Barcelona’s VTS Media left a database for its camgirl network unprotected for weeks, which exposed “months of logs for millions of people, including their usernames, IP addresses, viewing habits, private chats and even passwords from failed login attempts”.
The exposed and unencrypted data was discovered by Condition:Black, a cybersecurity and internet freedom firm. In addition to the substantial cache of user data revealed, some account workers’ data was also left unprotected, the database contained mostly users from Europe and was finally locked down at the end of October, but it is not known if any intruders accessed the data while it was unprotected.Camgirl sites exposed data for millions of users https://t.co/Se5z8CIvqS pic.twitter.com/bvbglsnmlp
— Engadget (@engadget) November 3, 2019
In addition to putting payment and address information at risk, the unprotected data puts millions of users and camgirls at a greater risk of blackmail since the leaked data contained sensitive sexual preferences. Since the company and its servers are located in Europe, they fall under the new GDPR data protection rules and are even classified under “special categories” and required to have additional protections due to their sexual nature. GDPR rules say that a company “can be fined up to 4% of their annual turnover for GDPR violations”.
A recent string of high-profile data leaks
Just this year alone, there have been data leaks from major companies such as Amazon, Square, British Airways, Ford, TD Bank, and others. Then last year, Marriott Hotels had a data breach that exposed sensitive personal data, including credit card information, for 500 million guests. The combination of all these leaks puts user data from hundreds of millions, if not billions, into the public sphere for other individuals to exploit to their own advantage.
While many of these companies employ insurance for hacks and individuals can often seek out rectification for losses, this still takes time, causes frustrations, and distributes the cost among all insurance payees. Then as more companies are collecting more and more data from users, creating a honeypot for potential hackers, more consumers are showing an increasing demand for privacy attributes.
Dash’s approach to data privacy on upcoming Dash Platform, transaction privacy today
Dash is working towards a way to facilitate fast and inexpensive transactions like it currently does with automatic InstantSend, but also enable the transferring of more sensitive and advanced data without having masternodes on the Dash network knowing the data it is handling. Dash is exploring the possibility of using zero-knowledge proofs to accomplish this, as Dr. Tapp, Arizona State Blockchain Labs researcher has explained.
However, even right now, Dash does not “store” any more payment information than any other blockchain, which makes it an advantageous choice over credit/debit cards that can remain in companies’ databases for years after a single purchase and thus increase the risk a user’s financial security being compromised. Plus, Dash further helps its users attain privacy by offering the optional PrivateSend feature to further obscure their transaction data and history from anyone looking at the public blockchain.
