened during normal business operating hours 0:22:51.760 --> 0:22:55.280 and that would kind of mask these On top of 0:22:55.359 --> 0:23:00.080 all the legitimate transmissions, cybersecurity experts criticized home Depot so 0:23:00.320 --> 0:23:03.960 for having insufficient security measures in place. The company estimated 0:23:03.960 --> 0:23:07.359 that spent nearly one hundred and eighty million dollars in 0:23:07.400 --> 0:23:09.560 the wake of this attack to pay off all the 0:23:09.680 --> 0:23:12.280 various costs. On top of that, there was a class 0:23:12.320 --> 0:23:15.840 action lawsuit from across forty six states that ended with 0:23:15.920 --> 0:23:18.920 Home Depots settling out of court for seventeen point five 0:23:19.040 --> 0:23:24.399 million dollars. Now, Home Depot didn't admit, you know, responsibility 0:23:24.680 --> 0:23:27.720 for this, but it did promise to invest in security measures, 0:23:27.720 --> 0:23:30.880 including hiring a chief of information of security. Now, as 0:23:30.920 --> 0:23:33.439 for that seventeen point five million dollar settlement, I just 0:23:33.480 --> 0:23:36.000 want to put that into context so that we can 0:23:36.080 --> 0:23:39.800 kind of appreciate what that means or doesn't mean. Keep 0:23:39.840 --> 0:23:43.520 in mind, around fifty six million customers were affected by 0:23:43.520 --> 0:23:46.080 this data breach, So if you were to include all 0:23:46.119 --> 0:23:48.840 of them in the class action lawsuit, which obviously not 0:23:48.880 --> 0:23:50.840 realistic but you know, we're just doing this as a 0:23:50.880 --> 0:23:54.520 thought experiment, then that would mean each person would receive 0:23:54.600 --> 0:23:58.800 the princely sum of thirty one cents. That's only if 0:23:58.840 --> 0:24:02.320 the various lawyers of all the different states did this case. 0:24:02.520 --> 0:24:05.480 Gradis for free. So what I'm saying is that while 0:24:05.480 --> 0:24:07.200 Home Depot may have had to spend a lot of 0:24:07.280 --> 0:24:09.960 money to deal with the aftermath of this breach, the 0:24:10.040 --> 0:24:13.240 settlement I think was a case of getting off lightly 0:24:13.440 --> 0:24:16.679 considering the nature of that breach. But I also have 0:24:16.760 --> 0:24:19.879