Recent Data Breach: "1.2 billion people exposed"

[mk4]

Tweet URLs:

• https://twitter.com/vinnytroia/status/1196850363871170562
• https://twitter.com/MayhemDayOne/status/1196867644508557313

I know we should wait for actual facts to be released and not automatically be sold on "announcement of announcements"; and while this is most likely probably not directly related to bitcoin/cryptocurrencies at all, I'm just sharing this just to put things in perspective.

If a certain website/service that has this much users(more or less 1.2 billion based on the Tweet) are susceptible to hacks, what more the exchanges that you're unnecessarily leaving your coins in?(daytraders are an exception).

And I don't care if you're using big exchanges like Coinbase or Kraken or Binance or whatever. If anything, they're actually bigger targets for hackers.

"Not your keys, not your bitcoin."


For speculative purposes(services with number of users closest to 1.2 billion based on quick Google searches):

Facebook: 2.4 billion users (source)
Apple: approx 1.4 billion users (source)
Gmail: 1.2 billion users in 2018 (source)
YouTube: 2 billion monthly active users (source)
WhatsApp: 1.5 billion active users (source)
Microsoft Office 365: 1.2 billion as claimed by o_e_l_e_o, also Microsoft Office 365 went down yesterday[1][2][3]

It's pretty much a guessing game right now, but it looks like it's probably Microsoft Office 365.

[1715583497]

1715583497

[1715583497]

1715583497

[1715583497]

1715583497

[Thekool1s]

Instagram seems most likely, It reached a billion users in 2018. Just sounds about right.

Source: https://www.statista.com/statistics/253577/number-of-monthly-active-instagram-users/

"Not your keys, not your bitcoin."

Amen!

[avikz]

I am sure it's nothing related to bitcoin or cryptos at all! We have not yet reached billions yet! So it's highly unlikely that crypto community will be affected by this breach! It's probably from the organizations like Facebook, whatsapp, google, Instagram etc. Or probably from some giant international banks with trillion dollar valued transactions everyday (you know what I mean)!

[ampu]

I guess the exchanges and projects that recently hosted the ICO have saved a lot of KYC information.  They may not have secured the information or sold them to make money.  That is the worst thing we can imagine.
If the above assumptions did not occur, then how could they expose so much personal information to users.

[o_e_l_e_o]

Instagram seems most likely, It reached a billion users in 2018. Just sounds about right.

Microsoft Office 365 also have 1.2 billion users, and their servers went down for a period of time earlier this week. Other possibilities (including those mjglqw has listed) could be Amazon or Visa.

There was also a data breach of 1.19 billion confidential medical images in the last few days, including names, addresses, dates of birth, and social security numbers, as well as obviously the imaging in question, but apparently this is a separate breach and the numbers are just a coincidence.

It'll be very interesting to see exactly what data have been compromised. Pick the right company to short right now and you could make a nice profit.

[kro55]

I am sure it's nothing related to bitcoin or cryptos at all! We have not yet reached billions yet! So it's highly unlikely that crypto community will be affected by this breach! It's probably from the organizations like Facebook, whatsapp, google, Instagram etc. Or probably from some giant international banks with trillion dollar valued transactions everyday (you know what I mean)!

And most importantly crypto community is not concentrated on one platform only. Let's see got trolled this time by hackers. Seems it will be a social media site as others dont have billions of users.

[dothebeats]

It’s quite alarming and concerning that massive data breaches like these are just a common occurrence now. I mean, how could a large company possibly lose such massive data like that? It’s not like they’re hiring security analysts and other staff for nothing yet getting top dollar on the payroll.

I guess this would be email-related and a big social media site is affected. God bless our data. We know for certain that this has nothing to do with crypto—but the implication is always there, so we shouldn’t get too comfy about it.

[audaciousbeing]

Susceptibility like this would continue to put organisations at risk. From the list and the largest private organisations that have the most people is Facebook across it services. I just hope this is not from Facebook because it would just further tank their Libra project and if not, it would also be a talking point for those who never wanted Facebook to carry out the project because it will continue to be a risk should it be in the hands of private individuals.

The whole crux of the message is that there is need to move funds away from exchange sites. Anyone who still needs to be given that advice in 2019 surely does not have any business to be in this crypto sphere.

[inthelongrun]

My guess is any of those popular social media companies listed above, e.g. Facebook, Gmail, Youtube and Twitter. Top Chinese or Indian social media sites, broadcast media or anything that has billions of users, viewers or members are also possible.

I think it is obvious that most of these American sites are already under the watchful eye of CIA. The same with China which is more strict. Underground, powerful countries are spying on each other. 

   

[Ucy]

This is becoming too common thesedays. I guess the companies don't get harsh fine or jail term as punishment for not properly securing  people's private data. otherwise they will be very careful collecting the private data atall or storing them without strong security.

This is why decentralized storage of private data is idea. Who can hack billions of people at thesame time If they are the ones keeping their private information.

[mk4]

It’s quite alarming and concerning that massive data breaches like these are just a common occurrence now. I mean, how could a large company possibly lose such massive data like that? It’s not like they’re hiring security analysts and other staff for nothing yet getting top dollar on the payroll.

Well, it's mostly a cat and mouse game. White hat hackers and security analysts improve help improve the security of the overall system, while at the same time the black hat hackers improve their skills by looking for vulnerabilities. Data breaches are pretty much inevitable. The best and most secure systems just fend of hackers a lot longer than not-so-secure systems.

[DdmrDdmr]

This is a nice interactive site that displays the larges world’s data breaches by year, size and data sensitivity:
https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

The site states the last update to be on April 2019, but the underlying data has some entries as recent as October 2019 (raw data file with 350 entries: https://docs.google.com/spreadsheets/d/1i0oIJJMRG-7t1GT-mr4smaTTU7988yXVz8nPlwaJ8Xk/edit#gid=2).

I guess the tweeted one will engross the list …

[waitforme]

1.2 billion users is too big. It is the service providers that have exposed this information. Facebook users are not interested in setting their accounts to private, but they use pre-installed content provided by the developer. I believe that disclosing personal information of customers is the direct fault of the service provider. But to suspect this information comes from exchanges or KYC from ICO projects is not entirely true because our market is too small compared to the rest of the world.

[BlackBaron]

Microsoft Office 365: 1.2 billion as claimed by o_e_l_e_o, also Microsoft Office 365 went down yesterday[1][2][3]

yeah man lets hope it is just microsoft office 365 who got hacked because Iam using libre in linux  
very likely it is not crypto related since the number is a way too big compared to our community

[adzino]

I guess the exchanges and projects that recently hosted the ICO have saved a lot of KYC information.  They may not have secured the information or sold them to make money.  That is the worst thing we can imagine.
If the above assumptions did not occur, then how could they expose so much personal information to users.

Oh yes, they have saved your KYC information and kept it for themselves. As soon as they are done scamming their investors or have failed the project, they make some extra money by selling those information to different people. Those people then use those information to commit their crimes using your identity (go look at the digital goods section. People over there are selling photo ID along with documents needed for verification purpose. Where do you think those come from?).

[Pearls Before Swine]

There was also a data breach of 1.19 billion confidential medical images in the last few days, including names, addresses, dates of birth, and social security numbers, as well as obviously the imaging in question, but apparently this is a separate breach and the numbers are just a coincidence.

That's one reason why I've *always* been opposed to medical records being stored online, and the computer systems used in hospitals and many other medical institutions do this, as well as some states in the U.S. storing controlled substance records in an online database.  All of this should stop, and gov'ts don't fully grasp the risk they're taking with people's lives.

It's probably Microsoft and if not, it's one of the major social media platforms and this is only going to continue until people start realizing that they can't safely share personal info on sites like that.  Unbelievable.

[Harlot]

Microsoft office might be a strong candidate for this but according to this news which they included the heat map of where the clients are affected by the downtime you will see that it's not a considerable portion of the world so Office 365 might not be the sure thing yet. With 1.2 billion users of the corporation I think it will be one of those big companies like Google, Facebook, or Microsoft, or even maybe Apple so this data breach is really dangerous if proven correctly.

[Kyraishi]

Instagram seems most likely, It reached a billion users in 2018. Just sounds about right.

Source: https://www.statista.com/statistics/253577/number-of-monthly-active-instagram-users/

"Not your keys, not your bitcoin."

Amen!

Don't think so, I was actually trying to use outlook and microsoft's services, and outlook was very glitchy (often redirecting me back to login, telling me that I needed to set my timezone to something?), and I just could not get into office 365 at all...

I guess the exchanges and projects that recently hosted the ICO have saved a lot of KYC information.  They may not have secured the information or sold them to make money.  That is the worst thing we can imagine.
If the above assumptions did not occur, then how could they expose so much personal information to users.

Oh yes, they have saved your KYC information and kept it for themselves. As soon as they are done scamming their investors or have failed the project, they make some extra money by selling those information to different people. Those people then use those information for to commit their crime using your identity (go look at the digital goods section. People over there are selling photo ID along with documents needed for verification purpose. Where do you think those come from?).

Hmhm. That's usually how fake or dead icos will end up making money, and often times they will force bounty hunters to perform KYC to make even more profit off selling their KYC verifications.

Damn though. I wonder what details got leaked, this is scary.

[o_e_l_e_o]

I don't use Office 365, but I assume they have cloud storage for all your documents? I'm sure there are a few users who have backed up their seeds by putting them in a document and saving them to the cloud. I'm sure there are also plenty of users using the exact same username/email and password for Office 365 as they use for some crypto web wallet. It all depends on what data have actually been breached, but if it is Microsoft, I wouldn't be surprised if this leads to some crypto scams as well.

That's one reason why I've *always* been opposed to medical records being stored online, and the computer systems used in hospitals and many other medical institutions do this

So the software involved in this breach is called PACS, which stands for Picture Archiving and Communication System. This software is massive. It is used almost globally, including throughout the US, Canada, Mexico, Europe, China, India, Japan, South Korea, Middle East, Australia, and South America. I couldn't even take a guess at just how many medical images from how many patients are stored on this system, but 1.2 billion is likely a small fraction.

The US is the biggest part of this leak, with almost 800 million images coming from there. Other large contributors are India, Brazil and South Africa. It's also worth pointing out that some countries, most notably European countries like Germany and the UK, have their PACS servers disconnected from the internet and run on their own secure network, and so are protected from this kind of breach.

[Kyraishi]

I don't use Office 365, but I assume they have cloud storage for all your documents? I'm sure there are a few users who have backed up their seeds by putting them in a document and saving them to the cloud. I'm sure there are also plenty of users using the exact same username/email and password for Office 365 as they use for some crypto web wallet. It all depends on what data have actually been breach, but if it is Microsoft, I wouldn't be surprised if this leads to some crypto scams as well.

Oh no... That's literally what I just thought about. Holy fuck.

They do have one drive (documents get autosaved to your cloud account for easy access from any account) for all their documents, which means most people who haven't bothered to fiddle around with the settings are likely going to have all their documents leaked online. That's tragic.

There are definitely going to be confidential documents in those ones, I can imagine a lot of careless businessmen not understanding how word sync/onedrive works, and there are definitely people with passwords in those documents, which will 100 percent lead to hacks and exploits.

[Artemis3]

Microsoft Office 365: 1.2 billion as claimed by o_e_l_e_o, also Microsoft Office 365 went down yesterday[1][2][3]

yeah man lets hope it is just microsoft office 365 who got hacked because Iam using libre in linux  
very likely it is not crypto related since the number is a way too big compared to our community

Yes, i have also been using Libreoffice for years, but this is a fundamental problem with all "subscription based" services, they are centralized. I think the next scandals might come from streaming services. Gaming networks have already been compromised (ie. Sony's). And is the very reason KYC is so dangerous. Data identity theft is only increasing and the more we are forced to trust our credentials to third parties, the more we give to those who steal it.

This is the fundamental problem with government "controls", the almighty police state is also the very source of the problem. And so are the corporations that do the same "in the name of security", end causing the opposite.

Years ago i couldn't believe people actually accepted the idea of "software subscription", and here we are, looking how this mess unfolds.

Worst thing is, this won't the last one.

[shield132]

Can't understand one thing, if it was data breach, company had to say that during 72 hour and if they are in silence, idk, such thing happens? It's serious breach.
On another hand is it the breach of Alipay? Cause there was news about that and Alipay has 1.2 billion user, you can see article there: http://www.xinhuanet.com/english/2019-10/01/c_138440413.htm
Idk trustworthiness of website but I think in case it's true, is very close to reality.
But it's sad they don't care about our security, they make AIs in order to process all of our data as soon as possible and use for marketing purposes.

[IwantMoonBefore2020]

I am sure it's nothing related to bitcoin or cryptos at all! We have not yet reached billions yet! So it's highly unlikely that crypto community will be affected by this breach! It's probably from the organizations like Facebook, whatsapp, google, Instagram etc. Or probably from some giant international banks with trillion dollar valued transactions everyday (you know what I mean)!

Microsoft bought Hotmail in 2012 and restricted peoples acces to ther proper account , microsoft Employee asked me to let them acces my computer for prove them i was owner of my proper email adresse ? This is from long times ago already, i told them no and created other email adresse, when i get it back 2 months ago chinese was on my email adresse and deleted everything from my pass.

[IwantMoonBefore2020]

It’s quite alarming and concerning that massive data breaches like these are just a common occurrence now. I mean, how could a large company possibly lose such massive data like that? It’s not like they’re hiring security analysts and other staff for nothing yet getting top dollar on the payroll.

Well, it's mostly a cat and mouse game. White hat hackers and security analysts improve help improve the security of the overall system, while at the same time the black hat hackers improve their skills by looking for vulnerabilities. Data breaches are pretty much inevitable. The best and most secure systems just fend of hackers a lot longer than not-so-secure systems.

The best for protecting data is like resolving double spending for bitcoin, we need to be able to have network for protecting data, senders and receivers and we fine and make encryption of the data only readable with the key inside chest and protect it.
No one can do nothing like satoshi computer encrypted by truecrypt and no one can do nothing, probably need 1000years for decrypt it.   

[Wintersoldier]

The best for protecting data is like resolving double spending for bitcoin

It was already fixed and Bitcoin is not allowing double-spending today, because if yes then no one will utilize bitcoin as its system is faulty. So, you can freely use Bitcoin without worrying about spending double or take advantage of the double spending blockchain issue before.

we need to be able to have network for protecting data, senders and receivers and we fine and make encryption of the data only readable with the key inside chest and protect it.

What about the context of having a hardware wallet? "Not your keys not your bitcoin" right? In this case you have your keys and keep it somewhere safe, in vault in example. So you need not to worry about your funds getting stolen.

[mk4]

There was also a data breach of 1.19 billion confidential medical images in the last few days, including names, addresses, dates of birth, and social security numbers, as well as obviously the imaging in question, but apparently this is a separate breach and the numbers are just a coincidence.

Probably not. The same dude tweeted this:

Can't understand one thing, if it was data breach, company had to say that during 72 hour and if they are in silence, idk, such thing happens? It's serious breach.

I don't think it hasn't been 72 hours yet. The dude made a new tweet. I assume the new postponed release date is the 72-hour limit.

[coin-investor]

There was also a data breach of 1.19 billion confidential medical images in the last few days, including names, addresses, dates of birth, and social security numbers, as well as obviously the imaging in question, but apparently this is a separate breach and the numbers are just a coincidence.

Probably not. The same dude tweeted this:

Can't understand one thing, if it was data breach, company had to say that during 72 hour and if they are in silence, idk, such thing happens? It's serious breach.

I don't think it hasn't been 72 hours yet. The dude made a new tweet. I assume the new postponed release date is the 72-hour limit.

It's like an emergency button for us I hope it's not gmail I am looking on all my files and checking everything I am not into microsoft because I know how weak their security system is, and I'm very limited on all my social accounts, we may have to wait for this big announcement and see if there are casualties, I may rethink my options on keeping my files if I found what it is.

[o_e_l_e_o]

So apparently the breach is data from various data breach processing firms, which someone has probably bought and then left on an unsecured server. Apparently no sensitive information (passwords, credit card numbers, etc), but profiles on hundreds of millions of users including names, addresses, phone numbers, email, social media pages, employment histories, and more.

So probably no wallets being compromised as a direct result of this breach, but plenty of identity stealing or social engineering potential.

[Murat]

Sometimes this analysis makes me more afraid of our virtual life, day by day we are getting faced a lot of bad experience regarding hacking or insecurity for our social and virtual life, In recent time, I've faced a huge destruction on my Crypto career, It's a huge lose, it's big amount hacked by someone, it's really an alarming news for us, it's sad but true that some people are working hard for creating something special and on the other hand, some are working behind the scene who is trying to steal money and information from another people, this is just the lack of moral and proper education, it's real problem in this virtual world.

[Lucius]

https://twitter.com/vinnytroia/status/1197849029553655814
https://www.wired.com/story/billion-records-exposed-online/

Wait is over, now we know that this "data breach" is about Facebook, Twitter, and LinkedIn profiles. But if you read comments under this tweet, some say that this is not data breach in the true sense of the word, but "This is a collection of scraped, public information"

I don't think this will hurt anyone in particular, this is just a large amount of publicly available data collected in one place.

[o_e_l_e_o]

I don't think this will hurt anyone in particular

It definitely could, as I said above. Name, address and date of birth is enough in many countries to apply for a credit card, loan, or other forms of credit in someone else's name. It's enough to redirect your email, and then start stealing tax information and social security numbers. The combination of your phone number plus all your social media profiles makes SIM jacking potentially very easy, depending on how much data you have shared on your social media profiles. Once they've redirected your SMS messages, they can reset email passwords and then reset pretty much any password you have.

[mk4]

https://i.imgur.com/ntQlcft.jpg
https://twitter.com/vinnytroia/status/1197849029553655814
https://www.wired.com/story/billion-records-exposed-online/

Wait is over, now we know that this "data breach" is about Facebook, Twitter, and LinkedIn profiles. But if you read comments under this tweet, some say that this is not data breach in the true sense of the word, but "This is a collection of scraped, public information"

I don't think this will hurt anyone in particular, this is just a large amount of publicly available data collected in one place.

Yea. Still quite disastrous if you ask me, but it's definitely misleading by the Twitter dude. He sort of gave the impression that a single company actually got hacked. Instead, it's just some scraped accounts from people with little to no security awareness whatsoever. While it ended up being heavily uninteresting and anticlimactic, hey, look at the bright side! at least there's not that much damage than we expected!

[Lucius]

It definitely could, as I said above. Name, address and date of birth is enough in many countries to apply for a credit card, loan, or other forms of credit in someone else's name. 

It is very easy to find all this information without any such security breaches, it is mostly public information. That is why it is important to protect your personal information, although this is not easy at present time when everyone really knows everything, everything is online and it just takes a little effort if you want to compromise someone. I am aware of how easy it is to abuse someone else's data, but much of the blame lies with those who do not require greater security checks before granting a loan, or replacing a SIM card.

I replace my old SIM in less than 1 minute, without any ID or any question. It's amazing how easy it is to do something like that.

[IwantMoonBefore2020]

The best for protecting data is like resolving double spending for bitcoin

It was already fixed and Bitcoin is not allowing double-spending today, because if yes then no one will utilize bitcoin as its system is faulty. So, you can freely use Bitcoin without worrying about spending double or take advantage of the double spending blockchain issue before.

we need to be able to have network for protecting data, senders and receivers and we fine and make encryption of the data only readable with the key inside chest and protect it.

What about the context of having a hardware wallet? "Not your keys not your bitcoin" right? In this case you have your keys and keep it somewhere safe, in vault in example. So you need not to worry about your funds getting stolen.

I know everything,what i said was for data.

[auntyjmary]

The situation now is really alarming and it calls for a global   commitment and not just governments alone to find an amicable or long lasting solution to the high number of data breach. The use of the internet have also exposed everyone to this invasion of privacy and identity theft.

[meanwords]

I am sure it's nothing related to bitcoin or cryptos at all! We have not yet reached billions yet! So it's highly unlikely that crypto community will be affected by this breach! It's probably from the organizations like Facebook, whatsapp, google, Instagram etc. Or probably from some giant international banks with trillion dollar valued transactions everyday (you know what I mean)!

That's what I thought too. I doubt the cryptocurrency community would be affected by this. If one of those companies mentioned are really exposed, I'll be making some serious profit out of this because it is like a free news. Now that the news is out, invest in their stocks when it is at the lowest. You'll see some gains in a few months. This is a big news for everybody that's why they delayed it.

[seoincorporation]

...

I don't think this will hurt anyone in particular, this is just a large amount of publicly available data collected in one place.

I do not agree with you, 1.2 billion is a big number, maybe it will not hurt all of us, but at least some of us will get their data exposed, and for sure some marketing business are already working with that leaked data.
If the news already hit 'weird.com' it's because is something big.

[Velkro]

This is becoming too common thesedays. I guess the companies don't get harsh fine or jail term as punishment for not properly securing  people's private data. otherwise they will be very careful collecting the private data atall or storing them without strong security.

This is huge problem today.
On top of this HUGE leak, there could be more hacks because of that huge hack.
This is really dangerous and will only get worse in time.

[Sadlife]

Im still waiting for someone to post the updates and what company did the data breach happened was it really microsoft?
Even though its not related to bitcoin/crypto it might still indirectly affect the crypto market cause chances are there are some of them that is a crypto investor. I hope this is not the reason why the turn bearish.

[Eugenar]

Im still waiting for someone to post the updates and what company did the data breach happened was it really microsoft?
Even though its not related to bitcoin/crypto it might still indirectly affect the crypto market cause chances are there are some of them that is a crypto investor. I hope this is not the reason why the turn bearish.

There are many factors that determines the market condition, this might not be directly the cause of the declining market but also contributes to the factors that can be considered. Investors with their data breached would be demotivated to invest in the market since their reputation to the system will be lessen. Though the breached is not directly affects the crypto, it impacts the trust of the people to the technology in a holistic manner.

[pooya87]

So apparently the breach is data from various data breach processing firms, which someone has probably bought and then left on an unsecured server. Apparently no sensitive information (passwords, credit card numbers, etc), but profiles on hundreds of millions of users including names, addresses, phone numbers, email, social media pages, employment histories, and more.

So probably no wallets being compromised as a direct result of this breach, but plenty of identity stealing or social engineering potential.

that information could technically be used elsewhere to do harm.
for example to this day i still don't know how my Yahoo mail with a ridiculously strong password was hacked and the only possibility remaining is social engineering that fooled their system into resetting the password and letting the hacker access the mail. that requires this kind of data breaches to succeed.
that could end up in wallet compromises too. for instance i had a blockchain.info wallet with that email that even had the backup inside of it. i could lose money if i had any balance in that wallet!