It’s been an unprecedented week for privacy, or rather, the lack of it. Close on the heels of the Facebook data breach comes news that more than 50 crore user details of the professional networking platform LinkedIn may have been breached and on sale online.
LinkedIn, owned by Microsoft, has denied the news, first reported by CyberNews, which said 50 crore LinkedIn profiles had been put on sale on a popular hacker forum, with some 20 lakh records made public as a sort of proof.
Just a few days ago, the data of 53 crore Facebook users were reported to have been breached, including the information of more than 60 lakh Indian users. Facebook responded that the data was scraped two years ago and that it had already fixed the issue. India is one of the biggest markets of Facebook, second only to the US.
“The exposed data was based on an API permission that would allow anyone to query a user’s number,” Sundar N. Balasubramanian, managing director of Check Point Software Technologies India & SAARC had commented on the Facebook data leak issue, adding, “It is also not a new trend that (we are) seeing. The main damage is that information (of) about half a billion users has been leaked and is available online, including their phone numbers, email addresses and location data.”
The LinkedIn data breached include user’s LinkedIn ID, full names, email addresses, phone numbers, gender, links to profiles as well as other social media profiles, professional titles and more information related to their work.
Indian companies have not been immune to this new wave of attacks. According to the Acronis Cyberthreats Report 2020, companies in India encountered the third-highest number of malware attacks after the US and Japan. Recently, cybersecurity researchers claimed that the data of over nine crore users of Mobikwik, a Gurugram-based fintech platform, was put up for sale—with the data reportedly including phone numbers and bank account details. Last week, the Reserve Bank ordered Mobikwik to undertake forensic data over the incident.
Making the matter worse is that the law barely affords Indians any sort of protection over such incidents. The Personal Data Protection Bill, which is supposed to have provisions, is yet to be passed by the parliament.
Cybersecurity issues have spiked in the age of the pandemic, with incidents of phishing, hacking, ransomware—and now data breaches, shooting through the roof.
“Threat actors will always seek to take advantage of major events or changes—such as COVID-19, or the introduction of 5G—to their own gain,” said Dorit Dor, vice president of products at Check Point, while releasing its cyber-security predictions for 2021.
“To stay ahead of threats, organisations must be proactive and leave no part of their attack surface unprotected or unmonitored, or they risk becoming the next victim of sophisticated, targeted attacks.”