A new report from CNN Money concludes that hackers have accessed the accounts of up to 432 million Americans in the past year, stealing the personal information of some 110 million U.S. adults. The reason for CNN Money's results: More users and accounts than ever and more hackers using better tools to exploit human mistakes in security.
Up to 432 million. That’s the number of hacked accounts in the United States during the last 12 months. That translates to hackers getting their hands on the personal identifying information of 110 million Americans. And that translates to about half of U.S. adults falling victim to cybercrime.
These data points come from a survey CNN Money commissioned. Ponemon Institute researchers drew those conclusions based on public information about data breaches. Even still, the actual number may be even greater because, CNN Money noted, all companies aren’t forthcoming with details about data security breaches. CNN Money pointed to AOL and eBay as examples of companies that don’t fully disclose breach stats.
Nevertheless, the Identity Theft Resource Center and CNNMoney’s internal review of corporate disclosures are offering what staff reporter Jose Pagliery calls mind-boggling numbers. Those numbers include massive data breaches from Target (70 million) and smaller data breaches from Adobe (33 million), Snapchat (4.6 million), Michaels (3 million), Neiman Marcus (1.1 million). To Pagliery’s point, we don’t know how many of AOL’s 120 million or how many of eBay’s 148 million account holders were impacted in recent breaches.
Why Is This Happening?
“First, we're increasingly moving our lives online. Shopping, banking and socializing are now chiefly digital endeavors for many people. Stores rely on the Internet to conduct and process all transactions. As a result, your data is everywhere: on your phone, laptop, work PC, Web site servers and countless retailers' computer networks,” Pagliery said. "Second, hacks are getting more sophisticated. Offensive hacking weapons are numerous and cheap. And hackers have learned to quietly roam inside corporate networks for years before setting off any alarms.”
The article also pointed out end-of-life issues associated with Windows XP. Microsoft for months urged consumers to upgrade or risk a security breach but many are still using the outdated operating system. The Heartbleed bug also made headlines for weeks. Heartbleed is going to go down in history as one of the worst bugs ever. It could give hackers access to user passwords and even trick people into using fake versions of popular Web sites.
Getting Back to Basics
We caught up with Jon Rudolph, a senior software engineer at security firm Core Security, to get his take on the report. He told us he’s seeing the effects of trading impermeable security for the convenience of paying bills from our phones in a cafe.
“Another part of this trend is the arrival of two big audiences,” Rudolph said. “On the one hand you have more users and accounts than ever — and on the other you have more hackers using better tools and taking advantage of human mistakes in security.”
Rudolph said the latter can happen when a user selects a weak password or uses it in several places. Security experts are constantly warning users how to create strong passwords and why they should not use the same passwords on multiple sites. The second reason, though, is not the end user’s fault. The second reason is when a company is the target of an attack.
“As a result, users and security professionals need to focus not on limiting the risk of a compromise and making it easier for the company and the user to recover from,” he concluded. “By using two-factor authentication or a password manager, users can take action to limit risk in the event that one of their sites are compromised.”