We've gotten better at reporting them
this post was submitted on 25 Dec 2023
40 points (97.6% liked)
No Stupid Questions
42280 readers
1022 users here now
No such thing. Ask away!
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.
Credits
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
founded 2 years ago
MODERATORS
We’ve gotten better at reporting them
Close. There are more laws requiring reporting within certain timeframes. Few companies report when they are not forced to.
The GDPR enforces that data breaches are made public, so you may have seen a rise in publicly known breaches, starting in 2018.
Many companies in the US have been reporting their breaches since the early 2010’s. All 50 states have some sort of breach notification law on the books.
I have no hard data, but from being in the industry + reading the news, my impression has been that the number of known data breaches went up significantly, even for US companies. Is the punishment maybe just completely laughable in those US laws?
That was the case here in Germany. The GDPR is heavily inspired by our data protection law (BDSG), that we had in place since the 90s. With a significant amendment, which is that punishment went up from at most 300,000€ to 20 billion € (and even more for big companies).
For many companies, this was when they realized, they actually have to adhere to data protection laws. Suddenly, we had non-IT companies reporting data breaches, which was essentially not a thing beforehand.
i mean, are there ever consequences to the companies? how often does it actually affect their bottom line?
it keeps happening because companies doing very little to stop it because they have little incentive to.
My personal opinion: those hackers are probably not that clever nor smart, it's just that companies doesn't often properly follows security best practices despite storing plenty amount of sensitive information.
Some companies have found that leaks create hype, especially for games. League of Legends is infamously known to get everything leaked, probably on purpose. Until players get fed up with it, at least.
Yes—it’s why you should use a password manager to generate a unique password for each and every site you sign up for, and think long and hard before trusting any site (or any org for that matter) with your personal information.
Haveibeenpwned.com is a website for checking which sites have leaked your data.
Make sure it's an offline password manager. It's a really bad idea to allow your password database to be stored on someone else's server.
LastPass had a breach recently too
I think Bitwarden and Keypass are the good recommendations. Both can be kept local or selhosted.
If you're coming from LastPass and want something basically 1:1 similar (ex. Don't want to set up local / self hosted), Bitwarden is an easy switch
In my experience, it’s always been this bad. However, as the world becomes more connected, it becomes easier to find systems to break into and easier to find ways to break in. It’s only recently that most countries have enacted legislation to enforce mandatory reporting of data breaches, and so we hear more about them.
Cyber security has always been (and probably always will be) an arms race between those who want to secure data and those who want to steal it. As the value and usefulness of data goes up, so does the desire of the bad guys to steal it. Identity theft and just plain ransoming of data are only ever going to increase.
Use:
- a password manager
- a different random password or pass phrase for every site
- a different random email address for each site (Apple’s “Hide my Email”; Firefox Relay; DuckDuckGo mail; 33mail, for example)
- different false details as much as possible for every site
Don’t:
- Use the same details (name, password, email address) on every site
- use your real details if you can possibly avoid it. If you must, misspell your details (“Johhn Smith”, “1 Maiin Street”) so that you can track the misuse of your data.
Cyber security guy here.
Consider a large organization with a lot to lose. They usually invest proactively in a Cyber security program.
Now consider all these companies with data breaches. They were tiny startups with nothing to lose. No reason to consider an investment in cyber security best practices. Their modus operandi was quickly pushing the product to market so that the $ could start coming in.
I'd say that some time ago there weren't that many leaks because not so much data was stored. But sites were modified to show spam and such.
It's the new normal.
any system or network is only as strong as its weakest component - in many cases, people are the weakest component.
security is hard and complex. companies don’t hire security people.