The epidemic of data breaches in the last year continues with the disclosure that Timehop, an app that gathers and sends you social media postings and photos on the anniversary of their original postings was involved in a data breach in July that affected 21 million of its users. Among the stolen material were names, birth dates, phone numbers and email addresses.
At its most benign, email addresses or other similar information may be used by hackers to formulate dangerous spear phishing emails and text messages to lure you into clicking on malware infected links which may include ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft. At its worst, such as in the Equifax data breach, sensitive personal information such as your Social Security number can be used directly to make you a victim of identity theft. In the case of Timehop, the personal information is more likely to be used by scammers for spear phishing rather than directly used for identity theft purposes although cell phone number information can also be leveraged through a technique called porting to take over your cell phone by having your phone’s SIM card transferred to a phone controlled by the scammer.
Here is a link to Timehop’s public statement regarding this data breach. https://www.timehop.com/security/
TIPS
To prevent someone from stealing access to your phone through porting, you should have a PIN added to your account so that no one can call your cell phone provider posing as you and ask to have your SIM card transferred. You also should never leave your credit card or debit card number on file with websites for convenience. Your convenience can easily lead to identity theft and fraudulent charges in the event of a data breach. In fact, as I have mentioned many times, you should not use your debit card for any consumer purchases because the consumer protection laws for fraudulent debit card use are not as strong as those that apply to fraudulent credit card use.
You are only as safe as the places with the weakest security that hold your personal information. As much as possible, you should limit the amount of personal information that you provide to companies and institutions with which you do business. Your doctor may ask for your Social Security number as a means of identification, but he or she has no legal need for it. Also, you should protect your own personal electronic devices, such as your computer and cell phone by always promptly updating all of the programs you use when new updates or security patches become available. Use strong unique passwords for all of your accounts so that if your password is compromised at one company, all of your accounts are not in jeopardy. Also, use dual factor authentication whenever you can for added security.
A helpful website that tracks data breaches and whether you have been affected by them is Have I Been Pawned where you can go to and find out if your information was affected by recent data breaches. Here is a link to their website. https://haveibeenpwned.com/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”