Summary

The article discusses the risks of cybercrime associated with sharing personal information for loyalty programs, emphasizing the importance of unique passwords and data minimization to protect against data breaches.

Abstract

The article "How Free Pizza Can Expose People (Just Like You) to Real Cybercrime" highlights the dangers of data breaches and the subsequent risks of identity theft, financial loss, and reputational damage. It underscores that while loyalty programs offering free incentives may seem harmless, they often require personal information that, if leaked, can be exploited by hackers. The piece stresses the widespread nature of data breaches, citing over 1,800 incidents in the US in 2021, and the vulnerability of password reuse across multiple accounts. It introduces the concept of combo lists, where hackers aggregate stolen data to commit fraud. The article also mentions high-profile breaches, including Zoom and MGM Resorts, to illustrate that even large companies are not immune to such threats. The author recommends using password managers to create and store strong, unique passwords for each account and advocates for minimal data disclosure to reduce the risk of cybercrime.

Opinions

The author suggests that the convenience of loyalty programs is not worth the potential cybersecurity risks.
Password reuse is criticized as a significant security flaw, with hackers exploiting this common practice.
The creation and use of combo lists by hackers are seen as a sophisticated method to compile comprehensive personal profiles for fraudulent activities.
The article implies that data breaches are inevitable, and thus, individuals must take proactive steps to mitigate their impact.
Using password managers is highly recommended as a practical solution to manage numerous complex passwords.
The author advises readers to be cautious about the personal information they share, even suggesting providing false information for non-essential sign-ups.
Despite the risks, the author does not advocate for abstaining from offers like free pizza but rather for being more vigilant and responsible with personal data.

How Free Pizza Can Expose People (Just Like You) to Real Cybercrime

And how to protect yourself

Cybercrime lurks in unexpected places.

“Two supreme pizzas with no anchovies, please.” A guy called Tony took our order. He had dark hair and friendly eyes.

“Excellent choice. Would you like to join our loyalty program? You get a free premium pizza and glass of wine on your birthday. Just sign-up on our app.”

I’m totally on board with free pizza, but not when it comes with a side of cyber vulnerability.

I used to join all the loyalty programs without hesitating, but a cyber security professional got me thinking differently.

He told me, “Every time you give away your personal details, you increase your chance of being hacked. People don’t understand how much they can lose.”

Cybercrime can be truly debilitating.

You can lose money, be liable for debt that’s not yours, lose access to critical accounts, lose irreplaceable data, and suffer reputational damage. Then there’s the intense stress and worry.

None of us can afford that.

There’s good news, though. If we understand the risks, we can protect ourselves.

294 million people affected in one year

Free pizza doesn’t put you at risk; data breaches do.

Let’s say I took Tony up on his generous pizza offer and signed up for the loyalty program. I have to jump on the app and set up an account with my email, date of birth, name, and password — easy.

The trouble starts when the pizza restaurant’s data is deliberately stolen or accidentally leaked. Those in cyber security circles call this a data breach.

Data breaches happen all the time.

According to the Identity Theft Resource Center’s 2021 Data Breach Report, there were 1,862 data breaches publicly reported in the United States in 2021, affecting about 294 million people. That’s only in the US and only includes known and reported breaches.

There’s a good chance you’ll be affected by a data breach. You most likely have already.

From pizza to hacked PayPal

So what if your pizza account details are stolen; why does it matter? You only entered a small amount of information anyway.

The first risk comes from our love of recycling passwords.

In 2019, a Google & Harris Poll survey found 52% of people reuse passwords across multiple sites.

Hackers can easily check stolen usernames and passwords against hundreds or even thousands of other websites.

If you’re a serial password recycler, this means your data thief may gain access to other accounts and services you care about like PayPal, eBay, Twitter, amazon, and bank accounts.

Password reuse is every cyber criminal’s first true love.

Are you in a combo list?

As well as password predators, hackers are enthusiastic data collectors.

They like to grow stolen and leaked data sets by linking them together to create combo lists.

Warning: for non-tech folk, the following short paragraph gets a tad dry. Please stick with me, though; you need to be cyber safe too.

Combo lists are massive datasets where stolen data is joined up. A combo list might have your email and full name from one website, your residential address from another website, and your date of birth and credit card details from a third website.

In pizza terms, a combo list is where hackers collect ingredients anywhere they can find them and combine the ingredients to make a pizza with the lot.

Once our data thieves have enough information, they can use it to verify your identity with an important institution, like a bank. This is where we move from inconvenient petty theft to major identify fraud.

As the collection of stolen personal data grows, so do opportunities for theft, fraud, and exploitation.

Have you Zoom-ed since Covid? They got breached

In 2020, 500,000 Zoom accounts were found for sale on the dark web and hacker forums. It cost less than a penny for an account.

It’s reasonable for us to think our data is secure with big, reputable companies.

But it’s not the case.

Other big names on the hit list in 2020 include Wallgreens Chemist, MGM Resorts, Estee Lauder, and San Francisco International Airport.

Troy Hunt, Pluralsight Information Security Author & Instructor, and Microsoft Regional Director, often says the way to operate online is to assume your data will be leaked.

Unless we live like digital hermits, we can’t prevent it.

But we can directly influence how much data breaches impact us.

Your number one defense strategy

What’s one thing every cyber security professional worth their salt has in common?

They use a password manager.

Bucket loads of scams rely on password reuse. If we don’t reuse our passwords, these scams don’t work.

Password managers store your passwords securely and let you create strong and unique passwords for every account.

For those of us exclusively living in the Apple product ecosystem, Keychain is a good choice. It’s built by Apple and is part of the macOS.

Outside of the Apple world, LastPass and 1Password are popular choices.

Don’t mock your Nanna’s password notebook, either.

In a podcast interview with EasyPrey, Troy Hunt explained a physical book with passwords written down is much better than reusing passwords.

Cyberpunks won’t search your desk drawer for a password book.

And it’s likely people who break into your house want your TV and diamonds, not your PayPal account credentials.

Hold up! Won’t my password manager just be a target for hacking?

It’s true; password managers are targets for hacking.

But so’s your bank account and every government agency and business that holds your sensitive and financial information.

How many online accounts do you have? As of yesterday, I have 133.

The Australian Cyber Security Center says passwords should be unique and at least 14 characters long. Let’s say only 23 of my accounts are critical. I still can’t remember that many unique passwords. Could you?

Unlike our minds, password managers are purpose built to be secure and use strong encryption.

Troy Hunt puts it like this, “Password managers don’t have to be perfect, they just have to be better than not having one.”

Be a minimalist, and you’ll be safer

“What’s your date of birth and occupation?”

“Why do you need to know? You’re my hairdresser”.

Just because they ask doesn’t mean we have to answer.

Minimizing the data we offer up significantly reduces our cybercrime risk — there’s less for hackers to play with.

Unfortunately, the approach doesn’t work when we strike data collection barriers. To access the incredible 6-day email course we want to read, we must fill out our details. There’s a good option here — lie. Pretend you’re 20 years older or live in a different city.

There are circumstances where we have a legal or ethical obligation to divulge our personal details, and in those cases, providing accurate data is essential.

But most sites, sign-ups, and companies are data-hungry without good cause. We don’t always need to feed them.

Take the free pizza

Personal data is frequently lost, stolen, and sold, but it doesn’t mean we need to say no to free pizza.

It means we need to take responsibility for the personal data we disclose and our approach to passwords.

We have more influence on our cyber security than we think.

Want more like this? Subscribe and get Lisa’s stories delivered to your inbox.