If you're a name with brand recognition, and active in a space that allows effective monitoring and/or eavesdropping on the communications of a large number of people then you can consider yourselves either already hacked or a target of various intelligence services. Also beware of employees that are overly eager to have more access than they should have the 'plant' is a very effective way to gain access to data (support: en detail, ops: en gros).
Companies routinely wipe hacks and data leaks under the carpet in the hope that nobody will notice, with the GDPR active they really should stop doing this but it still happens with great regularity.
Yup. They often claim you’re “malicious” to cover their incompetent butts. This is why reporting should be:
- end-to-end encrypted with a brand new, limited-time GPG key
- use a disposable email service
- make up an alias
- send from public WiFi at a coffeeshop some distance away that doesn’t have corporate CCTV
- Don’t bother with Tor or a VPN because it advertises “suspicious behavior” across network hops that
maybe/are monitored/logged
If you volunteer information about your identity, it can be easily misused to attack you in a myriad of legal, professional, social media and other dirty-tricks ways.
Have mentioned it before. Watch any recent videos of Yuval Noah Harari and he almost always talks about the concept of 'The Hackable Human'. Forget about what data they have. Soon they will know more about you than you do. It has far reaching effect but let's hope humans find a way to keep outsmarting technology.
If you work for a useful target yes they probably have hacked you. They've certainly hacked google in the past for example - see below. These agencies are lawless and motivated. I imagine knowing where targets stay/travel in advance could be very useful.
Even if you truly have "nothing" to hide, how much do you trust these companies in securing the information from you they harvest? It's not necessarily the companies i'm worried about. It's the people that hack those companies i'm worried about. Once the hackers obtain that information, they can clone you and do all kinds of nasty fraud in your name. They can literally ruin your life.
EDIT: By clone I mean virtual clone of course, not Arnold Schwarzenegger "The 6th Day" clones
The critical aspect about this is, "What can I do about it?"
For most hacks, the answer is, more or less, "Nothing." For a social engineering hack like this, you can be aware and avoid falling victim to this.
For me, reading this article, that's the meat of it -- I am trying to figure out how vulnerable I specifically am to this, and what I need to do to stay safe (and what I need to recommend to my family and friends). Sometimes it's "hope the organizations that have your data are secure", but this time it's the same advice I usually give, "Don't ever tell anyone anything, and NEVER give out passwords to anyone."
It's also possible that Panera would prosecute you for hacking their systems, if they were able to identify you. Better to be safe and disclose anonomyously.
I wouldn't say so necessarily, since there have been attacks that reveal who's who. It can lull you into a false sense of security and you could be caught in the future. They are relatively immature tech and I would wait a while until trusting them for privacy critical actions.
It can also be upsetting to have your accounts hacked and your contact list used to find targets to socially engineer for money by impersonating you. It’s a jungle out there.
Companies routinely wipe hacks and data leaks under the carpet in the hope that nobody will notice, with the GDPR active they really should stop doing this but it still happens with great regularity.
reply