Was this always happening in this big scope? Leaks of games, data that is stolen, all these breaches in big companies. Feels like I see this everyday

    • MNByChoice@midwest.social
      link
      fedilink
      arrow-up
      0
      ·
      11 months ago

      We’ve gotten better at reporting them

      Close. There are more laws requiring reporting within certain timeframes. Few companies report when they are not forced to.

  • kubica@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    11 months ago

    I’d say that some time ago there weren’t that many leaks because not so much data was stored. But sites were modified to show spam and such.

  • yo_scottie_oh@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    11 months ago

    Yes—it’s why you should use a password manager to generate a unique password for each and every site you sign up for, and think long and hard before trusting any site (or any org for that matter) with your personal information.

    Haveibeenpwned.com is a website for checking which sites have leaked your data.

    • cmnybo@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      11 months ago

      Make sure it’s an offline password manager. It’s a really bad idea to allow your password database to be stored on someone else’s server.

      • Otter@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        11 months ago

        LastPass had a breach recently too

        I think Bitwarden and Keypass are the good recommendations. Both can be kept local or selhosted.

        If you’re coming from LastPass and want something basically 1:1 similar (ex. Don’t want to set up local / self hosted), Bitwarden is an easy switch

  • DirigibleProtein@aussie.zone
    link
    fedilink
    arrow-up
    0
    ·
    11 months ago

    In my experience, it’s always been this bad. However, as the world becomes more connected, it becomes easier to find systems to break into and easier to find ways to break in. It’s only recently that most countries have enacted legislation to enforce mandatory reporting of data breaches, and so we hear more about them.

    Cyber security has always been (and probably always will be) an arms race between those who want to secure data and those who want to steal it. As the value and usefulness of data goes up, so does the desire of the bad guys to steal it. Identity theft and just plain ransoming of data are only ever going to increase.

    Use:

    • a password manager
    • a different random password or pass phrase for every site
    • a different random email address for each site (Apple’s “Hide my Email”; Firefox Relay; DuckDuckGo mail; 33mail, for example)
    • different false details as much as possible for every site

    Don’t:

    • Use the same details (name, password, email address) on every site
    • use your real details if you can possibly avoid it. If you must, misspell your details (“Johhn Smith”, “1 Maiin Street”) so that you can track the misuse of your data.
  • Lath@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    11 months ago

    I’ve been exposed so many times throughout the years, the mails were automatically moved to the spam folder.

  • Ephera@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    11 months ago

    The GDPR enforces that data breaches are made public, so you may have seen a rise in publicly known breaches, starting in 2018.

    • Ghostalmedia@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      11 months ago

      Many companies in the US have been reporting their breaches since the early 2010’s. All 50 states have some sort of breach notification law on the books.

      • Ephera@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        11 months ago

        I have no hard data, but from being in the industry + reading the news, my impression has been that the number of known data breaches went up significantly, even for US companies. Is the punishment maybe just completely laughable in those US laws?

        That was the case here in Germany. The GDPR is heavily inspired by our data protection law (BDSG), that we had in place since the 90s. With a significant amendment, which is that punishment went up from at most 300,000€ to 20 billion € (and even more for big companies).
        For many companies, this was when they realized, they actually have to adhere to data protection laws. Suddenly, we had non-IT companies reporting data breaches, which was essentially not a thing beforehand.