internet gea339e5f4 1920

Lessons in the Wake of the Twitch Data Breach

Unprecedented – that seems to be the word of the decade. In the past five years alone, we’ve seen so many things change; big tech players have faded into the ether, the world has gone through a global pandemic and now, we’re dealing with an increase in data breaches and leaks that could affect all of us. Most recently the world saw Facebook and its services go offline and the massive Twitch.tv breach. While Facebook has said that the issue is simply an error in their network settings, we cannot deny that their credibility has been called into question in recent weeks.

One thing that worries us is the scale and the size of the companies being targeted by attackers now. We can’t deny the size of Facebook; in fact, we interact with one or more of its platforms or products on daily basis. However, when it comes to Twitch.tv, not many are aware that the platform is actually an Amazon property. Yep – you read that right – Amazon.

These companies are large players that we depend on for everything from shopping to keeping in contact with loved ones. As a matter of fact, Amazon powers a significant portion of the internet with its web services AWS.

Noticing this, we were wondering – How can we, as consumers and regular Janes and Joes, prepare and protect ourselves from data breaches?

Attackers & Malicious Actors Are Becoming More Brazen

It comes as no surprise that attackers and malicious actors are becoming more brazen with their attacks and demands. In the case of Twitch’s breach, a slew of hate-related events plaguing the platform spurred it. It was a retaliation against what the individual(s) saw as a lack of action on the platform’s part.

Managing Director at Trend Micro Malaysia, Goh Chee Hoh, notes that “The primary motive for the hacker is not to reveal user information or monetary, but to disrupt and encourage competition in the online video streaming space, where the earnings exposure of the top streamers on the platform becomes part of the collateral damage.”

numbers projected on face
Photo by Mati Mango on Pexels.com

It would seem like we are more at risk of becoming collateral damage as malicious actors continue to target larger corporations. In Twitch’s breach, vigilante justice saw the earnings of the platform’s top streamers became collateral damage. Mr Goh also highlights this in his statement, “It sounds like the perpetrator carried out the attack as a form of vigilantism, in their own perspective.”

So, how does this affect us? For one thing, we can expect even more daring attacks. Large companies like Google, Facebook and even Microsoft won’t be spared. There’s no denying that we interact with one, if not more, of these companies or their services on a daily basis. Some have more of our data than others. That’s where we’re at the most risk.

Companies Need to Learn from Twitch’s Breach

Before we can talk about how we can protect ourselves from breaches, we have to talk about how companies can better protect us, as their users. We already know that many of them have processes, protocols and software in place for protection but there’s always a chance that these measures aren’t enough. I mean, human error is something we can never plan for completely.

Checks and Balances are Key to Maintaining Cyber security

Candid Wuest, Vice President of Cyber Protection Research at Acronis, highlights this in his comment on the Twitch breach, Companies should learn that they need to verify and monitor configuration changes. With IT infrastructure becoming more and more complex the risk of errors raises as well.” Mr Wuest’s statement does seem to apply to the recent Facebook outage as well.

pexels soumil kumar 735911
Photo by Soumil Kumar from Pexels

However, his colleague, Topher Tebow, an analyst at Acronis, goes a step further and highlights the need for zero-trust environments in today’s climate. He advises that companies should have “proper monitoring in place to detect malicious activity on the network, including data being moved out of the network. Many companies assume that if an authorized user is moving data, that the behaviour is most likely acceptable, but if a user’s credentials were compromised or the account was hijacked in some other way, data flowing to an unusual source could allow a security team to detect and block an attack early on if proper monitoring is in place.”

Complement with Proper Cyber security Solutions

Of course, even with these measures, companies need to have a proper defence firewall. Mr Goh does advise that companies should “adopt a multi-layered defence approach, by having security controls at various entry points of the system, from emails, laptops, to servers and networks.” In the case of the Twitch breach, an added layer that integrates with their native cloud services would have provided an extra layer for malicious actors to deal with which could have prevented the breach.

security logo
Photo by Pixabay on Pexels.com

There really isn’t an excuse in this day and age for companies not to have these measures in place. Cyber security firms like Trend Micro and Acronis have been talking about a multilayered approach for years. It is even more crucial that companies take these measures as they embrace the cloud and work from anywhere. What’s more, digital-native companies should be the front line when it comes to the adoption of these measures.

What Can We do if Our Data is Compromised in a Breach?

The biggest pain point for us as consumers comes after the fact – when data breaches have already occurred. To be honest, we don’t really have control of what happens in the aftermath of a data breach. But, we can ensure that we minimise the potential damage that can occur in the wake of a breach.

Our First line of Defense: Change Them Passwords

In any data breach, the first thing we should do as users is to update our passwords. There are multiple ways to ensure you have a strong enough password to protect yourself. The first is to make sure you have a mix of characters, symbols and numbers. Doing this will make it harder for your password to be cracked.

On top of that, it goes without saying that longer passwords will take longer to crack. However, keep in mind that passwords that are too long have diminishing returns when it comes to remembering them. Another thing to remember is that dictionary words even with symbols replacing alphabets are less secure. While it is easy to remember, we’re in a world where AI has made it possible to understand and decode these even faster than ever.

registration g46ae744d9 1280
Image by Gerd Altmann from Pixabay

In addition, keep in mind that the more you use the same password, the less secure it is. In fact, you become more at risk in a data breach. Therefore, use multiple different passwords; preferably a unique one for each service you use. It goes without saying, don’t use your banking passwords for anything else.

Two-Factor Authentication is Your Friend

As we’re moving on in a digital world, more and more of our services are using two-factor authentication. These measures, while cumbersome, will ensure that access to your accounts is more secure. This is implemented in multiple ways across different platforms using email, SMS or an app.

Using two-factor authentication adds an additional layer to access your account. In most cases, it will notify you when your account is being accessed. This will allow you to react immediately. Many of these two-factor authentication steps allow you to immediately lock down your account and change your password.

Be Vigilant

We will need to be vigilant in the wake of a data breach even if we are not directly affected by it. Acronis’ Candid Wuest reminds us that “data stolen in data breaches is often reused in personalized phishing emails”. With this in mind, keep an eye out for fishy emails or even Nigerian princes. Sometimes information from breaches can allow malicious actors to socially engineer phishing attacks that can mimic emails that you will find urgent or pertinent.

eye g1c38e22bc 1280
Image by Msporch from Pixabay

If you had banking or payment information linked to a breached account, you may have to monitor your bills more closely. Your other option is to cancel or change the card in question to make sure that you are able to minimise damage.

It’s a Question of When Not If

The biggest lesson all of us, consumers and companies alike, can take away from the recent breach of Twitch is this; it’s no longer a question of if we will be breached but when we will. It’s an inevitable fact as we progress into a more digital world. As more of our information is placed in the cloud and with corporations, they are increasingly made available to malicious actors if not protected effectively.

The fallout from a data breach is not pretty. More so now when countries have legislation that protects the general public from their data being abused. For companies, the fallout can affect their bottom line as customers look for more secure options. In addition, with GDPR and similar legislation, they could be facing fines for not effectively protecting the collected data.

For regular users like you and me, we have the added headache of trying to make sure we minimise our exposure. Everything from changing our passwords to activating two-factor authentication to even calling the bank to cancel cards; are added inconveniences that could affect our choice in services moving forwards.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.