In the past decade, the number of digital breaches in user’s computers have increased significantly with many of the participants unaware that their email addresses or other personal information was compromised, says a recent study by the University of Michigan. On average, participants have had their data breached five times.
The U-M School of Information performed the study that consisted of 413 people to reveal various breaches made against them. International Teams from U-M, George Washington University, and Karlsruhe Institute of Technology discovered that the participants were unaware of 74 percent of the breaches made against them.
“This is concerning. If people don’t know that their information was exposed in a breach, they cannot protect themselves properly against a breach’s implications, e.g., an increased risk of identity theft,” says Yixin Zou, U-M doctoral candidate.
The teams also found that most of the compromises weren’t due to external problems, but the participants themselves. Most of them were found to be using the same and similar or even broad passwords across a wide range of websites, nevertheless some of the websites even being “sketchy” or not trustworthy.
“While there’s some responsibility on consumers to be careful about who they share their personal information with, the fault for breaches almost always lies with insufficient security practices by the affected company, not by the victims of the breach,” says Adam Aviv, associate professor of computer science at George Washington University.
The database “Have I Been Pwned” recorded around 500 online breaches and 10 million compromised accounts throughout the past decade. Though, a list reported by the California-based Identity Resource Center says that it is higher, warning that there have been 1,108 breaches in the United States in 2020 alone.
In previous studies, research relied on reported breaches or compromises from past cases. In the study by U-M, the data was compiled through the list of breaches reported by the data base, even ones that were unnoticed. The group composed the study from 792 responses from various participants and 66 different exposed information types. From a total of 431 participants, 73 percent of them were exposed to at least one breach, the highest one being 20.
Most of the data that was compromised was compiled of email information, birth dates, IP, and street addresses, usernames, and even passwords. After the study, the participants were warned of the various breaches that have been made. In effort to resolve the problems, participants changed their passwords but only to about 50 percent of the websites they were using them for.
The potential of these risks ranges from credential stuffing to identity theft and fraud. Culprits of these computers breaches who gain access to specific informational data can then use it to gain access to other forms of the victim’s personal data.
“It could be that some of the breached services were considered ‘not important’ because the breached account did not contain sensitive information. However, low concern about a breach may also be explained by people not fully considering or being aware of how leaked personal information could potentially be misused and harm them,” says Peter Mayer, postdoctoral researcher at Karlsruhe Institute of Technology.