If you've stayed in a Starwood hotel in the past few years, there’s a decent chance that hackers stole your personal data.
That's because the personal records of roughly 500 million Starwood guests were compromised in a security breach that lasted from 2014 to this year. The majority of people affected saw their personal information like names, physical and email addresses, and passport numbers compromised. For some unlucky guests, the breach included their credit card information.
Marriott, the parent company of Starwood, revealed the hack on November 30th. It was the third-biggest data breach of all time — Yahoo owns the top two spots — and made 2018 another landmark year in the history of cybersecurity and identity theft. But Marriott was far from the only major corporation to have security issues this year.
Facebook pulled most of the headlines for its incredible ability to outdo itself with one controversy after another. But pretty much every major tech company fell afoul of hackers — or their own incompetence — in 2018, including Apple, Google, and Amazon.
That’s only the high-profile ones. Did you hear about ed tech company Chegg losing 40 million records? Or DNA-testing service MyHeritage exposing 92 million records? What about a hacker compromising 27 million accounts at TicketFly?
The situation isn't likely to improve anytime soon either, cybersecurity experts told VICE News. User data has become one of the more sought-after commodities among criminals, and that means breaches of the scale and magnitude we saw in 2018 will continue in 2019.
“Data is more valuable than ever, and trading it is so profitable that it makes companies take enormous risks when handling data of the users on their platforms,” said Laura Kankaala, a security researcher at F-Secure, a cybersecurity company based in Helsinki, Finland.
Here are some of biggest data breaches of the year.
- Exactis: In June it was revealed that the Florida-based marketing and data aggregation company left a database that contained close to 340 million individual records accessible to any hacker who cared to look. The records contained details such as phone numbers, home addresses, email addresses, and even people's hobbies and interests.
- Google+: Google announced in December that it was going to retire its much-derided social network Google+ in April next year. The reason? A glitch that exposed the information of 52.5 million users, including names, email addresses, occupations, and ages.
- Under Armour: In late February, an “unauthorized party” — aka hackers — gained access to 150 million customer records via the company’s MyFitnessPal health tracking app, including names and email addresses, but no financial information. Nine months later, we still don’t know who stole the data.
- Quora: What is the name of the question-and-answer website that leaked the information of 100 million of its users in November? Quora said a “malicious third party” gained access to its database and stole names, email addresses, and possibly information from other networks, such as Facebook, that users had linked to their accounts.
- Aadhaar: India’s biometric database, which holds the personal information of more than 1.1 billion people, was not as secure as the Indian government had claimed. In April, it experienced “a data leak on a system run by a state-owned utility company Indane” because the company hadn't secured its API — meaning anyone could have accessed the information.
We’ve already gone through the seemingly endless list of crises the company created and/or weathered in 2018, but its cybersecurity issues warrant greater scrutiny.
Outrage over the Cambridge Analytica scandal — where weak enforcement of Facebook's own policies meant the personal details of 87 million users were misused — might have died down since the story first broke in March. But Cambridge Analytica remains among the most problematic fails for Facebook and could leave the social media giant exposed to a number of lawsuits in 2019.
The company followed that up in October, when it announced that hackers had accessed the most sensitive information from 30 million of its users — including what they searched, their location, and their relationship status.
To close out the year in style, the company announced this month that it may have exposed the private photos of 6.8 million of its users to third-party apps.
To make matters worse, Cher has announced she's quitting Facebook.
Is it going to get better?
In a word: no.
Tech trends have given criminals — even the rubbish ones — a leg up in the game of cat and mouse with government organizations and global corporations that house your data, experts said.
“Ever more sophisticated tools and techniques for hacking are available for downloading from the web. This means that the number of unsophisticated hackers able to break into systems will rise,” said Suzanne Spaulding, who served as under-secretary for the National Protection and Programs Directorate at the Department of Homeland Security (DHS) during the Obama era.
Naturally, while hacking gets easier, securing data is only getting harder. And we’re already starting to see that reality, experts said, especially as companies cope with a shortage in available cybersecurity professionals.
“Businesses sorely need cybersecurity companies, because they can't hire full teams themselves, but even the dedicated service providers have issues in scaling to meet demand,” Sean Sullivan, an independent security researcher, told VICE News.
The companies who can afford fully staffed, dedicated teams of cybersecurity personnel, Sullivan says, are the likes of Google and Facebook, and as we’ve seen, they’re struggling too.
Cover image: (GDA via AP Images)