Welcome back to another tech news recap where we compile the most thought-provoking and need-to-know tech stories in a bite sized edition. This recap will focus on the huge GoDaddy data breach that occurred earlier last month, Australia and the EU’s announcement of plans to regulate tech companies and Amazon’s data collection practices coming into question.
GoDaddy Data Breach
GoDaddy has been around for about 25 years. They are one of the world’s most popular domain and web-hosting services. Last week the company’s CISO announced that GoDaddy is the latest conglomerate to become the victim of a severe data breach. It is currently estimated that the data of approximately 1.2 million customers has been accessed. This accounts for about 5% of their customer base.
According to GoDaddy an unauthorised person using a compromised password gained access to the company’s servers in late September. It is also unclear whether GoDaddy have enforced 2FA as standard practice across their internal platform. The absence of 2FA could explain how an outside source was able to gain access to crucial servers. Although the breach happened in September it was not detected until mid-November.
The compromised data accessed from this breach includes: GoDaddy customer numbers, email addresses and original admin WordPress passwords. Perhaps most worryingly is the breach of customer’s HTTPS SSL certificates and information. This means that in the wrong hands, hackers can impersonate websites hosted by GoDaddy. Thus jeopardising customer’s privacy. GoDaddy are currently rectifying these issues by reaching out to customers and issuing new SSL certificates.
What can I do as end-user or the victim of a data breach?
Sometimes data breaches are the result of low-grade security practices on the behalf of a company. Data breaches can also just be bad luck and could occur to any business, big or small. As an end-user you still have power to protect your privacy in the face of a data breach.
- Alternate passwords – avoid using the same password across multiple platforms. In most cases of data breaches, passwords are primarily exposed. A hacker may try to log into other platforms hoping that you reuse the password they have. By using different passwords across different platforms if one password is exposed, your other accounts are safe.
- Two factor authentication – two factor authentication is now quite accessible through Microsoft, Google and other providers. You can protect most of your accounts by setting up two factor authentication. This way, if your password and email are exposed in a data breach you still have another line of defence.
- Generally, stay alert – If you do unfortunately become the victim of a data breach, it is best to stay alert. Monitor bank and email accounts for strange activity. It is also best practice to think of any other accounts that use the same email and password combination. These accounts should have their email and/or password changed as soon as possible to avoid unwanted logins.
- Consider Milnsbridge – Milnsbridge Managed IT Services also offer domain name and webhosting for businesses as a part of our managed solutions. Using the best-in-business security solutions and software, you can trust that your businesses webhosting and domain needs are in good hands.
Tech Giants to be Regulated
For some time now, it has been known that tech giants such as Google and Facebook have amassed huge power. This power is continually growing through personal data scraping and other unorthodox practices. Governments around the world are slowly pushing back against these tech giants by enacting self-regulation as well as external regulation.
The Australian government are set to lead global efforts to regulate the powers of tech giants such as Facebook and Google. Namely through an inquiry into the use and abuse of algorithms which was announced this week. Algorithms invade user’s privacy through the collection of their personal interests and habits. Whilst this news is to be celebrated, many people cannot help but remember the infamous news blackout earlier this year. The blackout was orchestrated by Facebook and Google in retaliation to the Government’s efforts to curb their powers.
Similarly, the European Union have also announced a series of legislation which targets Amazon, Apple, Alphabet and Facebook. These acts include the Digital Markets Act and the Digital Services Act. The acts also carry fines of up to 10% of a company’s global turnover. The EU have introduced this legislation in a bid to curb the powers of global tech giants as well as tackle illegal content on their platforms. These acts follow the EU’s GDPR laws which took a tough stance on data protection and privacy in response to growing concerns surrounding the use and collection of user’s personal data.
Amazon’s Concerning Data Collection Practices
Most people are aware by now that by using an internet service, particularly a free one, there will still be some form of transaction. Generally, this transaction is that you receive platforms such as Google and Facebook in exchange for your data, buying habits and other personal information.
Perhaps one of the worst offenders for data scraping is Amazon. Amazon’s services include Ring doorbells, Alexa, their e-commerce platform, Audible, Kindle and more. On all of these services, your habits and your personal information are constantly being tracked and scraped.
A report by Reuters uncovered that information such as your height, weight, health, ethnicity, political orientation, buying habits and other highly personal information is being collected by Amazon across their multitude of services. Moreover, Amazon are being criticised for making it purposefully difficult for users to opt out of having things such as their Alexa voice recordings analysed. The collection and marketing of user’s data is calling the right to privacy online into question.
What can you do as an end-user?
- Switch to platforms that do not profit from your data – Browsers such as Firefox and search engines such as DuckDuckGo work just as well, if not better than Google and Google Chrome. They have also publicly pledged their indifference to data scraping habits that are rampant amongst tech giants.
- Be aware of the products you own – Something as benign as a Ring doorbell or a Google Home are constantly monitoring your conversations and interactions and selling this data. This may not be an issue to everyone, but if you value your privacy it is best to research products that you are buying and the ways that your data is being handled by the company.
That’s it for January’s tech news recap. We hope this information has been useful to you and your business. If you would like to discuss IT security or Managed Services in general, call us today on 1300 300 293 and talk to one of our friendly engineers.