ValueWalk’s interview with Will Simonds, the Head of Customer Success and Marketing at Abine, Inc. In this interview, Will discusses the major date breaches, the difference between a hack and a data breach, if Apple’s computers are immune to viruses, secruity measures the big tech firms are taking, if phones and smartwatches can be breached and if there is a way to secure them, their company’s product offerings that lets you remove your personal information that is available publicly online, if quatum computers can be breached, and now non-techies can best guard themselves.
Disclosure: This post contains affiliate links which cost you nothing extra (may even save money) and through which purchases are anonymous.
ValueWalk's Raul Panganiban interviews Kirk Du Plessis, Founder and CEO of Option Alpha, and discuss Option Alpha and his general approach to investing. Q1 2021 hedge fund letters, conferences and more The following is a computer generated transcript and may contain some errors. Interview with Option Alpha's Kirk Du Plessis
There have been a lot of data breaches lately, can you tell us some of the major ones?
Some of the most notable are:
- Quest Diagnostics: the laboratory testing firm Quest Diagnostics revealed a data breach that exposed the personal medical records of almost 12 Million patients. Information like Social Security numbers, medical information/ records and even financial data were potentially obtained by an unauthorized third party.
- First American Financial: First American Financial, a leading provider of title insurance for the real estate and mortgage industries, was responsible for potentially leaking close to 900 million documents related to mortgage deals. Information like bank account numbers, bank statements, mortgage records, tax documents, wire transfer receipts Social Security numbers and photos of driver’s licenses were all easily accessible online without a password.
- Known as Collection #1 Et al.: Collection #1 was an 87GB database that was found being sold on the dark web. Collection #1 contained nearly 773 million unique email addresses and 21 million unique passwords and the data included in the dumped files was made up of many different individual data breaches from thousands of different sources. Shortly after Collection #1 was discovered, at least 6 more data troves containing even more stolen data from hacked databases.
How do they differ in technical aspects?
- The Quest Diagnostics data breach was the result of a “skimming” technique used by an unauthorized third party. Hackers infiltrated a billing collection system run by American Medical Collection Agency (AMCA), which was used by Quest to process payments to complete medical lab testing. The unauthorized third party was able to potentially access Quest patient data like Social Security numbers, medical information, and other financial data.
- The First American Financial issue was technically a “data leak”. In this case, there wasn’t necessarily any evidence that suggested that an unauthorized third-party accessed the mortgage records, but anyone online could access sensitive information (like bank account numbers, bank statements, mortgage records, tax documents, wire transfer receipts, Social Security numbers and photos of driver’s licenses) all without a password if they knew where to look.
- Collection #1 — and others from this group — were exactly that, collections. These “collections” of unique email addresses and passwords were comprised of information that was obtained over many different individual data breaches, from “literally thousands of different sources.” The information found in these data dumps was likely acquired by hackers who maliciously gained access to restricted systems or databases.
Is a hack the same as a data breach?
- A “hack” is typically described as an intentional attack by an unauthorized third party or malicious actor who gains access to a private system in order to steal the information found in the private system or hold said system for ransom.
- A “breach” is typically described as when a database or system has unintentional vulnerabilities, and is then accessed by an unauthorized third party, malicious or not.
Growing up we were told Apple users did not need to worry about viruses is this still the case?
Apple computers can get malware and viruses the exact same way that PCs can. PCs and Windows have historically been the most popular systems in the marketplace. Because of this, hackers really only spent time developing viruses and malware for PCs due to the low numbers of personal computers using Apple’s OS. Since Apple has begun to take back some market share, more and more viruses and malware are being developed for Apple computers. Simply put, if you use an Apple computer, you’re not automatically protected from viruses and malware.
Are any of the tech giants doing anything to help guard your personal information against data breaches?
All of the tech giants are working constantly to secure their own systems against outside attackers. This arms race will continue indefinitely as attackers will continue to be motivated and the tech companies will spend what is necessary to do what they can.
For users they are all rolling out features to help people implement better security practices and need to focus on making them easy to use. The most obvious of these features is two-factor authentication.
If we can break it down on an individual level curious about the big five names.
Google provides many Multi Factor Authentication tools (MFA or 2FA) in order to access your Google account. These days, people can use their Google account to sign up or login to almost any website or online service, which makes Google accounts a hot target for hackers. MFA or 2FA makes it nearly impossible for unauthorized third parties to gain access to your Google account. Google’s Multi Factor Authentication requires the user to provide at least 2 (two) different authentication tokens in order to access their Google account. Examples of authentication tokens would be, the Google account password, a one-time password (OTP) provided by an MFA mobile app (like Google Authenticator), a verification code sent as a text or voice call to your cell phone, or even a physical hardware key.
Similar to Google, Apple provides a variety of MFA tools in order to access your Apple account and devices. While they provide a variety of 2FA mobile apps like Authy, Starling 2FA and Duo through the App store, Apple even allows the use of biometrics as a form of MFA. These days with Apple products, users can provide their fingerprint or a facial recognition scan as a form of Multi Factor Authentication in order to gain access to their Apple account or Apple devices.
Just like Apple and Google, you can set up MFA for your Microsoft or Outlook accounts. Microsoft also provides its own MS Authenticator app that will allow you to access your accounts using biometrics like your fingerprint or facial recognition scan. While Microsoft does provide some MFA tools, apparently you can use the Microsoft Authenticator app without setting up 2FA, which would allow anyone to access your Microsoft account without your account password, and only using the secondary form of authentication – this fact alone makes Microsoft’s MFA solution less secure than the rest.
Similar to the other tech. giants, Amazon provides 2FA in order to gain access to your Amazon account. Amazon is slightly behind the curb compared to the others in this group – they only provide OTP-style MFA, and do not provide support for hardware MFA keys or biometric MFA. These two features would make Amazon’s 2FA solutions much more secure, so it’s likely only a matter of time before they increase the Amazon account security tools.
When it comes to 2FA, Facebook is very similar to Amazon. They do provide 2FA as a security measure for Facebook accounts, but the 2FA tools offered are OTP sent to your mobile device via text message or third party authenticator app. Because Facebook is still so widely used, both as a social network but also as a way to login to online accounts and services, they will need to step up their game in order to protect their users (and themselves) from data breaches.
Similarly, PCs were much more guarded than phones, can phones also be breached?
Yes, phones can be breached or hacked just like computers. This is a great article that explains 7 ways that your phone can be hacked using a variety of techniques like spying, phishing messages, or malicious public charging stations.
What about smartwatches?
Yes, just like computers and phones, smartwatches can be breached. This example uses your watch’s accelerometer and gyroscope to track the watch wearer’s movements. In another example, researchers exposed vulnerabilities in a popular children’s smartwatch that allowed hackers to track a child’s movements, listen in on their conversations and make calls to them pretending to be from their parents.
How can you guard your personal information against this?
The general safety rules for data security when it comes to smartwatches and cell phones remains the same as it does when using your computer: don’t click on suspicious links, don’t open emails or texts if you don’t know the sender, don’t provide any personal information via email or text message, etc.
What does Abine do?
Abine is the online privacy company — we make easy-to-use tools for consumers to control what personal information companies, third parties, and other people see about them online. Our privacy solutions, DeleteMe and Blur, have been trusted by millions of people worldwide.
What products do you have that help defend against threats?
- DeleteMe is a hands-free subscription service that removes personal information from public online databases, data brokers, and people search websites.
- Blur is the only password manager and digital wallet that also blocks trackers, and helps users remain private online by providing ‘Masked’ information whenever companies are asking for personal information.
Is this solely for data breaches or other tech issues, as well?
- DeleteMe helps you remove personal information that’s been made public online. This kind of information is not obtained via data breaches, but it is obtained legally by data brokers and marketing companies. In many cases, hackers and ID thieves will turn to data brokers and people search websites to find personal information about a potential victim to assist them in executing an attack. DeleteMe removes your personal information from the leading data broker sites online, keeping unwanted eyes from learning your personal information.
- Blur actively protects you from data breaches by conveniently allowing you to choose exactly when and where you give out your personal information. By helping you create (and store) strong and unique passwords for every online account, the benefits of using Blur add up over time. Plus, with Blur, you can “Mask” your real information – Blur will create Masked Email Addresses, Masked Phone Numbers, and Masked Credit Cards, so you never have to give out any of your personal information online.
Can Quantum computers breach any defenses we know? Is that something we should worry about?
In theory Quantum computing changes a lot, but in practice we’re a long way off from Quantum computing being anywhere near as important as the practical issues we have to worry about today.
Thoughts going forward on future threats we will see.
Current threats are so effective, future threats are not what we should be focused on. The current state of personal security is analogous to basic personal hygiene. Wash your hands and get your vaccinations. If you do that, you’re doing most of what you need to do.
Final advice to non-techies about how you can best guard your personal information in today’s changing tech environment?
- Use a Virtual Private Network (VPN). Using a VPN will reroute your IP address, disguising and encrypting your browsing traffic while you surf the web. Without using a VPN, your internet connection is vulnerable to hackers who can easily intercept your browsing activities.
- Don’t use public Wifi. Public wifi networks like the ones found in coffee shops and airports are notoriously insecure. Hackers can spoof free wifi hotspots to attract unsuspecting victims to connect. Connecting to one of these phony networks will allow a hacker to view your browsing activities and also potentially gain access to your devices.
- Use a password manager like Blur. These days, everyone has numerous online accounts all requiring strong passwords – it’s impossible to remember your passwords for every site. Plus, if you’re using the same password for all of your online accounts, or you’re using your personal information like birthdays or maiden names for your passwords, you’re significantly increasing your risk of becoming a victim of a hack or identity theft.
- Review privacy settings on all social media accounts. Social media is a great way to stay in touch with your personal network, but how would you feel knowing that someone you don’t want is staying up to date with your vacation travel plans? Take a look at your privacy settings for Facebook, Instagram and Twitter and make sure you’re only sharing information with those that you want to share it with., or would feel safe sharing it with.