The recent news about 30 million hacked Facebook accounts should not be a surprise to anyone given its recent history of other high-profile data breaches. Google appeared to be the rare exception amongst the big cloud giants as we didn’t hear much about their data breaches, until now. Google’s plan to shut down Google+ and the revelation that they too put users' personal data at risk have brought up many questions about the long-standing image of a company who has been in control of so much of our personal data. Which begs the question, are these situations avoidable?
No successful company would intentionally put your data at risk through a “hack” or “leak.” However, some of these companies actively harvest and sell portions of your data they consider “fair game” to those willing to pay. But what exactly is that data that is considered fair game? Remember those “free” services you’ve enjoyed? This is where data harvesting all begins. Woven into baffling verbiage, users often inadvertently agree to terms and conditions that give these companies approval to essentially sell their data to support those services we love so much. Sound familiar?
Google and Facebook are examples of giant corporations that make a ton of money off data. Their sky-high valuations are not only supported by their handsome profits, but also by the expectation that they will continue to increase their earnings. The bigger they get, the harder it is to grow their profits using only their previous business tactics. They have to constantly create innovative ways to generate revenue, which includes opening up more Application Programming Interfaces (APIs) to paying third parties for customized collection of your data. This is where the risk to your privacy all starts and is the root cause of the most recent breach with Google.
Breach of Trust
Even more disheartening is the way both Facebook and Google have handled their respective situations. Time and time again we see that these companies often try to cover up their issues by throttling news feeds and not disclosing security lapses. So much so, that even the US Federal Trade Commission and other agencies had to step in and investigate Facebook after it finally revealed Cambridge Analytica accessed the accounts of 87 million users without their consent.
As for Google, I am surprised by reports of elaborate cover-ups. For six months, the company knew about a bug that made personal data vulnerable. Yet, it did not share this information with upwards of 500,000 Google+ users who could have been compromised, nor did it make a public announcement. With most people getting their news from Google search, Google is in a great position to suppress bad news related to major security breaches. So much for their mantra of “Do no evil” they promised years ago.
The lesson we can all learn from these events is that when companies make their money by selling your data, they will anguish over the disclosure of breaches in the hope of quietly containing the situation. This breach of trust is truly concerning and without oversight these companies will continue to capture a staggering amount of data from users. As breaches become more common, we must not become desensitized or complacent. We need to remain vigilant in recognizing the dangers that can metastasize from our digital, connected lives into our offline lives.
Dr. Pantas Sutardja, CEO